Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Multiple Infections on son's Vista laptop

Started by DVCnerfherder , Apr 25 2011 05:52 PM

Please log in to reply

#1
DVCnerfherder

Posted 25 April 2011 - 05:52 PM

Member

Member
58 posts

My son has just returned home from university with multiple infections. On his laptop, that is.

In the few hours I've had the laptop up, I've seen signs of:

Dropper.Small.MSW
Generic21.BSRW
FakeAV.LOL
Win32/Patched.CJ (file atapi.sys)

He also tells me he was seeing pop-ups for Vista Home Security 2011, but I've not seen that. I was also getting Google browser redirects (clicking on the link for malwarebytes took me to STOPzilla.com)

I've attached the output from OTL.scr as running OTL.exe crashed the laptop.

TIA.

OTL logfile created on: 25/04/2011 7:39:15 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.33 Gb Total Space | 84.76 Gb Free Space | 56.76% Space Free | Partition Type: NTFS
Drive D: | 139.96 Gb Total Space | 38.92 Gb Free Space | 27.81% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 19:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
PRC - [2011/03/18 21:35:58 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/03/18 21:35:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/01/10 19:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/24 21:48:48 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 13:35:20 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:25:29 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:24:41 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/01/10 20:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/02 22:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/12/29 00:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/25 20:45:26 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/12/14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/12/08 04:24:00 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2006/12/01 01:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (SafeList) ==========

MOD - [2011/04/25 19:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
MOD - [2010/07/15 09:25:29 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2006/12/29 00:07:22 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/03/18 21:35:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/28 03:08:53 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2010/12/17 10:49:38 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/15 09:25:31 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:24:43 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:51:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/02/13 04:07:28 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atapi.sys -- (atapi)
DRV - [2007/01/23 19:25:36 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/08 16:16:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/26 21:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 02:24:02 | 000,062,464 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/05 22:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/10/25 02:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 02:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 02:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/18 03:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.ca/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/28 21:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 21:50:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/11 17:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/11 17:16:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 20:39:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 20:39:02 | 000,000,000 | ---D | M]

[2008/09/08 22:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2011/03/31 15:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions
[2011/03/27 20:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 02:24:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/25 17:19:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/25 20:39:09 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/16 23:01:23 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\vshare@toolbar
[2010/08/16 23:02:17 | 000,001,592 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\searchplugins\web-search.xml
[2011/04/08 17:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/24 21:50:43 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/02/11 17:16:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/11 17:16:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [handlerfix70700en00.exe] File not found
O4 - HKCU..\Run: [satdll70snn.exe] C:\Users\Dan\AppData\Roaming\7348E1CA2043C80A71B7CCA73AD576B6\satdll70snn.exe ()
O4 - HKCU..\Run: [Search Protection] File not found
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [syncdbload70700.exe] File not found
O4 - HKCU..\Run: [ulprcayb] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{489a5d30-c4d1-11df-9972-0016d4c70422}\Shell - "" = AutoRun
O33 - MountPoints2\{489a5d30-c4d1-11df-9972-0016d4c70422}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 19:38:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/25 16:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 16:19:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/25 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/25 16:18:31 | 000,000,000 | ---D | C] -- C:\Antivirus
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/01/21 22:26:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/25 19:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:35:50 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/04/25 19:35:29 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/25 19:35:23 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 19:35:23 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 19:35:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/25 19:35:00 | 2145,550,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 19:29:44 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/25 19:29:44 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 19:10:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/25 17:15:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/25 17:07:04 | 075,105,510 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/04/25 16:19:15 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 16:18:01 | 000,134,144 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 17:33:40 | 000,009,554 | -HS- | M] () -- C:\Users\Dan\AppData\Local\jcl665ep0rnlp562hps
[2011/04/08 17:33:40 | 000,009,554 | -HS- | M] () -- C:\ProgramData\jcl665ep0rnlp562hps
[2011/04/02 17:32:16 | 000,239,213 | -HS- | M] () -- C:\Users\Dan\AppData\Local\wqk.exe
[2011/04/02 17:32:14 | 000,239,213 | -HS- | M] () -- C:\Users\Dan\AppData\Local\vwj.exe
[2011/03/29 23:45:32 | 000,002,609 | ---- | M] () -- C:\Users\Dan\Desktop\Microsoft Office Word 2003.lnk
[2011/03/26 22:36:30 | 000,000,466 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dan.job
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 19:00:04 | 2145,550,336 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/25 16:19:15 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 17:33:12 | 000,009,554 | -HS- | C] () -- C:\Users\Dan\AppData\Local\jcl665ep0rnlp562hps
[2011/04/02 17:33:12 | 000,009,554 | -HS- | C] () -- C:\ProgramData\jcl665ep0rnlp562hps
[2011/04/02 17:32:16 | 000,239,213 | -HS- | C] () -- C:\Users\Dan\AppData\Local\wqk.exe
[2011/04/02 17:32:14 | 000,239,213 | -HS- | C] () -- C:\Users\Dan\AppData\Local\vwj.exe
[2010/01/14 04:05:56 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/12/24 12:07:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/24 11:40:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/02 13:09:09 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini
[2009/02/20 14:59:50 | 000,004,885 | ---- | C] () -- C:\ProgramData\nmpmeswb.lkq
[2009/01/13 16:05:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/01/13 16:05:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2008/05/17 22:36:02 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2008/02/13 04:07:28 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2007/12/11 16:55:17 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2007/08/25 16:44:05 | 000,148,995 | ---- | C] () -- C:\Windows\hpoins19.dat
[2007/08/15 00:27:33 | 000,134,144 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/04 17:23:42 | 000,055,857 | ---- | C] () -- C:\Windows\War3Unin.dat
[2007/08/04 17:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/07/31 20:52:38 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat
[2007/07/31 20:44:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/06/27 06:49:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/27 06:45:53 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/03/19 18:21:50 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/19 16:54:13 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/03/13 16:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2007/01/21 22:42:17 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/01/21 22:32:05 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/01/21 22:32:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/21 22:31:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/01/21 22:29:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/01/21 22:26:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/01/21 22:21:22 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/21 22:19:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/01/21 20:45:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/21 20:45:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/01/21 20:45:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/01/21 20:45:27 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/01/21 20:45:05 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007/01/02 22:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/02 22:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/02 22:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/02 22:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/02 22:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/02 22:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/02 22:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 19:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 09:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,349,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,626,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/03/30 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\7348E1CA2043C80A71B7CCA73AD576B6
[2008/10/30 14:52:45 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Image Zone Express
[2007/06/27 06:56:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Leadertech
[2010/03/24 12:37:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LimeWire
[2008/09/08 15:22:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Printer Info Cache
[2011/04/25 19:10:40 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 28 April 2011 - 11:10 AM

Malware Expert

Expert
24,735 posts

Download but don't install the free Avast!

http://www.avast.com...ivirus-download

Uninstall:

Conduit Engine
TorrentMan
Yahoo Toolbar
Also I see traces of Norton/Symantec so download and run the norton uninstall utility:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Also uninstall
AVG 9
then download save and run the AVG removal tool
http://download.avg....6_2011_1184.exe
We need to run Combofix and it won't run with AVG and AVG 9 is obsolete anyway.

Install the free Avast! => Right click and Run As Administrator.

Once it installs:
Click on the Avast ball. Then click on Additional Protection, AutoSandBox, Settings, uncheck Enable AutoSandbox, OK

Copy the text in the code box by highlighting and Ctrl + c


:Services
eeCtrl

:OTL
DRV - [2010/12/17 10:49:38 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [handlerfix70700en00.exe] File not found
O4 - HKCU..\Run: [satdll70snn.exe] C:\Users\Dan\AppData\Roaming\7348E1CA2043C80A71B7CCA73AD576B6\satdll70snn.exe ()
O4 - HKCU..\Run: [Search Protection] File not found
O4 - HKCU..\Run: [syncdbload70700.exe] File not found
O4 - HKCU..\Run: [ulprcayb] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O33 - MountPoints2\{489a5d30-c4d1-11df-9972-0016d4c70422}\Shell - "" = AutoRun
O33 - MountPoints2\{489a5d30-c4d1-11df-9972-0016d4c70422}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011/04/08 17:33:40 | 000,009,554 | -HS- | M] () -- C:\Users\Dan\AppData\Local\jcl665ep0rnlp562hps
[2011/04/08 17:33:40 | 000,009,554 | -HS- | M] () -- C:\ProgramData\jcl665ep0rnlp562hps
[2011/04/02 17:32:16 | 000,239,213 | -HS- | M] () -- C:\Users\Dan\AppData\Local\wqk.exe
[2011/04/02 17:32:14 | 000,239,213 | -HS- | M] () -- C:\Users\Dan\AppData\Local\vwj.exe
[2011/03/26 22:36:30 | 000,000,466 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dan.job
[2009/02/20 14:59:50 | 000,004,885 | ---- | C] () -- C:\ProgramData\nmpmeswb.lkq

:Files
C:\Users\Dan\AppData\Roaming\7348E1CA2043C80A71B7CCA73AD576B6

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL => Right click and Run As Administrator and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again => Right click and Run As Administrator and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Please download Malwarebytes' Anti-Malware

Open mbam-setup.exe => Right click and Run As Administrator to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. Right click on the Avast ball and select Avast! Shields Control, Disable until Computer is restarted.

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administratorto start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Ron

#3
DVCnerfherder

Posted 30 April 2011 - 07:23 AM

Member

Topic Starter
Member
58 posts

Ron,

Wow! I haven't had a homework assignment this extensive in years.

I did hit one glitch. When I tried to run Combofix the laptop crashed a couple of times with the same BSoD error code. I was able to get both TDSSKiller and MBRCheck to run and then was able to successfully run Combofix afterwards. I hope I didn't mess things up by not running them in the order prescribed.

Anyway, here are the logs:

1) From the First OTL run

All processes killed

========== SERVICES/DRIVERS ==========

Error: No service named eeCtrl was found to stop!

Service\Driver key eeCtrl not found.

========== OTL ==========

Error: No service named eeCtrl was found to stop!

Service\Driver key eeCtrl not found.

File C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\handlerfix70700en00.exe deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\satdll70snn.exe deleted successfully.

C:\Users\Dan\AppData\Roaming\7348E1CA2043C80A71B7CCA73AD576B6\satdll70snn.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\syncdbload70700.exe deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ulprcayb deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\Windows\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{489a5d30-c4d1-11df-9972-0016d4c70422}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{489a5d30-c4d1-11df-9972-0016d4c70422}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{489a5d30-c4d1-11df-9972-0016d4c70422}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{489a5d30-c4d1-11df-9972-0016d4c70422}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\LaunchU3.exe -a not found.

C:\Users\Dan\AppData\Local\jcl665ep0rnlp562hps moved successfully.

C:\ProgramData\jcl665ep0rnlp562hps moved successfully.

C:\Users\Dan\AppData\Local\wqk.exe moved successfully.

C:\Users\Dan\AppData\Local\vwj.exe moved successfully.

C:\Windows\Tasks\Norton Security Scan for Dan.job moved successfully.

C:\ProgramData\nmpmeswb.lkq moved successfully.

========== FILES ==========

C:\Users\Dan\AppData\Roaming\7348E1CA2043C80A71B7CCA73AD576B6 folder moved successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Dan

->Temp folder emptied: 3723585240 bytes

->Temporary Internet Files folder emptied: 74200109 bytes

->Java cache emptied: 265532 bytes

->FireFox cache emptied: 61612580 bytes

->Google Chrome cache emptied: 348651906 bytes

->Flash cache emptied: 3121246 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 2870 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: MD

->Temp folder emptied: 76150 bytes

->Temporary Internet Files folder emptied: 1535424 bytes

->Java cache emptied: 13690439 bytes

->FireFox cache emptied: 6822897 bytes

->Flash cache emptied: 405 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 79546068 bytes

RecycleBin emptied: 5032925645 bytes

Total Files Cleaned = 8,913.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04292011_204119

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

2) From the 2nd OTL run:

OTL logfile created on: 29/04/2011 8:59:14 PM - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.33 Gb Total Space | 88.19 Gb Free Space | 59.05% Space Free | Partition Type: NTFS

Drive D: | 139.96 Gb Total Space | 43.36 Gb Free Space | 30.98% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/01/10 19:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe

PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007/06/28 03:08:54 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/01/10 20:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007/01/02 22:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2006/12/29 00:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2006/12/25 20:45:26 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2006/12/14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2006/12/08 04:24:00 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2006/12/01 01:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (SafeList) ==========

MOD - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll

MOD - [2006/12/29 00:07:22 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll

MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)

SRV - [2007/06/28 03:08:53 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2008/02/13 04:07:28 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atapi.sys -- (atapi)

DRV - [2007/01/23 19:25:36 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/01/08 16:16:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/12/26 21:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006/11/21 02:24:02 | 000,062,464 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006/11/05 22:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006/10/25 02:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2006/10/25 02:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006/10/25 02:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2006/10/18 03:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)

DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Web Search..."

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.ca/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/28 21:34:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/11 17:16:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/11 17:16:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/29 20:35:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 20:39:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 20:39:02 | 000,000,000 | ---D | M]

[2008/09/08 22:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions

[2011/03/31 15:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions

[2011/03/27 20:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/07 02:24:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/03/25 17:19:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/03/25 20:39:09 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/08/16 23:01:23 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\vshare@toolbar

[2010/08/16 23:02:17 | 000,001,592 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\searchplugins\web-search.xml

[2011/04/08 17:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX

[2011/02/11 17:16:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO

[2011/02/11 17:16:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

O1 HOSTS File: ([2011/04/29 20:41:55 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - No CLSID value found.

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Adobe Photo Downloader] File not found

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg

O24 - Desktop BackupWallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 20:41:19 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/04/29 20:36:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011/04/29 20:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/04/29 20:36:03 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011/04/29 20:36:00 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011/04/29 20:36:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011/04/29 20:36:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011/04/29 20:35:59 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011/04/29 20:35:11 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011/04/29 20:35:11 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2011/04/29 17:34:08 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe

[2011/04/29 17:34:07 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe

[2011/04/25 19:38:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com

[2011/04/25 19:38:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr

[2011/04/25 19:28:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

[2011/04/25 16:19:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/04/25 16:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/25 16:19:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/04/25 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/04/25 16:18:31 | 000,000,000 | ---D | C] -- C:\Antivirus

[2007/06/27 06:52:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2007/01/21 22:26:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 21:03:17 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/04/29 21:03:17 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/04/29 20:55:37 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2011/04/29 20:55:03 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/29 20:54:24 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/04/29 20:54:24 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/04/29 20:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/04/29 20:53:44 | 2145,550,336 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/29 20:52:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/04/29 20:41:55 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/04/29 20:36:04 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/04/29 20:35:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/04/29 20:35:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/29 18:18:12 | 000,932,400 | ---- | M] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe

[2011/04/29 09:06:08 | 056,189,640 | ---- | M] () -- C:\Users\Dan\Desktop\setup_av_free.exe

[2011/04/29 08:49:42 | 004,333,078 | ---- | M] () -- C:\Users\Dan\Desktop\george.exe

[2011/04/29 08:48:42 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe

[2011/04/29 08:47:20 | 000,080,384 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck.exe

[2011/04/29 08:43:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe

[2011/04/25 19:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com

[2011/04/25 19:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr

[2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

[2011/04/25 16:19:15 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/25 16:18:01 | 000,134,144 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 20:36:04 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/04/29 17:34:08 | 004,333,078 | ---- | C] () -- C:\Users\Dan\Desktop\george.exe

[2011/04/29 17:34:08 | 000,080,384 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck.exe

[2011/04/29 17:33:53 | 056,189,640 | ---- | C] () -- C:\Users\Dan\Desktop\setup_av_free.exe

[2011/04/29 17:33:53 | 000,932,400 | ---- | C] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe

[2011/04/29 17:27:45 | 2145,550,336 | -HS- | C] () -- C:\hiberfil.sys

[2011/04/25 16:19:15 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/14 04:05:56 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2009/12/24 12:07:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/12/24 11:40:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/11/02 13:09:09 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini

[2009/01/13 16:05:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll

[2009/01/13 16:05:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\maplec.dll

[2008/05/17 22:36:02 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat

[2008/02/13 04:07:28 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys

[2007/12/11 16:55:17 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini

[2007/08/25 16:44:05 | 000,148,995 | ---- | C] () -- C:\Windows\hpoins19.dat

[2007/08/15 00:27:33 | 000,134,144 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/08/04 17:23:42 | 000,055,857 | ---- | C] () -- C:\Windows\War3Unin.dat

[2007/08/04 17:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat

[2007/07/31 20:52:38 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat

[2007/07/31 20:44:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2007/06/27 06:52:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2007/06/27 06:49:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2007/06/27 06:45:53 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini

[2007/03/19 18:21:50 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007/03/19 16:54:13 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI

[2007/03/13 16:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2007/01/21 22:42:17 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll

[2007/01/21 22:32:05 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2007/01/21 22:32:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2007/01/21 22:31:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2007/01/21 22:29:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007/01/21 22:26:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/01/21 22:21:22 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll

[2007/01/21 22:19:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat

[2007/01/21 20:45:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/01/21 20:45:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007/01/21 20:45:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/01/21 20:45:27 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/01/21 20:45:05 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini

[2007/01/02 22:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/01/02 22:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/01/02 22:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/01/02 22:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll

[2007/01/02 22:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/01/02 22:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2007/01/02 22:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/12/25 19:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/13 09:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin

[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,349,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,626,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,109,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

3) Extras.txt from the 2nd OTL run:

OTL Extras logfile created on: 29/04/2011 8:59:14 PM - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.33 Gb Total Space | 88.19 Gb Free Space | 59.05% Space Free | Partition Type: NTFS

Drive D: | 139.96 Gb Total Space | 43.36 Gb Free Space | 30.98% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1940228112-2126371991-3483199835-1000]

"EnableNotificationsRef" = 2

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3149D824-7853-4ECE-9C13-89DC8D056995}" = rport=137 | protocol=17 | dir=out | app=system |

"{34F48ABD-6775-4CC7-8827-3B40381E867E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3972687E-5AEA-4BB6-9617-A97F6F5E3DCF}" = rport=139 | protocol=6 | dir=out | app=system |

"{4114CD56-6AE6-4D3F-B486-0C95689D8D8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{56BBB9E3-EF66-40B4-855D-12E2187279CE}" = rport=445 | protocol=6 | dir=out | app=system |

"{5FA8AF2C-0D1E-4D61-9511-CFEF63E8389C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6F74A7A5-161C-4585-A35C-399A944CE9CF}" = lport=137 | protocol=17 | dir=in | app=system |

"{7F52B631-7085-4B78-985D-6826D5077836}" = lport=139 | protocol=6 | dir=in | app=system |

"{A2293B53-0C57-4FC4-A131-E3ADF8C3E589}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{B4675128-A647-4515-8F0D-E5DDCAD85A05}" = rport=138 | protocol=17 | dir=out | app=system |

"{C265354C-6623-495B-B776-26280137CAF6}" = lport=138 | protocol=17 | dir=in | app=system |

"{D8045CC8-04B6-41F9-8546-8ECB575DCF22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{F4C641D8-69A0-46D1-A706-7CD45F0EEE2D}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BA165A3-C44C-4CE2-8173-6E724668AEAE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0CC947E3-F0D7-41A7-8CDA-87BF96B31CD0}" = protocol=6 | dir=in | app=c:\users\dan\appdata\local\temp\7zs4893.tmp\symnrt.exe |

"{1A0579B4-A184-4DBF-BE71-7036E4479DA7}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |

"{404CCD9D-93B6-436F-8029-47F2AC7F50AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{41F18C00-DFB6-48ED-97C4-4EA9CF8603CE}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{452E5C22-353E-4318-B98D-1FED4B7E79AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

"{4D5805FB-A9D1-490C-9E36-DFA3DA35B3A7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"{5040F742-1261-4683-9E14-DD10D26C2524}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{540665FF-5E9E-449D-9F0C-280157B2AF90}" = protocol=58 | dir=in | [email protected],-28545 |

"{59DC5BDA-2ADD-45DD-87AA-9F9471691B83}" = protocol=58 | dir=in | [email protected],-28545 |

"{5B9363C4-993A-4046-ABC0-C1AB21774CC9}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |

"{693A30E0-830A-416E-A6AA-6DB7FA87CA2E}" = protocol=58 | dir=out | [email protected],-28546 |

"{7328BC93-CD6A-49FB-833B-35DF3E5FC460}" = protocol=1 | dir=in | [email protected],-28543 |

"{75D9C874-E79C-4839-82F5-41CF3944093C}" = protocol=17 | dir=in | app=c:\users\dan\appdata\local\temp\7zs4893.tmp\symnrt.exe |

"{94CF10C5-C35C-47DC-AE10-730E3D10CDB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9CD1D8DB-060A-4C8C-95CD-B2247DAEDBAF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{9CE76AE6-DE38-4055-B7E5-94EED718C790}" = protocol=1 | dir=out | [email protected],-28544 |

"{B25AF853-0A28-40D0-8BAB-F476F3B028ED}" = protocol=1 | dir=out | [email protected],-28544 |

"{D9CE2AD6-142A-4754-8353-2A1AE34ACE40}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{DAD26BB9-04AF-4C89-A71E-E9CCC57140B6}" = protocol=1 | dir=in | [email protected],-28543 |

"{E515F3F4-9050-4D49-A817-865BDD31BA44}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

"{EB333977-D39E-41B8-9C0C-8220E3D431AD}" = protocol=58 | dir=out | [email protected],-28546 |

"{ED1F298A-36BD-45C0-9A9F-D9CC202BC4DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{4A4C7BA0-8D73-430B-9B8E-D43DBF14232C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{78AD8DB9-1696-4487-AE14-55A65FE3C424}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{8C703710-693A-45A9-A1ED-B8C67496A1C2}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |

"TCP Query User{A0C17D47-AF4E-4387-8A93-FC049D853781}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{A5C528EC-076C-4E16-8CDB-B5ACCC6BF1BD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{FEDABCA5-4DC1-4691-A4AD-529BD5073547}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |

"UDP Query User{24DB80A5-DA15-49ED-9D56-93E394A26BB8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{454CB810-4C81-482A-AF70-F480E5D1CD5C}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |

"UDP Query User{62E6859D-7044-438D-BCE2-E06C0A5FD79C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{755730DF-DF08-41E0-BC0C-C5D332D75732}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{9F9A3745-A5FC-4DDA-8008-44D02F956223}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |

"UDP Query User{BC8DF35B-D07D-4B14-B060-B002AAA43137}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{018A22DC-465A-40E0-50C2-25D54C7F64A1}" = CCC Help Greek

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{0DE29A13-086F-CA1B-3C85-C30252D509E5}" = Catalyst Control Center Localization Arabic

"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault

"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{1BF0855F-96CD-98A6-0C21-7643C90D0130}" = Catalyst Control Center Localization Arabic

"{1CD49205-3407-F8BE-954D-ED9706834213}" = CCC Help Swedish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F5D7806-6C3E-C3F5-0F82-6FD8B3BD451B}" = Catalyst Control Center Localization Hungarian

"{2026DF25-9BDC-4FDD-660A-781F6A0C2BF9}" = Catalyst Control Center Graphics Light

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program

"{293D7C43-8A39-736B-7EDA-790235A0415A}" = Catalyst Control Center Localization Korean

"{296EDEB2-3B6E-F37B-D6A5-D018AD9B937A}" = CCC Help Turkish

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2C0EC2F0-F7DE-B1CB-3AA0-E7C814EFFEDF}" = Catalyst Control Center Localization Chinese Standard

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3

"{3297D253-6BAD-6864-21E5-E70525776979}" = CCC Help Dutch

"{35BDA760-4905-19AA-54A0-C118ABB5BF0C}" = ccc-core-static

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3AD03D92-5F58-EAD6-3227-C06352C52F2E}" = CCC Help Russian

"{3E26071F-82EC-E6FA-E65F-0479EA83E558}" = Catalyst Control Center Localization Arabic

"{3EEA06EB-22FC-F4D1-C417-4CD99FD9E734}" = CCC Help Thai

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{411241B2-ADAA-34E4-4DF3-2FE00A924CD9}" = Catalyst Control Center Localization Finnish

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{47A9F4C0-9F81-8DB2-59FA-11254A927E24}" = CCC Help French

"{480A8C02-EDD0-1A0E-ECEB-6BE2EBB5CF77}" = Catalyst Control Center Localization Japanese

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English

"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam

"{4EC0616A-CADD-4C2F-B09E-366CE4CCDCB1}" = Integre techexplorer Hypermedia Browser

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5445FDF7-52F2-F776-ADBA-6A8C4FC815B3}" = ccc-utility

"{557E68C4-804F-A11D-4004-407C39542948}" = Catalyst Control Center Localization Italian

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{630CC87A-57A3-45DC-A5A4-08CE98E0BCB7}" = Branding

"{652DCC8D-72CB-D921-ACE8-463932342C9B}" = Catalyst Control Center Localization Czech

"{66C96F16-EABD-13E6-A409-628E28389F8A}" = CCC Help Czech

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6968667A-036F-A685-7A55-F77E24112779}" = CCC Help Portuguese

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2

"{733875B5-A1AE-2078-A4F0-CB06525A4FFA}" = CCC Help Japanese

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax

"{7B63B2922B174135AFC0E1377DD81EC2}" =

"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help

"{7F085F4A-CC3A-0101-E380-F510AA324C43}" = CCC Help English

"{80A41A47-40C9-891C-FE7C-BC6E0E93C720}" = Catalyst Control Center Localization Arabic

"{80B0A5B4-4DA4-D1D2-F339-9402B39B8709}" = Catalyst Control Center Graphics Full New

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{855EF1FF-6C22-1EE4-EB6D-F09653C1D82C}" = Catalyst Control Center Localization Arabic

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core

"{8FD19401-37F8-5162-DD65-43F15131AF43}" = CCC Help Chinese Traditional

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe

"{9254D884-145F-26EA-0082-DE517816AC42}" = Catalyst Control Center Localization Arabic

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{974A0BAD-4337-C39C-06BB-09FD098C1E23}" = Catalyst Control Center Localization Arabic

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{991803F9-3E05-EF39-CABC-4B7CCF2AD7AE}" = CCC Help Spanish

"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

"{9BCBE007-6C18-C4E5-9F5C-4DCD23D1D844}" = Catalyst Control Center Core Implementation

"{9DD8A162-07D8-083D-ACD1-CE9BED793882}" = CCC Help German

"{9F1C1015-3B20-7536-2457-D75B2009D57C}" = Catalyst Control Center Localization French

"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy

"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2

"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAD37EE3-50A7-45DB-97B9-1C8B900E9E8B}" = Movavi Video Converter 7

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC9B83BF-3AEB-E307-F5C7-6F50F72BAB03}" = CCC Help Norwegian

"{ACAA8E1C-DE7C-C8D9-0C73-9FBA318E8F9A}" = CCC Help Hungarian

"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B74AD1C2-BF07-7619-B0E5-14BB4C416ED8}" = CCC Help Chinese Standard

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister

"{BAE5F6BB-595D-67CE-063D-A7889DD273DA}" = Catalyst Control Center Localization Arabic

"{BC73CB0E-12E6-33C4-A0FD-9CCBF8250A07}" = CCC Help Polish

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{BEBAE81A-68B8-FA4F-1CC9-CDF3CF16A9BE}" = Catalyst Control Center Localization Chinese Traditional

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

"{CCB6B80B-41CD-8EF5-2CA3-4767D9B3B6FB}" = ccc-localization-da

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"{D0D88043-F87D-8E9C-FB0E-12E4B4058477}" = Catalyst Control Center Localization Greek

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D11EEB8E-9F12-A546-7175-9BC4CF5824A3}" = CCC Help Korean

"{D1B65F06-A5EF-9D4B-67C9-5AC907DE616A}" = Catalyst Control Center Graphics Full Existing

"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1D57935-D987-7637-0322-01399573A351}" = Catalyst Control Center Localization Spanish

"{F2EAA2B4-30A1-E093-1093-D905545EE7AE}" = CCC Help Finnish

"{F5DDE40D-3BE2-B129-D78F-FF31DD941FD7}" = CCC Help Italian

"{FCCC21F7-161D-CA84-8877-7543F77011F2}" = CCC Help Danish

"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

"{FF4CB48E-A97F-CA1F-9DBE-77CBEDC04170}" = Catalyst Control Center Localization German

"Acer Registration" = Acer Registration

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2

"amazonCD110" = Amazon Trail

"ATI Uninstaller" = ATI Uninstaller

"avast" = avast! Free Antivirus

"BitLord" = BitLord 1.1

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"ElyseeUk_is1" = Élysée 3.54

"ffdshow" = ffdshow (remove only)

"Google Chrome" = Google Chrome

"GridVista" = Acer GridVista

"GSpot" = GSpot Codec Information Appliance

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"HPOCR" = HP OCR Software 8.0

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"LimeWire" = LimeWire 4.16.2

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Maple 11" = Maple 11

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NSS" = Norton Security Scan

"PartyPoker" = PartyPoker

"PokerStars" = PokerStars

"Red Alert 2" = Command & Conquer Red Alert 2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Veetle TV" = Veetle TV 0.9.18

"Warcraft III" = Warcraft III

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WYSIWYG_Web_Builder_2.6" = WYSIWYG Web Builder 4.3.1

"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Antimalware Doctor" = Antimalware Doctor

"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

4) MBAM Report:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6443

Windows 6.0.6000

Internet Explorer 7.0.6000.17037

29/04/2011 9:18:44 PM

mbam-log-2011-04-29 (21-18-44).txt

Scan type: Quick scan

Objects scanned: 166975

Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

c:\Windows\System32\config\systemprofile\AppData\Local\yep.exe (Trojan.ExeShell.Gen) -> 4700 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\yep.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\yep.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\yep.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\config\systemprofile\AppData\Local\yep.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Dan\templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

5) TDSSKiller log

2011/04/29 22:58:51.0939 4468 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/29 22:58:54.0268 4468 ================================================================================

2011/04/29 22:58:54.0268 4468 SystemInfo:

2011/04/29 22:58:54.0268 4468

2011/04/29 22:58:54.0268 4468 OS Version: 6.0.6000 ServicePack: 0.0

2011/04/29 22:58:54.0268 4468 Product type: Workstation

2011/04/29 22:58:54.0268 4468 ComputerName: DAN-PC

2011/04/29 22:58:54.0455 4468 UserName: Dan

2011/04/29 22:58:54.0455 4468 Windows directory: C:\Windows

2011/04/29 22:58:54.0455 4468 System windows directory: C:\Windows

2011/04/29 22:58:54.0846 4468 Processor architecture: Intel x86

2011/04/29 22:58:54.0846 4468 Number of processors: 2

2011/04/29 22:58:54.0846 4468 Page size: 0x1000

2011/04/29 22:58:54.0846 4468 Boot type: Normal boot

2011/04/29 22:58:54.0846 4468 ================================================================================

2011/04/29 22:58:56.0471 4468 Initialize success

2011/04/29 22:59:06.0752 4896 ================================================================================

2011/04/29 22:59:06.0752 4896 Scan started

2011/04/29 22:59:06.0752 4896 Mode: Manual;

2011/04/29 22:59:06.0752 4896 ================================================================================

2011/04/29 22:59:08.0314 4896 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/04/29 22:59:08.0393 4896 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/04/29 22:59:08.0486 4896 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/04/29 22:59:08.0596 4896 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/04/29 22:59:08.0643 4896 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/04/29 22:59:08.0736 4896 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/04/29 22:59:08.0783 4896 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/04/29 22:59:08.0861 4896 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/04/29 22:59:08.0924 4896 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/04/29 22:59:09.0002 4896 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/04/29 22:59:09.0049 4896 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/04/29 22:59:09.0111 4896 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/04/29 22:59:09.0158 4896 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys

2011/04/29 22:59:09.0252 4896 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/04/29 22:59:09.0314 4896 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/04/29 22:59:09.0377 4896 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys

2011/04/29 22:59:09.0408 4896 aswMonFlt (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys

2011/04/29 22:59:09.0471 4896 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys

2011/04/29 22:59:09.0518 4896 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys

2011/04/29 22:59:09.0674 4896 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys

2011/04/29 22:59:09.0721 4896 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys

2011/04/29 22:59:09.0799 4896 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/29 22:59:09.0846 4896 atapi (3e9a53ccaaad194a0b536f668890e8fe) C:\Windows\system32\drivers\atapi.sys

2011/04/29 22:59:09.0861 4896 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/04/29 22:59:09.0924 4896 athr (999eff35b4c6d969b232bf575972f86f) C:\Windows\system32\DRIVERS\athr.sys

2011/04/29 22:59:10.0049 4896 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/04/29 22:59:10.0143 4896 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/29 22:59:10.0205 4896 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/04/29 22:59:10.0252 4896 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/04/29 22:59:10.0299 4896 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/04/29 22:59:10.0330 4896 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/04/29 22:59:10.0361 4896 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/04/29 22:59:10.0393 4896 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/04/29 22:59:10.0455 4896 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/04/29 22:59:10.0502 4896 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/04/29 22:59:10.0549 4896 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys

2011/04/29 22:59:10.0627 4896 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys

2011/04/29 22:59:10.0689 4896 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys

2011/04/29 22:59:10.0752 4896 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys

2011/04/29 22:59:10.0799 4896 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys

2011/04/29 22:59:10.0846 4896 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/04/29 22:59:10.0939 4896 Cam5607 (d8ba0e0ffbce2dd5de110c5146c438b4) C:\Windows\system32\Drivers\BisonC07.sys

2011/04/29 22:59:11.0033 4896 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/29 22:59:11.0096 4896 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/04/29 22:59:11.0189 4896 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/04/29 22:59:11.0268 4896 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/04/29 22:59:11.0408 4896 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/29 22:59:11.0439 4896 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/04/29 22:59:11.0486 4896 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/04/29 22:59:11.0533 4896 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/04/29 22:59:11.0643 4896 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/04/29 22:59:11.0736 4896 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/04/29 22:59:11.0799 4896 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/04/29 22:59:11.0846 4896 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

2011/04/29 22:59:11.0924 4896 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys

2011/04/29 22:59:11.0955 4896 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/04/29 22:59:12.0002 4896 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/04/29 22:59:12.0080 4896 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

2011/04/29 22:59:12.0111 4896 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/04/29 22:59:12.0252 4896 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/29 22:59:12.0533 4896 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/29 22:59:12.0721 4896 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/04/29 22:59:12.0830 4896 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/04/29 22:59:12.0908 4896 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys

2011/04/29 22:59:12.0955 4896 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys

2011/04/29 22:59:13.0018 4896 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys

2011/04/29 22:59:13.0080 4896 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/04/29 22:59:13.0189 4896 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/04/29 22:59:13.0268 4896 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/04/29 22:59:13.0314 4896 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/04/29 22:59:13.0346 4896 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/04/29 22:59:13.0377 4896 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/04/29 22:59:13.0439 4896 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/29 22:59:13.0471 4896 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/04/29 22:59:13.0564 4896 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/04/29 22:59:13.0643 4896 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/04/29 22:59:13.0705 4896 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/04/29 22:59:13.0814 4896 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys

2011/04/29 22:59:13.0861 4896 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/04/29 22:59:13.0924 4896 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/04/29 22:59:13.0971 4896 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/04/29 22:59:14.0049 4896 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/04/29 22:59:14.0205 4896 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/04/29 22:59:14.0283 4896 HSXHWAZL (7e775360ece92156ced6ed3b1daf6208) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/04/29 22:59:14.0361 4896 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2011/04/29 22:59:14.0408 4896 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/04/29 22:59:14.0455 4896 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/04/29 22:59:14.0502 4896 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/04/29 22:59:14.0549 4896 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/04/29 22:59:14.0643 4896 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys

2011/04/29 22:59:14.0955 4896 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys

2011/04/29 22:59:15.0111 4896 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2011/04/29 22:59:15.0174 4896 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/29 22:59:15.0252 4896 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/29 22:59:15.0455 4896 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/04/29 22:59:15.0502 4896 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/04/29 22:59:15.0564 4896 irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys

2011/04/29 22:59:15.0596 4896 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/04/29 22:59:15.0643 4896 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/04/29 22:59:15.0705 4896 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/04/29 22:59:15.0768 4896 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/04/29 22:59:15.0814 4896 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/04/29 22:59:15.0861 4896 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/04/29 22:59:15.0893 4896 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/04/29 22:59:15.0955 4896 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/29 22:59:16.0049 4896 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/29 22:59:16.0111 4896 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/04/29 22:59:16.0158 4896 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/04/29 22:59:16.0236 4896 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/04/29 22:59:16.0252 4896 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/04/29 22:59:16.0330 4896 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/04/29 22:59:16.0361 4896 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/04/29 22:59:16.0408 4896 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/04/29 22:59:16.0533 4896 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/29 22:59:16.0643 4896 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/04/29 22:59:16.0783 4896 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/29 22:59:16.0830 4896 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/04/29 22:59:16.0893 4896 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/04/29 22:59:16.0939 4896 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/29 22:59:16.0986 4896 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/04/29 22:59:17.0033 4896 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/04/29 22:59:17.0080 4896 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/29 22:59:17.0127 4896 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/29 22:59:17.0158 4896 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/29 22:59:17.0205 4896 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/04/29 22:59:17.0268 4896 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/04/29 22:59:17.0330 4896 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/04/29 22:59:17.0377 4896 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

2011/04/29 22:59:17.0486 4896 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/29 22:59:17.0533 4896 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/29 22:59:17.0564 4896 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/04/29 22:59:17.0611 4896 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/04/29 22:59:17.0658 4896 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/04/29 22:59:17.0689 4896 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/04/29 22:59:17.0799 4896 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/04/29 22:59:17.0893 4896 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/29 22:59:17.0955 4896 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/04/29 22:59:18.0018 4896 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/29 22:59:18.0049 4896 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/29 22:59:18.0096 4896 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/29 22:59:18.0127 4896 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/04/29 22:59:18.0158 4896 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/29 22:59:18.0205 4896 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/29 22:59:18.0283 4896 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/04/29 22:59:18.0314 4896 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/04/29 22:59:18.0361 4896 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/29 22:59:18.0471 4896 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/04/29 22:59:18.0549 4896 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2011/04/29 22:59:18.0580 4896 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/04/29 22:59:18.0627 4896 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/04/29 22:59:18.0674 4896 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/04/29 22:59:18.0705 4896 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/04/29 22:59:18.0736 4896 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/04/29 22:59:18.0955 4896 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/04/29 22:59:19.0033 4896 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/04/29 22:59:19.0080 4896 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/04/29 22:59:19.0111 4896 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/04/29 22:59:19.0158 4896 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

2011/04/29 22:59:19.0205 4896 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys

2011/04/29 22:59:19.0252 4896 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/04/29 22:59:19.0314 4896 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/04/29 22:59:19.0471 4896 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/29 22:59:19.0518 4896 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/04/29 22:59:19.0580 4896 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/29 22:59:19.0643 4896 PSDFilter (671f788336dd6a129d0b3743cece6eef) C:\Windows\system32\DRIVERS\psdfilter.sys

2011/04/29 22:59:19.0705 4896 PSDNServ (be1404b19f7708a89f0f680e6f2cf110) C:\Windows\system32\drivers\PSDNServ.sys

2011/04/29 22:59:19.0752 4896 psdvdisk (6de3cbb3f8c8a94cad7716b91c4b8951) C:\Windows\system32\drivers\psdvdisk.sys

2011/04/29 22:59:19.0814 4896 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/04/29 22:59:19.0877 4896 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/04/29 22:59:19.0924 4896 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/29 22:59:20.0033 4896 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/04/29 22:59:20.0080 4896 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/29 22:59:20.0127 4896 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/29 22:59:20.0174 4896 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/29 22:59:20.0252 4896 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/29 22:59:20.0314 4896 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/29 22:59:20.0502 4896 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/04/29 22:59:20.0627 4896 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/29 22:59:20.0705 4896 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/04/29 22:59:20.0830 4896 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/04/29 22:59:20.0908 4896 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/29 22:59:20.0939 4896 RTL8023xp (fdde6b3598660d3c51cb45eb3a95fe67) C:\Windows\system32\DRIVERS\Rtnicxp.sys

2011/04/29 22:59:21.0018 4896 RTL8169 (ec8bd9a495dd4231553b8f9258ca3b2a) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/04/29 22:59:21.0064 4896 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/04/29 22:59:21.0143 4896 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys

2011/04/29 22:59:21.0205 4896 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/29 22:59:21.0268 4896 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/04/29 22:59:21.0314 4896 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/04/29 22:59:21.0361 4896 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2011/04/29 22:59:21.0486 4896 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/04/29 22:59:21.0549 4896 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/29 22:59:21.0580 4896 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/04/29 22:59:21.0721 4896 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/04/29 22:59:21.0924 4896 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/04/29 22:59:22.0018 4896 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/04/29 22:59:22.0096 4896 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/04/29 22:59:22.0236 4896 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/04/29 22:59:22.0377 4896 SMSCIRDA (ced16c76469ba00e2ab310857cd4c767) C:\Windows\system32\DRIVERS\SMSCirda.sys

2011/04/29 22:59:22.0518 4896 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/04/29 22:59:22.0596 4896 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/04/29 22:59:22.0674 4896 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/29 22:59:22.0705 4896 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/29 22:59:22.0861 4896 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

2011/04/29 22:59:22.0986 4896 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/04/29 22:59:23.0018 4896 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/04/29 22:59:23.0064 4896 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/04/29 22:59:23.0143 4896 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys

2011/04/29 22:59:23.0268 4896 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2011/04/29 22:59:23.0377 4896 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/29 22:59:23.0471 4896 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/29 22:59:23.0533 4896 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/04/29 22:59:23.0564 4896 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/04/29 22:59:23.0611 4896 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/29 22:59:23.0658 4896 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

2011/04/29 22:59:23.0736 4896 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/29 22:59:23.0799 4896 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/04/29 22:59:23.0846 4896 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/29 22:59:23.0908 4896 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/04/29 22:59:23.0955 4896 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/29 22:59:24.0080 4896 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/29 22:59:24.0143 4896 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/04/29 22:59:24.0205 4896 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/04/29 22:59:24.0236 4896 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/04/29 22:59:24.0330 4896 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/04/29 22:59:24.0408 4896 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/04/29 22:59:24.0455 4896 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/04/29 22:59:24.0502 4896 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/04/29 22:59:24.0564 4896 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/29 22:59:24.0596 4896 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys

2011/04/29 22:59:24.0658 4896 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys

2011/04/29 22:59:24.0689 4896 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/04/29 22:59:24.0752 4896 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

2011/04/29 22:59:24.0799 4896 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/29 22:59:24.0846 4896 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/29 22:59:24.0893 4896 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/29 22:59:24.0939 4896 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/04/29 22:59:24.0971 4896 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/04/29 22:59:25.0002 4896 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/04/29 22:59:25.0049 4896 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/04/29 22:59:25.0080 4896 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

2011/04/29 22:59:25.0143 4896 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/04/29 22:59:25.0221 4896 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/04/29 22:59:25.0299 4896 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/04/29 22:59:25.0377 4896 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/04/29 22:59:25.0439 4896 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/29 22:59:25.0471 4896 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/29 22:59:25.0518 4896 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/04/29 22:59:25.0580 4896 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/29 22:59:25.0783 4896 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/04/29 22:59:25.0908 4896 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/04/29 22:59:26.0018 4896 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/04/29 22:59:26.0064 4896 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/29 22:59:26.0143 4896 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2011/04/29 22:59:26.0221 4896 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/04/29 22:59:26.0236 4896 ================================================================================

2011/04/29 22:59:26.0236 4896 Scan finished

2011/04/29 22:59:26.0236 4896 ================================================================================

2011/04/29 22:59:26.0252 4888 Detected object count: 2

2011/04/29 22:59:51.0330 4888 atapi (3e9a53ccaaad194a0b536f668890e8fe) C:\Windows\system32\drivers\atapi.sys

2011/04/29 22:59:53.0096 4888 Backup copy found, using it..

2011/04/29 22:59:53.0111 4888 C:\Windows\system32\drivers\atapi.sys - will be cured after reboot

2011/04/29 22:59:53.0111 4888 Rootkit.Win32.TDSS.tdl3(atapi) - User select action: Cure

2011/04/29 22:59:53.0252 4888 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/04/29 22:59:53.0252 4888 \HardDisk0 - ok

2011/04/29 22:59:53.0252 4888 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/04/29 23:00:07.0361 4380 Deinitialize success

6) MBRCheck log

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: (build 6000), 32-bit

Base Board Manufacturer: Acer

BIOS Manufacturer: Acer

System Manufacturer: Acer

System Product Name: Aspire 5110

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 165):

0x82400000 \SystemRoot\system32\ntkrnlpa.exe

0x827A1000 \SystemRoot\system32\hal.dll

0x804C6000 \SystemRoot\system32\kdcom.dll

0x804BD000 \SystemRoot\system32\PSHED.dll

0x804B5000 \SystemRoot\system32\BOOTVID.dll

0x8047A000 \SystemRoot\system32\CLFS.SYS

0x8071F000 \SystemRoot\system32\CI.dll

0x806A4000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8046D000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8042A000 \SystemRoot\system32\drivers\acpi.sys

0x80421000 \SystemRoot\system32\drivers\WMILIB.SYS

0x80419000 \SystemRoot\system32\drivers\msisadrv.sys

0x8067F000 \SystemRoot\system32\drivers\pci.sys

0x8040A000 \SystemRoot\system32\drivers\volmgr.sys

0x80407000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x80675000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x80665000 \SystemRoot\System32\drivers\mountmgr.sys

0x80400000 \SystemRoot\system32\drivers\pciide.sys

0x80657000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x8062D000 \SystemRoot\system32\DRIVERS\pcmcia.sys

0x823B6000 \SystemRoot\System32\drivers\volmgrx.sys

0x80625000 \SystemRoot\system32\drivers\atapi.sys

0x80607000 \SystemRoot\system32\drivers\ataport.SYS

0x82385000 \SystemRoot\system32\drivers\fltmgr.sys

0x82375000 \SystemRoot\system32\drivers\fileinfo.sys

0x8236C000 \SystemRoot\system32\DRIVERS\psdfilter.sys

0x82268000 \SystemRoot\system32\drivers\ndis.sys

0x8223D000 \SystemRoot\system32\drivers\msrpc.sys

0x82204000 \SystemRoot\system32\drivers\NETIO.SYS

0x87EF8000 \SystemRoot\System32\Drivers\Ntfs.sys

0x87E8E000 \SystemRoot\System32\Drivers\ksecdd.sys

0x87E58000 \SystemRoot\system32\drivers\volsnap.sys

0x87E50000 \SystemRoot\System32\Drivers\spldr.sys

0x87E3E000 \SystemRoot\system32\drivers\psdvdisk.sys

0x87E35000 \SystemRoot\system32\drivers\PSDNServ.sys

0x87E26000 \SystemRoot\System32\drivers\partmgr.sys

0x87E17000 \SystemRoot\System32\Drivers\mup.sys

0x881DB000 \SystemRoot\System32\drivers\ecache.sys

0x87E06000 \SystemRoot\system32\drivers\disk.sys

0x881BA000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x881B1000 \SystemRoot\system32\drivers\crcdisk.sys

0x8B4D5000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8B0F7000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x88009000 \SystemRoot\system32\DRIVERS\amdk8.sys

0x88018000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x8B878000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x8B438000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8B42B000 \SystemRoot\System32\drivers\watchdog.sys

0x8C153000 \SystemRoot\system32\DRIVERS\athr.sys

0x8B421000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x8B83B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x8B413000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x8B823000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x88A2D000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys

0x8B536000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0x8B401000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8B810000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x8B806000 \SystemRoot\system32\DRIVERS\DKbFltr.sys

0x8C148000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x8C11D000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x88A27000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8C112000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x88B4C000 \SystemRoot\system32\DRIVERS\SMSCirda.sys

0x8B082000 \SystemRoot\system32\drivers\irenum.sys

0x8B01C000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x8B1B0000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x8C104000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x8C0F1000 \SystemRoot\system32\DRIVERS\Rtlh86.sys

0x8B1C0000 \SystemRoot\system32\DRIVERS\EMS7SK.sys

0x8C0D9000 \SystemRoot\system32\DRIVERS\sdbus.sys

0x8C0C6000 \SystemRoot\system32\DRIVERS\ESM7SK.sys

0x8C0BB000 \SystemRoot\system32\DRIVERS\ESD7SK.sys

0x8C090000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8C050000 \SystemRoot\system32\DRIVERS\storport.sys

0x8C045000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8C02E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8C023000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8C000000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8C5F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8C5DE000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8C5C2000 \SystemRoot\system32\DRIVERS\termdd.sys

0x88A21000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8C598000 \SystemRoot\system32\DRIVERS\ks.sys

0x8C58E000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8C5D1000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8C55A000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8B100000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8C66D000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8C51D000 \SystemRoot\system32\drivers\portcls.sys

0x8C4F8000 \SystemRoot\system32\drivers\drmk.sys

0x8C4BB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys

0x8C8FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

0x8C407000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0x8C660000 \SystemRoot\system32\drivers\modem.sys

0x8C88D000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x8B0AF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x8B5CF000 \SystemRoot\System32\Drivers\Null.SYS

0x8B5D6000 \SystemRoot\System32\Drivers\Beep.SYS

0x8B5DD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x8C614000 \SystemRoot\System32\drivers\vga.sys

0x8C86C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x88B2C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x88B64000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8C609000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8C83E000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8B0C1000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8CB2B000 \SystemRoot\System32\drivers\tcpip.sys

0x8C825000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8C810000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8C806000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x8CAEC000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8CAD8000 \SystemRoot\system32\DRIVERS\smb.sys

0x8CA91000 \SystemRoot\system32\drivers\afd.sys

0x88ABD000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x8CA7B000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8CA6D000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8CA5A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8CA1F000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8C638000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys

0x8CA15000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8CFA9000 \SystemRoot\System32\Drivers\dfsc.sys

0x8CF60000 \SystemRoot\System32\Drivers\aswSP.SYS

0x8CB1E000 \SystemRoot\System32\Drivers\crashdmp.sys

0x88A4B000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x88B8C000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x8CE29000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x94E00000 \SystemRoot\System32\win32k.sys

0x8CE11000 \SystemRoot\System32\drivers\Dxapi.sys

0x8D090000 \SystemRoot\System32\Drivers\BisonC07.sys

0x88A02000 \SystemRoot\System32\Drivers\STREAM.SYS

0x950AA000 \SystemRoot\system32\DRIVERS\monitor.sys

0x95C00000 \SystemRoot\System32\TSDDD.dll

0x95C10000 \SystemRoot\System32\cdd.dll

0x975A5000 \SystemRoot\system32\drivers\luafv.sys

0x9754D000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x8B061000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x978DA000 \SystemRoot\system32\drivers\spsys.sys

0x978BC000 \SystemRoot\system32\DRIVERS\irda.sys

0x8B170000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x97851000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x9576A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x989ED000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x9AB97000 \SystemRoot\system32\drivers\HTTP.sys

0x9AB7C000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9AB23000 \SystemRoot\system32\DRIVERS\bowser.sys

0x9AB0F000 \SystemRoot\System32\drivers\mpsdrv.sys

0x9AAEF000 \SystemRoot\system32\drivers\mrxdav.sys

0x9AAD1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x9AA98000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x9AA86000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x9AA62000 \SystemRoot\System32\DRIVERS\srv2.sys

0x9B1AF000 \SystemRoot\System32\DRIVERS\srv.sys

0x9B0AB000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x9B000000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys

0x9D994000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x9D849000 \SystemRoot\system32\drivers\peauth.sys

0x957CE000 \SystemRoot\System32\Drivers\secdrv.SYS

0x8D1A8000 \SystemRoot\System32\drivers\tcpipreg.sys

0x88B34000 \SystemRoot\system32\DRIVERS\xaudio.sys

0x8D1F5000 \SystemRoot\system32\drivers\tdtcp.sys

0x952B4000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0x9E632000 \SystemRoot\System32\Drivers\RDPWD.SYS

0xA7E20000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xA8806000 \SystemRoot\System32\Drivers\fastfat.SYS

0x77BF0000 \Windows\System32\ntdll.dll

Processes (total 85):

0 System Idle Process

4 System

424 C:\Windows\System32\smss.exe

492 csrss.exe

540 C:\Windows\System32\wininit.exe

552 csrss.exe

584 C:\Windows\System32\services.exe

612 C:\Windows\System32\winlogon.exe

632 C:\Windows\System32\lsass.exe

648 C:\Windows\System32\lsm.exe

788 C:\Windows\System32\svchost.exe

864 C:\Windows\System32\svchost.exe

912 C:\Windows\System32\Ati2evxx.exe

932 C:\Windows\System32\svchost.exe

1000 C:\Windows\System32\svchost.exe

1024 C:\Windows\System32\svchost.exe

1152 C:\Windows\System32\audiodg.exe

1184 C:\Windows\System32\SLsvc.exe

1224 C:\Windows\System32\svchost.exe

1412 C:\Windows\System32\Ati2evxx.exe

1448 C:\Windows\System32\svchost.exe

1660 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

1996 C:\Windows\System32\spoolsv.exe

2020 C:\Windows\System32\svchost.exe

796 C:\Windows\System32\dwm.exe

1372 C:\Windows\explorer.exe

2172 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2212 C:\Program Files\Bonjour\mDNSResponder.exe

2224 C:\Windows\System32\svchost.exe

2244 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

2364 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

2428 C:\Acer\Empowering Technology\eNet\eNet Service.exe

2508 C:\Windows\System32\svchost.exe

2552 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

2576 C:\Acer\Mobility Center\MobilityService.exe

2632 C:\Windows\System32\svchost.exe

2688 C:\Windows\System32\svchost.exe

2700 C:\Windows\System32\svchost.exe

2712 C:\Program Files\CyberLink\Shared Files\RichVideo.exe

2736 C:\Windows\System32\svchost.exe

2780 C:\Windows\System32\svchost.exe

2804 C:\Windows\System32\SearchIndexer.exe

2948 C:\Windows\System32\drivers\XAudio.exe

2964 C:\Program Files\Xobni\XobniService.exe

3044 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

3108 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

3168 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

3344 WmiPrvSE.exe

3440 unsecapp.exe

3476 WmiPrvSE.exe

3648 C:\Windows\System32\taskeng.exe

3800 C:\Windows\System32\taskeng.exe

4028 C:\Windows\RtHDVCpl.exe

4064 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

1084 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

1560 C:\Program Files\Launch Manager\LManager.exe

2084 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

3164 C:\Program Files\iTunes\iTunesHelper.exe

3296 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

3728 C:\Program Files\AVAST Software\Avast\AvastUI.exe

3828 C:\Program Files\Windows Sidebar\sidebar.exe

2072 C:\Windows\ehome\ehtray.exe

3764 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

4024 C:\Program Files\Windows Media Player\wmpnscfg.exe

1124 C:\Windows\ehome\ehmsas.exe

1196 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

2768 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

1264 C:\Program Files\Windows Media Player\wmpnetwk.exe

3888 C:\Program Files\Windows Sidebar\sidebar.exe

4192 C:\Program Files\iPod\bin\iPodService.exe

4316 C:\Acer\Empowering Technology\eNet\eNMTray.exe

4420 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

4432 C:\Windows\System32\wbem\unsecapp.exe

4444 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

4460 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

4556 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

4880 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

5780 C:\Windows\servicing\TrustedInstaller.exe

980 C:\Windows\System32\VSSVC.exe

5292 C:\Windows\System32\svchost.exe

5128 C:\Windows\System32\wuauclt.exe

6072 C:\Windows\System32\conime.exe

4648 C:\Windows\System32\SearchProtocolHost.exe

3488 C:\Windows\System32\SearchFilterHost.exe

4120 C:\Users\Dan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32557600 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`878ec200 (NTFS)

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0002SDM1

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

7) Combofix log:

ComboFix 11-04-29.03 - Dan 30/04/2011 7:10.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2046.999 [GMT -4:00]

Running from: c:\users\Dan\Desktop\george.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.dat

c:\users\Dan\AppData\Roaming\Adobe\plugs

c:\users\Dan\AppData\Roaming\Adobe\shed

c:\windows\system32\arp.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))

.

.

2011-04-30 11:34 . 2011-04-30 11:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-04-30 11:34 . 2011-04-30 11:34 -------- d-----w- c:\users\MD\AppData\Local\temp

2011-04-30 11:34 . 2011-04-30 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-30 00:41 . 2011-04-30 00:41 -------- d-----w- C:\_OTL

2011-04-30 00:36 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-04-30 00:36 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-04-30 00:36 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-04-30 00:36 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-04-30 00:36 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-04-30 00:35 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-04-30 00:35 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr

2011-04-30 00:35 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-04-30 00:34 . 2011-04-30 00:34 -------- d-----w- c:\programdata\AVAST Software

2011-04-30 00:34 . 2011-04-30 00:34 -------- d-----w- c:\program files\AVAST Software

2011-04-25 20:19 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-25 20:19 . 2011-04-25 20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-25 20:19 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-25 20:18 . 2011-04-25 20:18 -------- d-----w- C:\Antivirus

2011-04-25 19:15 . 2006-11-02 09:45 308224 ----a-w- c:\windows\system32\winlogon.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-30 03:00 . 2008-02-13 08:07 21560 ----a-w- c:\windows\system32\drivers\atapi.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 464168]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]

"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-21 528384]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1940228112-2126371991-3483199835-1000]

"EnableNotificationsRef"=dword:00000002

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]

S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-10-12 46824]

S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 02:04]

.

2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 02:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://en.ca.acer.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.ca.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Web Search...

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.ca/

FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

.

.

------- File Associations -------

.

exefile="c:\windows\system32\config\systemprofile\AppData\Local\yep.exe" -a "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)

HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

SafeBoot-klmdb.sys

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-30 07:35

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]

"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,

12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}*]

"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,

12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

Completion time: 2011-04-30 07:42:53

ComboFix-quarantined-files.txt 2011-04-30 11:42

.

Pre-Run: 93,417,791,488 bytes free

Post-Run: 93,387,026,432 bytes free

.

- - End Of File - - EFB2E4D0FE742A6C6EC6747B1C250789

#4
RKinner

Posted 30 April 2011 - 08:51 AM

Malware Expert

Expert
24,735 posts

Making real progress! More homework for you tho. (Doesn't matter that you had to run Combofix out of order. I'm just glad it was able to run.)

Uninstall:
BitLord 1.1
LimeWire 4.16.2
Norton Security Scan
Java™ 6 Update 3
Java™ 6 Update 17
Adobe DLM or getPlus if either are still there.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

Firefox::
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}*]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“HideSCAHealth”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-

******************************************

Now open notepad (Start, Run, notepad, OK) - Make sure Word Wrap is unchecked under Format- and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

TDSSKiller found something and said it would remove it on a reboot. Please run TDSSKiller again to make sure it was able to remove the malware.

Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run As Adminsitrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#5
DVCnerfherder

Posted 01 May 2011 - 06:43 AM

Member

Topic Starter
Member
58 posts

Ron,

Assignment 2 completed. I did hit one glitch, however. After I ran Combofix the laptop rebooted. When I tried to log in again, I received a popup with the message "An unauthorized change was made to Windows". There were two options, one of which opened a browser with some "help" info, the other which logged me out and back to the login screen. Several subsequent attempts to log in resulted in the same problem. So I booted the laptop in safe mode, which allowed me to log in, at which point I was able to save the Combofix log. I then rebooted the laptop normally and was able to log in as usual and complete the rest of the tasks. I'm not very Vista literate (I'm and XP/Ubuntu person) but was Vista balking at some of the activities of Combofix?

Anyway, the logs are present in the following order:

1) Combofix.log
2) TDSSKiller.log
3) OTL.txt
4) Extras.txt
5) VEW(system).txt
6) VEW(application).txt

- Mike

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
ComboFix 11-04-29.03 - Dan 30/04/2011 23:03:04.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2046.1051 [GMT -4:00]
Running from: c:\users\Dan\Desktop\george.exe
Command switches used :: c:\users\Dan\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 03:13 . 2011-05-01 03:25 -------- d-----w- c:\users\Dan\AppData\Local\temp
2011-05-01 03:13 . 2011-05-01 03:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-01 03:13 . 2011-05-01 03:13 -------- d-----w- c:\users\MD\AppData\Local\temp
2011-05-01 03:13 . 2011-05-01 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 13:27 . 2011-04-30 13:27 -------- d-----w- c:\programdata\Symantec
2011-04-30 11:07 . 2011-04-30 11:43 -------- d-----w- C:\george
2011-04-30 00:41 . 2011-04-30 00:41 -------- d-----w- C:\_OTL
2011-04-30 00:36 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-30 00:36 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-30 00:36 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-30 00:36 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-30 00:36 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-30 00:35 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-30 00:35 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-30 00:35 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-30 00:34 . 2011-04-30 00:34 -------- d-----w- c:\programdata\AVAST Software
2011-04-30 00:34 . 2011-04-30 00:34 -------- d-----w- c:\program files\AVAST Software
2011-04-25 20:19 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 20:19 . 2011-04-25 20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-25 20:19 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 20:18 . 2011-04-25 20:18 -------- d-----w- C:\Antivirus
2011-04-25 19:15 . 2006-11-02 09:45 308224 ----a-w- c:\windows\system32\winlogon.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-30 03:00 . 2008-02-13 08:07 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 464168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-21 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1940228112-2126371991-3483199835-1000]
"EnableNotificationsRef"=dword:00000002
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-10-12 46824]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 02:04]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 02:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.ca.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.ca/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 23:26
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1748)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-04-30 23:30:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-01 03:30
ComboFix2.txt 2011-04-30 11:42
.
Pre-Run: 92,669,353,984 bytes free
Post-Run: 94,015,938,560 bytes free
.
- - End Of File - - 7904100648FC20C8B486FD2C3A706EE3

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

2011/05/01 08:00:12.0118 5340 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/01 08:00:12.0837 5340 ================================================================================
2011/05/01 08:00:12.0837 5340 SystemInfo:
2011/05/01 08:00:12.0837 5340
2011/05/01 08:00:12.0837 5340 OS Version: 6.0.6000 ServicePack: 0.0
2011/05/01 08:00:12.0837 5340 Product type: Workstation
2011/05/01 08:00:12.0837 5340 ComputerName: DAN-PC
2011/05/01 08:00:12.0852 5340 UserName: Dan
2011/05/01 08:00:12.0852 5340 Windows directory: C:\Windows
2011/05/01 08:00:12.0852 5340 System windows directory: C:\Windows
2011/05/01 08:00:12.0852 5340 Processor architecture: Intel x86
2011/05/01 08:00:12.0852 5340 Number of processors: 2
2011/05/01 08:00:12.0852 5340 Page size: 0x1000
2011/05/01 08:00:12.0852 5340 Boot type: Normal boot
2011/05/01 08:00:12.0852 5340 ================================================================================
2011/05/01 08:00:13.0571 5340 Initialize success
2011/05/01 08:00:28.0727 5300 ================================================================================
2011/05/01 08:00:28.0727 5300 Scan started
2011/05/01 08:00:28.0727 5300 Mode: Manual;
2011/05/01 08:00:28.0727 5300 ================================================================================
2011/05/01 08:00:29.0305 5300 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/05/01 08:00:29.0368 5300 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/01 08:00:29.0430 5300 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/01 08:00:29.0477 5300 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/01 08:00:29.0540 5300 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/01 08:00:29.0634 5300 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/05/01 08:00:29.0696 5300 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/01 08:00:29.0759 5300 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/01 08:00:29.0868 5300 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/01 08:00:29.0915 5300 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/01 08:00:29.0962 5300 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/01 08:00:30.0009 5300 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/01 08:00:30.0071 5300 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/01 08:00:30.0149 5300 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/01 08:00:30.0196 5300 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/01 08:00:30.0259 5300 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/01 08:00:30.0321 5300 aswMonFlt (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/01 08:00:30.0384 5300 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
2011/05/01 08:00:30.0430 5300 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
2011/05/01 08:00:30.0524 5300 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
2011/05/01 08:00:30.0555 5300 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
2011/05/01 08:00:30.0618 5300 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/01 08:00:30.0696 5300 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/05/01 08:00:30.0759 5300 athr (999eff35b4c6d969b232bf575972f86f) C:\Windows\system32\DRIVERS\athr.sys
2011/05/01 08:00:30.0868 5300 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/05/01 08:00:30.0977 5300 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/01 08:00:31.0055 5300 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/01 08:00:31.0087 5300 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/01 08:00:31.0134 5300 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/01 08:00:31.0180 5300 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/01 08:00:31.0212 5300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/01 08:00:31.0243 5300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/01 08:00:31.0305 5300 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/01 08:00:31.0352 5300 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/01 08:00:31.0399 5300 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/01 08:00:31.0462 5300 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/05/01 08:00:31.0524 5300 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/01 08:00:31.0571 5300 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/05/01 08:00:31.0649 5300 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2011/05/01 08:00:31.0696 5300 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/01 08:00:31.0774 5300 Cam5607 (d8ba0e0ffbce2dd5de110c5146c438b4) C:\Windows\system32\Drivers\BisonC07.sys
2011/05/01 08:00:31.0852 5300 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/01 08:00:31.0899 5300 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/01 08:00:31.0946 5300 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/01 08:00:31.0993 5300 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/05/01 08:00:32.0055 5300 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/01 08:00:32.0102 5300 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/01 08:00:32.0165 5300 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/01 08:00:32.0212 5300 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/01 08:00:32.0259 5300 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/01 08:00:32.0352 5300 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/05/01 08:00:32.0430 5300 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/05/01 08:00:32.0493 5300 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/01 08:00:32.0587 5300 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/01 08:00:32.0665 5300 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/01 08:00:32.0712 5300 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/01 08:00:32.0790 5300 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/05/01 08:00:32.0837 5300 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/01 08:00:32.0899 5300 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/01 08:00:32.0977 5300 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/01 08:00:33.0040 5300 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/05/01 08:00:33.0227 5300 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/01 08:00:33.0352 5300 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
2011/05/01 08:00:33.0399 5300 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
2011/05/01 08:00:33.0446 5300 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
2011/05/01 08:00:33.0524 5300 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/05/01 08:00:33.0555 5300 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/01 08:00:33.0602 5300 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/05/01 08:00:33.0680 5300 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/05/01 08:00:33.0727 5300 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/01 08:00:33.0774 5300 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/05/01 08:00:33.0821 5300 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/01 08:00:33.0868 5300 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/01 08:00:33.0915 5300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/05/01 08:00:33.0993 5300 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/01 08:00:34.0040 5300 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/01 08:00:34.0102 5300 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/01 08:00:34.0134 5300 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/01 08:00:34.0212 5300 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/01 08:00:34.0274 5300 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/01 08:00:34.0352 5300 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/01 08:00:34.0430 5300 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/01 08:00:34.0509 5300 HSXHWAZL (7e775360ece92156ced6ed3b1daf6208) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/01 08:00:34.0555 5300 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/05/01 08:00:34.0602 5300 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/01 08:00:34.0680 5300 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/01 08:00:34.0727 5300 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/01 08:00:34.0774 5300 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/01 08:00:34.0868 5300 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/05/01 08:00:35.0009 5300 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/01 08:00:35.0087 5300 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/01 08:00:35.0134 5300 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/01 08:00:35.0180 5300 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/01 08:00:35.0274 5300 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/01 08:00:35.0305 5300 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/01 08:00:35.0368 5300 irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys
2011/05/01 08:00:35.0415 5300 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/05/01 08:00:35.0462 5300 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/01 08:00:35.0509 5300 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/01 08:00:35.0587 5300 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/01 08:00:35.0618 5300 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/01 08:00:35.0696 5300 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/01 08:00:35.0743 5300 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/01 08:00:35.0790 5300 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/01 08:00:35.0884 5300 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/01 08:00:35.0946 5300 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/01 08:00:35.0977 5300 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/01 08:00:36.0040 5300 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/01 08:00:36.0071 5300 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/05/01 08:00:36.0134 5300 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/01 08:00:36.0180 5300 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/01 08:00:36.0227 5300 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/05/01 08:00:36.0274 5300 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/01 08:00:36.0337 5300 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/01 08:00:36.0399 5300 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/01 08:00:36.0446 5300 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/05/01 08:00:36.0493 5300 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/01 08:00:36.0555 5300 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/01 08:00:36.0587 5300 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/01 08:00:36.0665 5300 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/05/01 08:00:36.0727 5300 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/01 08:00:36.0774 5300 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/01 08:00:36.0805 5300 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/01 08:00:36.0852 5300 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/01 08:00:36.0884 5300 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/01 08:00:36.0946 5300 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/05/01 08:00:36.0977 5300 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/05/01 08:00:37.0055 5300 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/01 08:00:37.0118 5300 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/01 08:00:37.0165 5300 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/05/01 08:00:37.0212 5300 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/05/01 08:00:37.0274 5300 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/01 08:00:37.0321 5300 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/05/01 08:00:37.0337 5300 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/05/01 08:00:37.0399 5300 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/01 08:00:37.0462 5300 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/05/01 08:00:37.0524 5300 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/01 08:00:37.0555 5300 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/01 08:00:37.0602 5300 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/01 08:00:37.0649 5300 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/05/01 08:00:37.0696 5300 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/01 08:00:37.0743 5300 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/01 08:00:37.0821 5300 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/01 08:00:37.0852 5300 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/05/01 08:00:37.0899 5300 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/01 08:00:37.0993 5300 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/05/01 08:00:38.0071 5300 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/01 08:00:38.0102 5300 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/01 08:00:38.0149 5300 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/05/01 08:00:38.0196 5300 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/01 08:00:38.0227 5300 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/01 08:00:38.0274 5300 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/01 08:00:38.0384 5300 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/01 08:00:38.0477 5300 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/01 08:00:38.0524 5300 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/05/01 08:00:38.0555 5300 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/01 08:00:38.0602 5300 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/05/01 08:00:38.0665 5300 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/05/01 08:00:38.0743 5300 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/01 08:00:38.0805 5300 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/01 08:00:39.0024 5300 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/01 08:00:39.0071 5300 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/01 08:00:39.0134 5300 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/01 08:00:39.0165 5300 PSDFilter (671f788336dd6a129d0b3743cece6eef) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/05/01 08:00:39.0212 5300 PSDNServ (be1404b19f7708a89f0f680e6f2cf110) C:\Windows\system32\drivers\PSDNServ.sys
2011/05/01 08:00:39.0243 5300 psdvdisk (6de3cbb3f8c8a94cad7716b91c4b8951) C:\Windows\system32\drivers\psdvdisk.sys
2011/05/01 08:00:39.0337 5300 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/01 08:00:39.0430 5300 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/01 08:00:39.0477 5300 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/01 08:00:39.0571 5300 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/01 08:00:39.0649 5300 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/01 08:00:39.0696 5300 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/01 08:00:39.0743 5300 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/01 08:00:39.0774 5300 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/01 08:00:39.0805 5300 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/01 08:00:39.0868 5300 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/01 08:00:39.0884 5300 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/01 08:00:39.0946 5300 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/05/01 08:00:40.0009 5300 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/01 08:00:40.0071 5300 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/01 08:00:40.0118 5300 RTL8023xp (fdde6b3598660d3c51cb45eb3a95fe67) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/05/01 08:00:40.0180 5300 RTL8169 (ec8bd9a495dd4231553b8f9258ca3b2a) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/01 08:00:40.0227 5300 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/01 08:00:40.0290 5300 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/01 08:00:40.0337 5300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/01 08:00:40.0399 5300 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/01 08:00:40.0430 5300 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/01 08:00:40.0493 5300 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/05/01 08:00:40.0555 5300 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/01 08:00:40.0587 5300 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/01 08:00:40.0649 5300 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/01 08:00:40.0696 5300 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/01 08:00:40.0774 5300 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/01 08:00:40.0868 5300 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/01 08:00:40.0915 5300 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/01 08:00:40.0977 5300 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/05/01 08:00:41.0009 5300 SMSCIRDA (ced16c76469ba00e2ab310857cd4c767) C:\Windows\system32\DRIVERS\SMSCirda.sys
2011/05/01 08:00:41.0071 5300 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/05/01 08:00:41.0134 5300 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/01 08:00:41.0196 5300 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/01 08:00:41.0227 5300 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/01 08:00:41.0290 5300 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/01 08:00:41.0368 5300 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/01 08:00:41.0399 5300 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/01 08:00:41.0446 5300 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/01 08:00:41.0509 5300 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/01 08:00:41.0587 5300 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/05/01 08:00:41.0696 5300 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/01 08:00:41.0727 5300 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/01 08:00:41.0759 5300 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/05/01 08:00:41.0805 5300 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/01 08:00:41.0852 5300 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/01 08:00:41.0884 5300 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/01 08:00:41.0962 5300 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/01 08:00:42.0009 5300 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/01 08:00:42.0040 5300 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/01 08:00:42.0087 5300 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/01 08:00:42.0134 5300 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/01 08:00:42.0243 5300 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/01 08:00:42.0305 5300 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/01 08:00:42.0352 5300 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/01 08:00:42.0384 5300 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/01 08:00:42.0430 5300 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/01 08:00:42.0493 5300 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/01 08:00:42.0540 5300 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/01 08:00:42.0587 5300 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/01 08:00:42.0665 5300 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/01 08:00:42.0712 5300 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/01 08:00:42.0743 5300 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/01 08:00:42.0774 5300 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/01 08:00:42.0837 5300 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/01 08:00:42.0884 5300 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/01 08:00:42.0930 5300 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/01 08:00:42.0977 5300 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/01 08:00:43.0024 5300 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/05/01 08:00:43.0071 5300 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/01 08:00:43.0118 5300 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/01 08:00:43.0149 5300 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/01 08:00:43.0180 5300 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/05/01 08:00:43.0227 5300 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/05/01 08:00:43.0290 5300 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/05/01 08:00:43.0321 5300 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/01 08:00:43.0384 5300 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/01 08:00:43.0446 5300 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/01 08:00:43.0477 5300 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/01 08:00:43.0524 5300 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/01 08:00:43.0587 5300 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/01 08:00:43.0727 5300 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/01 08:00:43.0837 5300 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/01 08:00:43.0930 5300 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/01 08:00:43.0977 5300 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/01 08:00:44.0071 5300 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/01 08:00:44.0274 5300 ================================================================================
2011/05/01 08:00:44.0274 5300 Scan finished
2011/05/01 08:00:44.0274 5300 ================================================================================

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

OTL logfile created on: 01/05/2011 8:03:09 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.33 Gb Total Space | 85.44 Gb Free Space | 57.22% Space Free | Partition Type: NTFS
Drive D: | 139.96 Gb Total Space | 42.72 Gb Free Space | 30.52% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/10 19:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/01/10 20:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/02 22:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/12/29 00:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/25 20:45:26 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/12/14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/12/08 04:24:00 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2006/12/01 01:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/02 05:45:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

========== Modules (SafeList) ==========

MOD - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/01/23 19:25:36 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/08 16:16:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/26 21:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 02:24:02 | 000,062,464 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/05 22:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/10/25 02:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 02:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 02:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/18 03:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/28 21:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/11 17:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/11 17:16:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/29 20:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 20:39:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 20:39:02 | 000,000,000 | ---D | M]

[2008/09/08 22:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2011/04/30 23:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions
[2011/03/27 20:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 02:24:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/25 17:19:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/16 23:01:23 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\vshare@toolbar
[2010/08/16 23:02:17 | 000,001,592 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\searchplugins\web-search.xml
[2011/04/30 22:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 20:35:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/02/11 17:16:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/11 17:16:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

O1 HOSTS File: ([2011/04/30 23:25:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 08:03:51 | 000,000,000 | ---D | C] -- C:\530c833a78d13ac14b06f147
[2011/04/30 23:30:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/30 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\temp
[2011/04/30 23:25:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/30 09:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/30 07:08:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/30 07:08:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/30 07:08:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/30 07:08:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/30 07:07:37 | 000,000,000 | ---D | C] -- C:\george
[2011/04/29 22:37:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/29 20:41:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 20:36:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/29 20:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/29 20:36:03 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/29 20:36:00 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/29 20:36:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/29 20:36:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/29 20:35:59 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/29 20:35:11 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/29 20:35:11 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/29 17:34:08 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/29 17:34:07 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2011/04/25 19:38:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/25 16:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 16:19:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/25 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/25 16:18:31 | 000,000,000 | ---D | C] -- C:\Antivirus
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/01/21 22:26:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 08:05:55 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 08:05:54 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 07:58:39 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/01 07:58:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/01 07:57:50 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 07:57:49 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 07:57:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 07:57:04 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 23:45:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/30 23:35:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 23:25:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/30 07:06:14 | 004,333,650 | R--- | M] () -- C:\Users\Dan\Desktop\george.exe
[2011/04/29 21:10:00 | 000,012,346 | -HS- | M] () -- C:\ProgramData\4dv6261vsr86
[2011/04/29 20:36:04 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 20:35:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/29 18:18:12 | 000,932,400 | ---- | M] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe
[2011/04/29 09:06:08 | 056,189,640 | ---- | M] () -- C:\Users\Dan\Desktop\setup_av_free.exe
[2011/04/29 08:48:42 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2011/04/29 08:47:20 | 000,080,384 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/04/29 08:43:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/25 19:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:15 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 16:18:01 | 000,134,144 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 23:31:55 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/30 07:08:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/30 07:08:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/30 07:08:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/30 07:08:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/30 07:08:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/29 21:07:11 | 000,012,346 | -HS- | C] () -- C:\ProgramData\4dv6261vsr86
[2011/04/29 20:36:04 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 17:34:08 | 004,333,650 | R--- | C] () -- C:\Users\Dan\Desktop\george.exe
[2011/04/29 17:34:08 | 000,080,384 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/04/29 17:33:53 | 056,189,640 | ---- | C] () -- C:\Users\Dan\Desktop\setup_av_free.exe
[2011/04/29 17:33:53 | 000,932,400 | ---- | C] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe
[2011/04/25 16:19:15 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 04:05:56 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/12/24 12:07:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/24 11:40:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/02 13:09:09 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini
[2009/01/13 16:05:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/01/13 16:05:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2008/05/17 22:36:02 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2007/12/11 16:55:17 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2007/08/25 16:44:05 | 000,148,995 | ---- | C] () -- C:\Windows\hpoins19.dat
[2007/08/15 00:27:33 | 000,134,144 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/04 17:23:42 | 000,055,857 | ---- | C] () -- C:\Windows\War3Unin.dat
[2007/08/04 17:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/07/31 20:52:38 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat
[2007/07/31 20:44:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/06/27 06:49:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/27 06:45:53 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/03/19 18:21:50 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/19 16:54:13 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/03/13 16:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2007/01/21 22:42:17 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/01/21 22:32:05 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/01/21 22:32:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/21 22:31:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/01/21 22:29:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/01/21 22:26:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/01/21 22:21:22 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/21 22:19:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/01/21 20:45:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/21 20:45:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/01/21 20:45:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/01/21 20:45:27 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/01/21 20:45:05 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007/01/02 22:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/02 22:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/02 22:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/02 22:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/02 22:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/02 22:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/02 22:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 19:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 09:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,349,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,626,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

OTL Extras logfile created on: 01/05/2011 8:03:09 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.33 Gb Total Space | 85.44 Gb Free Space | 57.22% Space Free | Partition Type: NTFS
Drive D: | 139.96 Gb Total Space | 42.72 Gb Free Space | 30.52% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1940228112-2126371991-3483199835-1000]
"EnableNotificationsRef" = 2

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3149D824-7853-4ECE-9C13-89DC8D056995}" = rport=137 | protocol=17 | dir=out | app=system |
"{34F48ABD-6775-4CC7-8827-3B40381E867E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3972687E-5AEA-4BB6-9617-A97F6F5E3DCF}" = rport=139 | protocol=6 | dir=out | app=system |
"{4114CD56-6AE6-4D3F-B486-0C95689D8D8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56BBB9E3-EF66-40B4-855D-12E2187279CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{5FA8AF2C-0D1E-4D61-9511-CFEF63E8389C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F74A7A5-161C-4585-A35C-399A944CE9CF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F52B631-7085-4B78-985D-6826D5077836}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2293B53-0C57-4FC4-A131-E3ADF8C3E589}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B4675128-A647-4515-8F0D-E5DDCAD85A05}" = rport=138 | protocol=17 | dir=out | app=system |
"{C265354C-6623-495B-B776-26280137CAF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{D8045CC8-04B6-41F9-8546-8ECB575DCF22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F4C641D8-69A0-46D1-A706-7CD45F0EEE2D}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA165A3-C44C-4CE2-8173-6E724668AEAE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0CC947E3-F0D7-41A7-8CDA-87BF96B31CD0}" = protocol=6 | dir=in | app=c:\users\dan\appdata\local\temp\7zs4893.tmp\symnrt.exe |
"{1A0579B4-A184-4DBF-BE71-7036E4479DA7}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{404CCD9D-93B6-436F-8029-47F2AC7F50AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41F18C00-DFB6-48ED-97C4-4EA9CF8603CE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{452E5C22-353E-4318-B98D-1FED4B7E79AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4D5805FB-A9D1-490C-9E36-DFA3DA35B3A7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5040F742-1261-4683-9E14-DD10D26C2524}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{540665FF-5E9E-449D-9F0C-280157B2AF90}" = protocol=58 | dir=in | [email protected],-28545 |
"{59DC5BDA-2ADD-45DD-87AA-9F9471691B83}" = protocol=58 | dir=in | [email protected],-28545 |
"{5B9363C4-993A-4046-ABC0-C1AB21774CC9}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{693A30E0-830A-416E-A6AA-6DB7FA87CA2E}" = protocol=58 | dir=out | [email protected],-28546 |
"{7328BC93-CD6A-49FB-833B-35DF3E5FC460}" = protocol=1 | dir=in | [email protected],-28543 |
"{75D9C874-E79C-4839-82F5-41CF3944093C}" = protocol=17 | dir=in | app=c:\users\dan\appdata\local\temp\7zs4893.tmp\symnrt.exe |
"{94CF10C5-C35C-47DC-AE10-730E3D10CDB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CD1D8DB-060A-4C8C-95CD-B2247DAEDBAF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9CE76AE6-DE38-4055-B7E5-94EED718C790}" = protocol=1 | dir=out | [email protected],-28544 |
"{B25AF853-0A28-40D0-8BAB-F476F3B028ED}" = protocol=1 | dir=out | [email protected],-28544 |
"{D9CE2AD6-142A-4754-8353-2A1AE34ACE40}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DAD26BB9-04AF-4C89-A71E-E9CCC57140B6}" = protocol=1 | dir=in | [email protected],-28543 |
"{E515F3F4-9050-4D49-A817-865BDD31BA44}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{EB333977-D39E-41B8-9C0C-8220E3D431AD}" = protocol=58 | dir=out | [email protected],-28546 |
"{ED1F298A-36BD-45C0-9A9F-D9CC202BC4DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{4A4C7BA0-8D73-430B-9B8E-D43DBF14232C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{78AD8DB9-1696-4487-AE14-55A65FE3C424}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8C703710-693A-45A9-A1ED-B8C67496A1C2}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{A0C17D47-AF4E-4387-8A93-FC049D853781}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A5C528EC-076C-4E16-8CDB-B5ACCC6BF1BD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FEDABCA5-4DC1-4691-A4AD-529BD5073547}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{24DB80A5-DA15-49ED-9D56-93E394A26BB8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{454CB810-4C81-482A-AF70-F480E5D1CD5C}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{62E6859D-7044-438D-BCE2-E06C0A5FD79C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{755730DF-DF08-41E0-BC0C-C5D332D75732}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9F9A3745-A5FC-4DDA-8008-44D02F956223}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{BC8DF35B-D07D-4B14-B060-B002AAA43137}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018A22DC-465A-40E0-50C2-25D54C7F64A1}" = CCC Help Greek
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DE29A13-086F-CA1B-3C85-C30252D509E5}" = Catalyst Control Center Localization Arabic
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BF0855F-96CD-98A6-0C21-7643C90D0130}" = Catalyst Control Center Localization Arabic
"{1CD49205-3407-F8BE-954D-ED9706834213}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F5D7806-6C3E-C3F5-0F82-6FD8B3BD451B}" = Catalyst Control Center Localization Hungarian
"{2026DF25-9BDC-4FDD-660A-781F6A0C2BF9}" = Catalyst Control Center Graphics Light
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{293D7C43-8A39-736B-7EDA-790235A0415A}" = Catalyst Control Center Localization Korean
"{296EDEB2-3B6E-F37B-D6A5-D018AD9B937A}" = CCC Help Turkish
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C0EC2F0-F7DE-B1CB-3AA0-E7C814EFFEDF}" = Catalyst Control Center Localization Chinese Standard
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3297D253-6BAD-6864-21E5-E70525776979}" = CCC Help Dutch
"{35BDA760-4905-19AA-54A0-C118ABB5BF0C}" = ccc-core-static
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AD03D92-5F58-EAD6-3227-C06352C52F2E}" = CCC Help Russian
"{3E26071F-82EC-E6FA-E65F-0479EA83E558}" = Catalyst Control Center Localization Arabic
"{3EEA06EB-22FC-F4D1-C417-4CD99FD9E734}" = CCC Help Thai
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411241B2-ADAA-34E4-4DF3-2FE00A924CD9}" = Catalyst Control Center Localization Finnish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47A9F4C0-9F81-8DB2-59FA-11254A927E24}" = CCC Help French
"{480A8C02-EDD0-1A0E-ECEB-6BE2EBB5CF77}" = Catalyst Control Center Localization Japanese
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam
"{4EC0616A-CADD-4C2F-B09E-366CE4CCDCB1}" = Integre techexplorer Hypermedia Browser
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5445FDF7-52F2-F776-ADBA-6A8C4FC815B3}" = ccc-utility
"{557E68C4-804F-A11D-4004-407C39542948}" = Catalyst Control Center Localization Italian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{630CC87A-57A3-45DC-A5A4-08CE98E0BCB7}" = Branding
"{652DCC8D-72CB-D921-ACE8-463932342C9B}" = Catalyst Control Center Localization Czech
"{66C96F16-EABD-13E6-A409-628E28389F8A}" = CCC Help Czech
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6968667A-036F-A685-7A55-F77E24112779}" = CCC Help Portuguese
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{733875B5-A1AE-2078-A4F0-CB06525A4FFA}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{7F085F4A-CC3A-0101-E380-F510AA324C43}" = CCC Help English
"{80A41A47-40C9-891C-FE7C-BC6E0E93C720}" = Catalyst Control Center Localization Arabic
"{80B0A5B4-4DA4-D1D2-F339-9402B39B8709}" = Catalyst Control Center Graphics Full New
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855EF1FF-6C22-1EE4-EB6D-F09653C1D82C}" = Catalyst Control Center Localization Arabic
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8FD19401-37F8-5162-DD65-43F15131AF43}" = CCC Help Chinese Traditional
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
"{9254D884-145F-26EA-0082-DE517816AC42}" = Catalyst Control Center Localization Arabic
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974A0BAD-4337-C39C-06BB-09FD098C1E23}" = Catalyst Control Center Localization Arabic
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{991803F9-3E05-EF39-CABC-4B7CCF2AD7AE}" = CCC Help Spanish
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BCBE007-6C18-C4E5-9F5C-4DCD23D1D844}" = Catalyst Control Center Core Implementation
"{9DD8A162-07D8-083D-ACD1-CE9BED793882}" = CCC Help German
"{9F1C1015-3B20-7536-2457-D75B2009D57C}" = Catalyst Control Center Localization French
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD37EE3-50A7-45DB-97B9-1C8B900E9E8B}" = Movavi Video Converter 7
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC9B83BF-3AEB-E307-F5C7-6F50F72BAB03}" = CCC Help Norwegian
"{ACAA8E1C-DE7C-C8D9-0C73-9FBA318E8F9A}" = CCC Help Hungarian
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74AD1C2-BF07-7619-B0E5-14BB4C416ED8}" = CCC Help Chinese Standard
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{BAE5F6BB-595D-67CE-063D-A7889DD273DA}" = Catalyst Control Center Localization Arabic
"{BC73CB0E-12E6-33C4-A0FD-9CCBF8250A07}" = CCC Help Polish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEBAE81A-68B8-FA4F-1CC9-CDF3CF16A9BE}" = Catalyst Control Center Localization Chinese Traditional
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CCB6B80B-41CD-8EF5-2CA3-4767D9B3B6FB}" = ccc-localization-da
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D0D88043-F87D-8E9C-FB0E-12E4B4058477}" = Catalyst Control Center Localization Greek
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D11EEB8E-9F12-A546-7175-9BC4CF5824A3}" = CCC Help Korean
"{D1B65F06-A5EF-9D4B-67C9-5AC907DE616A}" = Catalyst Control Center Graphics Full Existing
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D57935-D987-7637-0322-01399573A351}" = Catalyst Control Center Localization Spanish
"{F2EAA2B4-30A1-E093-1093-D905545EE7AE}" = CCC Help Finnish
"{F5DDE40D-3BE2-B129-D78F-FF31DD941FD7}" = CCC Help Italian
"{FCCC21F7-161D-CA84-8877-7543F77011F2}" = CCC Help Danish
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF4CB48E-A97F-CA1F-9DBE-77CBEDC04170}" = Catalyst Control Center Localization German
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"amazonCD110" = Amazon Trail
"ATI Uninstaller" = ATI Uninstaller
"avast" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ElyseeUk_is1" = Élysée 3.54
"ffdshow" = ffdshow (remove only)
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"GSpot" = GSpot Codec Information Appliance
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 11" = Maple 11
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"Red Alert 2" = Command & Conquer Red Alert 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WYSIWYG_Web_Builder_2.6" = WYSIWYG Web Builder 4.3.1
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/05/2011 8:18:38 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/03/2011 8:02:13 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB979683).

Log: 'System' Date/Time: 06/03/2011 8:02:13 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB979683).

Log: 'System' Date/Time: 07/03/2011 12:25:27 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.102 for the Network Card with network address 00197E1CB671 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 07/03/2011 8:02:17 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB979683).

Log: 'System' Date/Time: 08/03/2011 4:28:39 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.102 for the Network Card with network address 00197E1CB671 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 08/03/2011 8:03:26 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB979683).

Log: 'System' Date/Time: 08/03/2011 7:43:06 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.

Log: 'System' Date/Time: 08/03/2011 7:43:42 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.

Log: 'System' Date/Time: 08/03/2011 9:50:51 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB979683).

Log: 'System' Date/Time: 10/03/2011 4:20:32 AM
Type: Error Category: 0
Event: 6 Source: ACPI
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.

Log: 'System' Date/Time: 10/03/2011 4:20:32 AM
Type: Error Category: 0
Event: 6 Source: ACPI
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.

Log: 'System' Date/Time: 10/03/2011 4:20:32 AM
Type: Error Category: 0
Event: 6 Source: ACPI
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.

Log: 'System' Date/Time: 10/03/2011 4:24:44 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.104 for the Network Card with network address 00197E1CB671 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 10/03/2011 4:25:08 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.105 for the Network Card with network address 00197E1CB671 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 10/03/2011 8:07:55 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB979683).

Log: 'System' Date/Time: 10/03/2011 8:23:19 AM
Type: Error Category: 0
Event: 6 Source: ACPI
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.

Log: 'System' Date/Time: 10/03/2011 8:23:19 AM
Type: Error Category: 0
Event: 6 Source: ACPI
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.

Log: 'System' Date/Time: 10/03/2011 8:23:19 AM
Type: Error Category: 0
Event: 6 Source: ACPI
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.

Log: 'System' Date/Time: 10/03/2011 4:07:09 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.104 for the Network Card with network address 00197E1CB671 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 10/03/2011 4:07:21 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00197E1CB671. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/03/2011 4:58:48 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:58:53 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:58:58 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:03 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:08 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:13 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:18 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:23 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:28 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:33 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:38 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:43 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:48 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:53 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 4:59:58 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 5:00:03 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 5:00:08 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 5:00:13 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 5:00:18 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 05/03/2011 5:00:23 AM
Type: Warning Category: 2
Event: 57 Source: volsnap
The system failed to flush data to the transaction log. Corruption may occur.

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/05/2011 8:21:20 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/12/2009 9:57:40 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 29/12/2009 5:58:55 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 31/12/2009 8:54:28 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 31/12/2009 8:54:29 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 01/01/2010 1:32:46 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8d04eb8e-e426-4d18-9e38-3ed5a45cf455}

Log: 'Application' Date/Time: 01/01/2010 1:32:46 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 09/01/2010 6:50:23 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 09/01/2010 6:50:24 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 10/01/2010 8:37:24 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 10/01/2010 8:37:25 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 11/01/2010 5:00:02 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 11/01/2010 5:00:02 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 11/01/2010 4:37:16 PM
Type: Error Category: 0
Event: 1000 Source: Application Error
The event description cannot be found.

Log: 'Application' Date/Time: 12/01/2010 5:00:02 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 12/01/2010 5:00:03 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 13/01/2010 5:15:17 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 13/01/2010 5:15:18 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 14/01/2010 8:00:43 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 14/01/2010 8:00:44 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 14/01/2010 8:22:34 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program msnmsgr.exe version 14.0.8089.726 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 16ec Start Time: 01ca952bcceb6794 Termination Time: 11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/01/2010 3:07:36 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (5448) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 3383296 (0x000000000033a000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (35464 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 02/02/2010 9:54:35 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (3916) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 2572288 (0x0000000000274000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (7093 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 09/02/2010 5:11:34 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (3336) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\LogFiles\edb.log" at offset 4062720 (0x00000000003dfe00) for 5632 (0x00001600) bytes succeeded, but took an abnormally long time (1123 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/03/2010 3:56:39 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (5540) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 3670016 (0x0000000000380000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (35603 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 12/03/2010 4:42:06 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{s-1-5-21-1940228112-2126371991-3483199835-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (0x80041206)

Log: 'Application' Date/Time: 16/03/2010 2:57:22 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (1080) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 1736704 (0x00000000001a8000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (27494 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 16/03/2010 2:57:22 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (1080) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\LogFiles\edb.log" at offset 3682816 (0x0000000000383200) for 156160 (0x00026200) bytes succeeded, but took an abnormally long time (27495 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 03/04/2010 12:41:49 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (5768) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\LogFiles\edb.log" at offset 355840 (0x0000000000056e00) for 3072 (0x00000c00) bytes succeeded, but took an abnormally long time (44135 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 08/04/2010 8:45:32 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (2528) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 5586944 (0x0000000000554000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (1536 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 16/04/2010 7:00:17 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (5700) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 2605056 (0x000000000027c000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (12250 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/04/2010 6:52:35 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1940228112-2126371991-3483199835-1000_Classes:
Process 1816 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Log: 'Application' Date/Time: 05/05/2010 4:56:01 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-1940228112-2126371991-3483199835-1000:
Process 708 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000
Process 708 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000
Process 708 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000\Software\Microsoft\SystemCertificates\Root
Process 708 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000\Software\Microsoft\SystemCertificates\CA
Process 708 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000\Software\Policies\Microsoft\SystemCertificates
Process 708 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000\Software\Policies\Microsoft\SystemCertificates
Process 708 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000\Software\Microsoft\SystemCertificates\trust
Process 708 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1940228112-2126371991-3483199835-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Log: 'Application' Date/Time: 21/06/2010 7:00:15 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (2556) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 3637248 (0x0000000000378000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (1371 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 22/06/2010 11:23:38 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
wlcomm (2556) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 1728512 (0x00000000001a6000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (7360 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 102206 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 24/06/2010 7:00:16 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
wlcomm (2556) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 3514368 (0x000000000035a000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (13384 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 157003 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 26/06/2010 3:15:46 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1436) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 39272448 (0x0000000002574000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (14138 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 28/06/2010 8:32:18 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
wuaueng.dll (1436) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 6021120 (0x00000000005be000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (48723 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 30/06/2010 12:52:51 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (6096) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\LogFiles\edb.log" at offset 4096 (0x0000000000001000) for 512 (0x00000200) bytes succeeded, but took an abnormally long time (7370 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 01/07/2010 6:00:32 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
wuaueng.dll (1436) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 70533120 (0x0000000004344000) for 57344 (0x0000e000) bytes succeeded, but took an abnormally long time (39466 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 30/07/2010 7:00:16 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wlcomm (3112) C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\: A request to write to the file "C:\Users\Dan\AppData\Local\Microsoft\Windows Live Contacts\{9bd139c6-3c44-4b81-9ca0-a894ca3dd88d}\DBStore\contacts.edb" at offset 2465792 (0x000000000025a000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (10888 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

#6
RKinner

Posted 01 May 2011 - 09:13 AM

Malware Expert

Expert
24,735 posts

Good move going to Safe Mode. Apparently something objected to my changing:

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)

since it is still there. Everything else seems to have worked. HideSCAHealth is not on my Vista at all so perhaps removing it totally would work better.

Also we have revealed a new random named file that wasn't visible before:
[2011/04/29 21:10:00 | 000,012,346 | -HS- | M] () -- C:\ProgramData\4dv6261vsr86

Copy the text between the lines of stars by highlighting and Ctrl + c

********************************************************************

:OTL
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/04/29 21:10:00 | 000,012,346 | -HS- | M] () -- C:\ProgramData\4dv6261vsr86

:Files
C:\ProgramData\4dv6261vsr86

:Commands
[emptytemp]
[Reboot]

*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.

Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Then let's try to remove the registry key and a few others left by Symantec:

Copy the text between the lines of stars by highlighting and Ctrl + c

********************************************************************

:reg
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

:Commands
[emptytemp]
[Reboot]

*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.

Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and just do a Quick Scan. You will only get one log. Please post it.

How is the PC running now?

Ron

#7
DVCnerfherder

Posted 01 May 2011 - 10:27 AM

Member

Topic Starter
Member
58 posts

The system seems to be running much better. I have seen a couple of weird things happen when logging in, though.

1) After each run of the first two runs of OTL (where I clicked Run Fix) I would get the following appear following the reboot:

Configuring updates: Stage 3 of 3: 0% complete
Do not turn off your computer

after which the login screen came up and I was able to log it. I'm assuming Vista interpreted the OTL fixes as a system update and was doing whatever it would normally do in that situation?

2) Every time I log in I get a popup warning from Windows Defender that it is preventing Malwarebytes from starting. When I click on the Windows Defender icon in the system tray and click on Show or remove blocked startup programs a popup window appears with the message:

Application failed to initialize: 0x80070006. The handle is invalid

3) After the last reboot I got a popup window which I've attached as a JPEG image. If you would prefer not to open the JPEG that's fine, I can transcribe the message. I closed the window with no (apparent) ill effect.

4) Although I uninstalled some programs like BitLord and Limewire, they remain in the Start Menu. Should not removing them have deleted those items?

- Mike

OTL logfile created on: 01/05/2011 12:06:56 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop
Windows Vista Unlicensed product (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.33 Gb Total Space | 83.35 Gb Free Space | 55.81% Space Free | Partition Type: NTFS
Drive D: | 139.96 Gb Total Space | 42.72 Gb Free Space | 30.52% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 11:34:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/10 19:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/01/10 20:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/02 22:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/12/29 00:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/25 20:45:26 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/12/14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/12/08 04:24:00 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2006/12/01 01:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/02 05:45:28 | 000,485,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe

========== Modules (SafeList) ==========

MOD - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/01/23 19:25:36 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/08 16:16:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/26 21:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 02:24:02 | 000,062,464 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/05 22:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/10/25 02:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 02:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 02:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/18 03:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.ca/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/28 21:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/11 17:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/11 17:16:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/29 20:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 11:34:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 11:34:45 | 000,000,000 | ---D | M]

[2008/09/08 22:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2011/05/01 12:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions
[2011/03/27 20:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 02:24:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/25 17:19:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/16 23:01:23 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\vshare@toolbar
[2010/08/16 23:02:17 | 000,001,592 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\searchplugins\web-search.xml
[2011/04/30 22:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 20:35:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/02/11 17:16:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/11 17:16:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

O1 HOSTS File: ([2011/04/30 23:25:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 08:17:15 | 000,061,440 | ---- | C] ( ) -- C:\Users\Dan\Desktop\VEW.exe
[2011/04/30 23:30:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/30 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\temp
[2011/04/30 23:25:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/30 09:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/30 07:08:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/30 07:08:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/30 07:08:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/30 07:08:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/30 07:07:37 | 000,000,000 | ---D | C] -- C:\george
[2011/04/29 22:37:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/29 20:41:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 20:36:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/29 20:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/29 20:36:03 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/29 20:36:00 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/29 20:36:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/29 20:36:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/29 20:35:59 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/29 20:35:11 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/29 20:35:11 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/29 17:34:08 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/29 17:34:07 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2011/04/25 19:38:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/25 16:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 16:19:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/25 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/25 16:18:31 | 000,000,000 | ---D | C] -- C:\Antivirus
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/01/21 22:26:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 12:06:09 | 000,028,396 | ---- | M] () -- C:\Users\Dan\Desktop\error.jpg
[2011/05/01 12:04:49 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 12:04:49 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 11:58:24 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/01 11:58:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/01 11:57:45 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 11:57:45 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 11:57:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 11:56:59 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 11:56:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/01 11:35:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/01 08:17:15 | 000,061,440 | ---- | M] ( ) -- C:\Users\Dan\Desktop\VEW.exe
[2011/04/30 23:25:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/30 07:06:14 | 004,333,650 | R--- | M] () -- C:\Users\Dan\Desktop\george.exe
[2011/04/29 20:36:04 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 20:35:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/29 18:18:12 | 000,932,400 | ---- | M] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe
[2011/04/29 09:06:08 | 056,189,640 | ---- | M] () -- C:\Users\Dan\Desktop\setup_av_free.exe
[2011/04/29 08:48:42 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2011/04/29 08:47:20 | 000,080,384 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/04/29 08:43:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/25 19:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:15 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 16:18:01 | 000,134,144 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 12:06:08 | 000,028,396 | ---- | C] () -- C:\Users\Dan\Desktop\error.jpg
[2011/04/30 23:31:55 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/30 07:08:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/30 07:08:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/30 07:08:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/30 07:08:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/30 07:08:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/29 20:36:04 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 17:34:08 | 004,333,650 | R--- | C] () -- C:\Users\Dan\Desktop\george.exe
[2011/04/29 17:34:08 | 000,080,384 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/04/29 17:33:53 | 056,189,640 | ---- | C] () -- C:\Users\Dan\Desktop\setup_av_free.exe
[2011/04/29 17:33:53 | 000,932,400 | ---- | C] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe
[2011/04/25 16:19:15 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 04:05:56 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/12/24 12:07:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/24 11:40:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/02 13:09:09 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini
[2009/01/13 16:05:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/01/13 16:05:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2008/05/17 22:36:02 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2007/12/11 16:55:17 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2007/08/25 16:44:05 | 000,148,995 | ---- | C] () -- C:\Windows\hpoins19.dat
[2007/08/15 00:27:33 | 000,134,144 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/04 17:23:42 | 000,055,857 | ---- | C] () -- C:\Windows\War3Unin.dat
[2007/08/04 17:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/07/31 20:52:38 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat
[2007/07/31 20:44:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/06/27 06:49:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/27 06:45:53 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/03/19 18:21:50 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/19 16:54:13 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/03/13 16:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2007/01/21 22:42:17 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/01/21 22:32:05 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/01/21 22:32:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/21 22:31:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/01/21 22:29:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/01/21 22:26:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/01/21 22:21:22 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/21 22:19:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/01/21 20:45:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/21 20:45:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/01/21 20:45:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/01/21 20:45:27 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/01/21 20:45:05 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007/01/02 22:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/02 22:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/02 22:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/02 22:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/02 22:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/02 22:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/02 22:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 19:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 09:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,349,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,626,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/10/30 14:52:45 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Image Zone Express
[2007/06/27 06:56:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Leadertech
[2010/03/24 12:37:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LimeWire
[2008/09/08 15:22:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Printer Info Cache
[2011/05/01 11:56:18 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Attached Thumbnails

#8
RKinner

Posted 01 May 2011 - 11:27 AM

Malware Expert

Expert
24,735 posts

1.
The software updates are valid. Vista downloads updates all the time and installs them when it gets a reboot. I saw one in progress on your last OTL scan:
[2011/05/01 08:03:51 | 000,000,000 | ---D | C] -- C:\530c833a78d13ac14b06f147

2.
That may be caused by 3 or it may be that we need to reinstall Windows Defender

3.
Copy the next line:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s > \junk.txt

Start, Programs, Accessories, then right click on Command Prompt and select Run As Administrator.

right click and select Paste or Edit then Paste and the copied line should appear. Hit enter.

(if the prompt returns without an error then: )

notepad \junk.txt

(Copy and paste the result into a reply.)

IF that fails then copy the text between the lines of stars:

******************
:Files
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s /C
*****************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered. Save the log and copy and paste it to a reply.

4.
They should have been removed but weren't. Right click on them and you should have a delete option.

Ron

#9
DVCnerfherder

Posted 01 May 2011 - 01:35 PM

Member

Topic Starter
Member
58 posts

I was able to use the Command Prompt method to check the registry so I didn't bother running OTL again. Here's the output from the \junk.txt file:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
mscoree.dll REG_DWORD 0x1
mscorwks.dll REG_DWORD 0x1
mso.dll REG_DWORD 0x1
msjava.dll REG_DWORD 0x1
msci_uno.dll REG_DWORD 0x1
jvm.dll REG_DWORD 0x1
jvm_g.dll REG_DWORD 0x1
javai.dll REG_DWORD 0x1
vb40032.dll REG_DWORD 0x1
vbe6.dll REG_DWORD 0x1
ums.dll REG_DWORD 0x1
main123w.dll REG_DWORD 0x1
udtapi.dll REG_DWORD 0x1
mscorsvr.dll REG_DWORD 0x1
eMigrationmmc.dll REG_DWORD 0x1
eProcedureMMC.dll REG_DWORD 0x1
eQueryMMC.dll REG_DWORD 0x1
EncryptPatchVer.dll REG_DWORD 0x1
Cleanup.dll REG_DWORD 0x1
divx.dll REG_DWORD 0x1
divxdec.ax REG_DWORD 0x1
fullsoft.dll REG_DWORD 0x1
NSWSTE.dll REG_DWORD 0x1
ASSTE.dll REG_DWORD 0x1
NPMLIC.dll REG_DWORD 0x1
PMSTE.dll REG_DWORD 0x1
AVSTE.dll REG_DWORD 0x1
NAVOPTRF.dll REG_DWORD 0x1
DRMINST.dll REG_DWORD 0x1
TFDTCTT8.dll REG_DWORD 0x1
DJSMAR00.dll REG_DWORD 0x1
xlmlEN.dll REG_DWORD 0x1
ISSTE.dll REG_DWORD 0x1
symlcnet.dll REG_DWORD 0x1
ppw32hlp.dll REG_DWORD 0x1
Apitrap.dll REG_DWORD 0x1
Vegas60k.dll REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
ExecuteOptions REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

- Mike

#10
RKinner

Posted 01 May 2011 - 08:04 PM

Malware Expert

Expert
24,735 posts

Turns out the notice is something legitimate from Microsoft. Last time I had something similar I just ran a System Restore back to an earlier time and it went away but that may not be the best solution since you had an infection and we don't want to go back to it.

Microsoft has a page on this issue:

http://support.microsoft.com/kb/931699

If the procedure they recommend does not help then I think I would go back to your most recent restore point (the one before we ran the combofix that had the problem: 30/04/2011 23:03)

Ron

#11
DVCnerfherder

Posted 02 May 2011 - 06:42 AM

Member

Topic Starter
Member
58 posts

Other than the Vista issues we've encountered, is the machine now clean? If so, here's what I'm going to try:

1) On the Microsoft Windows Vista Validation Issues forum it appears this issue has been happening a lot lately. Some fingers are pointing to Avast. I'm also getting the "Windows is blocking some programs" message as it relates to Malwarebytes. Of all the programs we downloaded and ran to address the original virus issues, the only two which were actually "installed" (as opposed to downloaded and executed) were those two, correct? I'm assuming the remainder (like Combofix and OTL) don't install themselves in a traditional sense with registry entries, etc. What I might try doing is uninstalling both programs and see if the error goes away.

2) If I have to restore using the process outlined in the KB item you referenced, what will that mean for the integrity of the laptop? Given that it was infected with a bunch of crap before I really don't want to go back there again.

3) If the machine is clean, I may just work with the Microsoft forum in an attempt to get the machine back to where it should be.

All in all, just another reason to hate Vista. Maybe I should just upgrade to Windows 7 or downgrade to XP. :-)

- Mike

#12
RKinner

Posted 02 May 2011 - 08:17 AM

Malware Expert

Expert
24,735 posts

I think it was caused by that Combofix script where I tried to change the one registry item that wouldn't change so don't think uninstalling Avast or MBAM will help. Apparently I touched something in the wrong way. If we go back to that System Restore just before that we won't have too much left to clean since we were close to the end anyway.

Ron

#13
DVCnerfherder

Posted 02 May 2011 - 08:31 AM

Member

Topic Starter
Member
58 posts

OK. I won't get to it until late tonight. I've also never used the System Restore utility before so I'll just follow the directions on the Microsoft page to get back to where we should be.

- Mike

#14
DVCnerfherder

Posted 02 May 2011 - 06:58 PM

Member

Topic Starter
Member
58 posts

Ron,

I've performed a System Restore to 30/04/2011 10:50:22pm which is just before the Combofix run. What next? Do you need to see the output of an OTL run?

- Mike