Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Infections on son's Vista laptop


  • Please log in to reply

#16
DVCnerfherder

DVCnerfherder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
It appears to have disappeared, yes. I've been logged into the computer for several hours and have not seen it at all. Previously i would have seen it within 15-30 minutes of logging in.



Output of the OTL quick scan:

OTL logfile created on: 02/05/2011 11:56:49 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.33 Gb Total Space | 78.32 Gb Free Space | 52.44% Space Free | Partition Type: NTFS
Drive D: | 139.96 Gb Total Space | 41.20 Gb Free Space | 29.43% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/25 20:39:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/10 19:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/01/10 20:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/02 22:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/12/29 00:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/25 20:45:26 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/12/14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/12/08 04:24:00 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2006/12/01 01:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/01/23 19:25:36 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/08 16:16:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/26 21:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 02:24:02 | 000,062,464 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/05 22:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/10/25 02:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 02:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 02:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/18 03:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/28 21:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/11 17:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/11 17:16:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/02 17:47:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 17:41:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 17:41:13 | 000,000,000 | ---D | M]

[2008/09/08 22:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2011/05/02 21:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions
[2011/05/02 17:41:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/02 17:41:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/02 17:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/02 17:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/02 17:41:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\vshare@toolbar
[2010/08/16 23:02:17 | 000,001,592 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\searchplugins\web-search.xml
[2011/04/30 22:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/02 17:47:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/02/11 17:16:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/11 17:16:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

O1 HOSTS File: ([2011/04/30 07:34:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 23:30:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/30 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Temp(189)
[2011/04/30 23:25:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE(0).BIN
[2011/04/30 09:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/30 07:43:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/30 07:08:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/30 07:08:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/30 07:08:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/30 07:08:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/30 07:07:37 | 000,000,000 | ---D | C] -- C:\george
[2011/04/29 22:37:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/29 20:41:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 20:36:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/29 20:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/29 20:36:03 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/29 20:36:00 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/29 20:36:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/29 20:36:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/29 20:35:59 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/29 20:35:11 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/29 20:35:11 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/29 17:34:08 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/29 17:34:07 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2011/04/25 19:38:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/25 16:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 16:19:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/25 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/25 16:18:31 | 000,000,000 | ---D | C] -- C:\Antivirus
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/01/21 22:26:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/02 23:47:04 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 23:47:04 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 23:35:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 20:28:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 17:59:24 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 17:59:24 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/02 17:52:09 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/02 17:52:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/02 17:51:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/02 17:46:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 17:42:30 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 12:06:09 | 000,028,396 | ---- | M] () -- C:\Users\Dan\Desktop\error.jpg
[2011/04/30 09:29:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/30 07:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/30 07:06:14 | 004,333,650 | R--- | M] () -- C:\Users\Dan\Desktop\george.exe
[2011/04/29 18:18:12 | 000,932,400 | ---- | M] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe
[2011/04/29 09:06:08 | 056,189,640 | ---- | M] () -- C:\Users\Dan\Desktop\setup_av_free.exe
[2011/04/29 08:48:42 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2011/04/29 08:47:20 | 000,080,384 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/04/29 08:43:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/25 19:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:15 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 16:18:01 | 000,134,144 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 12:06:08 | 000,028,396 | ---- | C] () -- C:\Users\Dan\Desktop\error.jpg
[2011/04/30 23:31:55 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/30 07:08:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/30 07:08:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/30 07:08:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/30 07:08:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/30 07:08:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/29 20:36:04 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 17:34:08 | 004,333,650 | R--- | C] () -- C:\Users\Dan\Desktop\george.exe
[2011/04/29 17:34:08 | 000,080,384 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/04/29 17:33:53 | 056,189,640 | ---- | C] () -- C:\Users\Dan\Desktop\setup_av_free.exe
[2011/04/29 17:33:53 | 000,932,400 | ---- | C] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe
[2011/04/25 16:19:15 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 04:05:56 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/12/24 12:07:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/24 11:40:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/02 13:09:09 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini
[2009/01/13 16:05:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/01/13 16:05:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2008/05/17 22:36:02 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2007/12/11 16:55:17 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2007/08/25 16:44:05 | 000,148,995 | ---- | C] () -- C:\Windows\hpoins19.dat
[2007/08/15 00:27:33 | 000,134,144 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/04 17:23:42 | 000,055,857 | ---- | C] () -- C:\Windows\War3Unin.dat
[2007/08/04 17:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/07/31 20:52:38 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat
[2007/07/31 20:44:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/06/27 06:49:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/27 06:45:53 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/03/19 18:21:50 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/19 16:54:13 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/03/13 16:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2007/01/21 22:42:17 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/01/21 22:32:05 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/01/21 22:32:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/21 22:31:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/01/21 22:29:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/01/21 22:26:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/01/21 22:21:22 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/21 22:19:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/01/21 20:45:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/21 20:45:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/01/21 20:45:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/01/21 20:45:27 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/01/21 20:45:05 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007/01/02 22:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/02 22:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/02 22:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/02 22:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/02 22:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/02 22:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/02 22:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 19:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 09:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,349,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,626,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/10/30 14:52:45 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Image Zone Express
[2007/06/27 06:56:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Leadertech
[2010/03/24 12:37:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LimeWire
[2008/09/08 15:22:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Printer Info Cache
[2011/04/30 09:29:59 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
OTL log just has some junk showing:

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Files
C:\ProgramData\4dv6261vsr86

:Commands
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Run Combofix once more. Let's see if it sees anything.

Is Windows Defender still acting up?

Ron
  • 0

#18
DVCnerfherder

DVCnerfherder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Windows Defender is still giving the attached popup message which appears periodically; when I click to find out which program is causing the issue it is still Maywarebytes. But at least the validation error is gone.

I've noticed the system still appears sluggish, but that may be a hardware issue. The cooling fan has died (I've purchased a replacement off eBay which should arrive in a few days) which means the laptop gets very hot very quickly and often won't last more than an hour before we get a BSOD.

Anyway, the three logs are attached:

1) OTL.txt
2) Extras.txt
3) Combofix.txt

- Mike



OTL logfile created on: 03/05/2011 6:26:08 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.33 Gb Total Space | 79.09 Gb Free Space | 52.96% Space Free | Partition Type: NTFS
Drive D: | 139.96 Gb Total Space | 42.62 Gb Free Space | 30.45% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/10 19:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/01/10 20:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/02 22:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/12/29 00:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/25 20:45:26 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/12/14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/12/08 04:24:00 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2006/12/01 01:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/12 12:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2007/01/02 22:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/02 20:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 00:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 18:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 16:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/01/23 19:25:36 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/08 16:16:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/26 21:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 02:24:02 | 000,062,464 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/05 22:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/10/25 02:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 02:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 02:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/18 03:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/28 21:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/11 17:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/11 17:16:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/02 17:47:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 17:41:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 17:41:13 | 000,000,000 | ---D | M]

[2008/09/08 22:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2011/05/02 21:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions
[2011/05/02 17:41:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/02 17:41:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/02 17:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/02 17:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/02 17:41:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\extensions\vshare@toolbar
[2010/08/16 23:02:17 | 000,001,592 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\searchplugins\web-search.xml
[2011/04/30 22:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/02 17:47:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/02/11 17:16:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/11 17:16:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

O1 HOSTS File: ([2011/04/30 07:34:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\Pictures\rondeau everyone.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 23:30:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/30 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Temp(189)
[2011/04/30 23:25:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE(0).BIN
[2011/04/30 09:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/30 07:43:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/30 07:08:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/30 07:08:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/30 07:08:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/30 07:08:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/30 07:07:37 | 000,000,000 | ---D | C] -- C:\george
[2011/04/29 22:37:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/29 20:41:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 20:36:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/29 20:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/29 20:36:03 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/29 20:36:00 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/29 20:36:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/29 20:36:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/29 20:35:59 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/29 20:35:11 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/29 20:35:11 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/29 20:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/29 17:34:08 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/29 17:34:07 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2011/04/25 19:38:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/25 16:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 16:19:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/25 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/25 16:18:31 | 000,000,000 | ---D | C] -- C:\Antivirus
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/01/21 22:26:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/03 18:36:56 | 000,015,834 | ---- | M] () -- C:\Users\Dan\Desktop\error2.jpg
[2011/05/03 18:35:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/03 18:31:30 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/03 18:31:29 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/03 18:23:53 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/03 18:23:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/03 18:23:24 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 18:23:24 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 18:23:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/03 18:22:30 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/03 17:30:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/03 17:28:49 | 104,327,778 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/02 17:52:09 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/02 17:52:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/01 12:06:09 | 000,028,396 | ---- | M] () -- C:\Users\Dan\Desktop\error.jpg
[2011/04/30 07:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/30 07:06:14 | 004,333,650 | R--- | M] () -- C:\Users\Dan\Desktop\george.exe
[2011/04/29 18:18:12 | 000,932,400 | ---- | M] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe
[2011/04/29 09:06:08 | 056,189,640 | ---- | M] () -- C:\Users\Dan\Desktop\setup_av_free.exe
[2011/04/29 08:48:42 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2011/04/29 08:47:20 | 000,080,384 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/04/29 08:43:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Dan\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/25 19:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.com
[2011/04/25 19:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.scr
[2011/04/25 19:28:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/04/25 16:19:15 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 16:18:01 | 000,134,144 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[40 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 18:36:55 | 000,015,834 | ---- | C] () -- C:\Users\Dan\Desktop\error2.jpg
[2011/05/03 17:28:50 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/01 12:06:08 | 000,028,396 | ---- | C] () -- C:\Users\Dan\Desktop\error.jpg
[2011/04/30 07:08:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/30 07:08:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/30 07:08:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/30 07:08:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/30 07:08:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/29 20:36:04 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 17:34:08 | 004,333,650 | R--- | C] () -- C:\Users\Dan\Desktop\george.exe
[2011/04/29 17:34:08 | 000,080,384 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/04/29 17:33:53 | 056,189,640 | ---- | C] () -- C:\Users\Dan\Desktop\setup_av_free.exe
[2011/04/29 17:33:53 | 000,932,400 | ---- | C] () -- C:\Users\Dan\Desktop\Norton_Removal_Tool.exe
[2011/04/25 16:19:15 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 04:05:56 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/12/24 12:07:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/24 11:40:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/02 13:09:09 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini
[2009/01/13 16:05:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/01/13 16:05:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2008/05/17 22:36:02 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2007/12/11 16:55:17 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2007/08/25 16:44:05 | 000,148,995 | ---- | C] () -- C:\Windows\hpoins19.dat
[2007/08/15 00:27:33 | 000,134,144 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/04 17:23:42 | 000,055,857 | ---- | C] () -- C:\Windows\War3Unin.dat
[2007/08/04 17:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/07/31 20:52:38 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat
[2007/07/31 20:44:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/27 06:52:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/06/27 06:49:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/27 06:45:53 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/03/19 18:21:50 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/19 16:54:13 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/03/13 16:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2007/01/21 22:42:17 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/01/21 22:32:05 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/01/21 22:32:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/21 22:31:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/01/21 22:29:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/01/21 22:26:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/01/21 22:21:22 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/21 22:19:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/01/21 20:45:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/21 20:45:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/01/21 20:45:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/01/21 20:45:27 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/01/21 20:45:05 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007/01/02 22:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/02 22:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/02 22:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/02 22:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/02 22:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/02 22:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/02 22:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 19:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 09:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,349,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,626,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >




========================================================================================================================================




OTL Extras logfile created on: 03/05/2011 6:26:08 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.33 Gb Total Space | 79.09 Gb Free Space | 52.96% Space Free | Partition Type: NTFS
Drive D: | 139.96 Gb Total Space | 42.62 Gb Free Space | 30.45% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1940228112-2126371991-3483199835-1000]
"EnableNotificationsRef" = 2

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3149D824-7853-4ECE-9C13-89DC8D056995}" = rport=137 | protocol=17 | dir=out | app=system |
"{34F48ABD-6775-4CC7-8827-3B40381E867E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3972687E-5AEA-4BB6-9617-A97F6F5E3DCF}" = rport=139 | protocol=6 | dir=out | app=system |
"{4114CD56-6AE6-4D3F-B486-0C95689D8D8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56BBB9E3-EF66-40B4-855D-12E2187279CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{5FA8AF2C-0D1E-4D61-9511-CFEF63E8389C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F74A7A5-161C-4585-A35C-399A944CE9CF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F52B631-7085-4B78-985D-6826D5077836}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2293B53-0C57-4FC4-A131-E3ADF8C3E589}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B4675128-A647-4515-8F0D-E5DDCAD85A05}" = rport=138 | protocol=17 | dir=out | app=system |
"{C265354C-6623-495B-B776-26280137CAF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{D8045CC8-04B6-41F9-8546-8ECB575DCF22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F4C641D8-69A0-46D1-A706-7CD45F0EEE2D}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA165A3-C44C-4CE2-8173-6E724668AEAE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0CC947E3-F0D7-41A7-8CDA-87BF96B31CD0}" = protocol=6 | dir=in | app=c:\users\dan\appdata\local\temp\7zs4893.tmp\symnrt.exe |
"{1A0579B4-A184-4DBF-BE71-7036E4479DA7}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{404CCD9D-93B6-436F-8029-47F2AC7F50AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41F18C00-DFB6-48ED-97C4-4EA9CF8603CE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{452E5C22-353E-4318-B98D-1FED4B7E79AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4D5805FB-A9D1-490C-9E36-DFA3DA35B3A7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5040F742-1261-4683-9E14-DD10D26C2524}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{540665FF-5E9E-449D-9F0C-280157B2AF90}" = protocol=58 | dir=in | [email protected],-28545 |
"{59DC5BDA-2ADD-45DD-87AA-9F9471691B83}" = protocol=58 | dir=in | [email protected],-28545 |
"{5B9363C4-993A-4046-ABC0-C1AB21774CC9}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{693A30E0-830A-416E-A6AA-6DB7FA87CA2E}" = protocol=58 | dir=out | [email protected],-28546 |
"{7328BC93-CD6A-49FB-833B-35DF3E5FC460}" = protocol=1 | dir=in | [email protected],-28543 |
"{75D9C874-E79C-4839-82F5-41CF3944093C}" = protocol=17 | dir=in | app=c:\users\dan\appdata\local\temp\7zs4893.tmp\symnrt.exe |
"{94CF10C5-C35C-47DC-AE10-730E3D10CDB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CD1D8DB-060A-4C8C-95CD-B2247DAEDBAF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9CE76AE6-DE38-4055-B7E5-94EED718C790}" = protocol=1 | dir=out | [email protected],-28544 |
"{B25AF853-0A28-40D0-8BAB-F476F3B028ED}" = protocol=1 | dir=out | [email protected],-28544 |
"{D9CE2AD6-142A-4754-8353-2A1AE34ACE40}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DAD26BB9-04AF-4C89-A71E-E9CCC57140B6}" = protocol=1 | dir=in | [email protected],-28543 |
"{E515F3F4-9050-4D49-A817-865BDD31BA44}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{EB333977-D39E-41B8-9C0C-8220E3D431AD}" = protocol=58 | dir=out | [email protected],-28546 |
"{ED1F298A-36BD-45C0-9A9F-D9CC202BC4DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{4A4C7BA0-8D73-430B-9B8E-D43DBF14232C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{78AD8DB9-1696-4487-AE14-55A65FE3C424}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8C703710-693A-45A9-A1ED-B8C67496A1C2}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{A0C17D47-AF4E-4387-8A93-FC049D853781}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A5C528EC-076C-4E16-8CDB-B5ACCC6BF1BD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FEDABCA5-4DC1-4691-A4AD-529BD5073547}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{24DB80A5-DA15-49ED-9D56-93E394A26BB8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{454CB810-4C81-482A-AF70-F480E5D1CD5C}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{62E6859D-7044-438D-BCE2-E06C0A5FD79C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{755730DF-DF08-41E0-BC0C-C5D332D75732}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9F9A3745-A5FC-4DDA-8008-44D02F956223}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{BC8DF35B-D07D-4B14-B060-B002AAA43137}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018A22DC-465A-40E0-50C2-25D54C7F64A1}" = CCC Help Greek
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DE29A13-086F-CA1B-3C85-C30252D509E5}" = Catalyst Control Center Localization Arabic
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BF0855F-96CD-98A6-0C21-7643C90D0130}" = Catalyst Control Center Localization Arabic
"{1CD49205-3407-F8BE-954D-ED9706834213}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F5D7806-6C3E-C3F5-0F82-6FD8B3BD451B}" = Catalyst Control Center Localization Hungarian
"{2026DF25-9BDC-4FDD-660A-781F6A0C2BF9}" = Catalyst Control Center Graphics Light
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{293D7C43-8A39-736B-7EDA-790235A0415A}" = Catalyst Control Center Localization Korean
"{296EDEB2-3B6E-F37B-D6A5-D018AD9B937A}" = CCC Help Turkish
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C0EC2F0-F7DE-B1CB-3AA0-E7C814EFFEDF}" = Catalyst Control Center Localization Chinese Standard
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3297D253-6BAD-6864-21E5-E70525776979}" = CCC Help Dutch
"{35BDA760-4905-19AA-54A0-C118ABB5BF0C}" = ccc-core-static
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AD03D92-5F58-EAD6-3227-C06352C52F2E}" = CCC Help Russian
"{3E26071F-82EC-E6FA-E65F-0479EA83E558}" = Catalyst Control Center Localization Arabic
"{3EEA06EB-22FC-F4D1-C417-4CD99FD9E734}" = CCC Help Thai
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411241B2-ADAA-34E4-4DF3-2FE00A924CD9}" = Catalyst Control Center Localization Finnish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47A9F4C0-9F81-8DB2-59FA-11254A927E24}" = CCC Help French
"{480A8C02-EDD0-1A0E-ECEB-6BE2EBB5CF77}" = Catalyst Control Center Localization Japanese
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam
"{4EC0616A-CADD-4C2F-B09E-366CE4CCDCB1}" = Integre techexplorer Hypermedia Browser
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5445FDF7-52F2-F776-ADBA-6A8C4FC815B3}" = ccc-utility
"{557E68C4-804F-A11D-4004-407C39542948}" = Catalyst Control Center Localization Italian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{630CC87A-57A3-45DC-A5A4-08CE98E0BCB7}" = Branding
"{652DCC8D-72CB-D921-ACE8-463932342C9B}" = Catalyst Control Center Localization Czech
"{66C96F16-EABD-13E6-A409-628E28389F8A}" = CCC Help Czech
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6968667A-036F-A685-7A55-F77E24112779}" = CCC Help Portuguese
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{733875B5-A1AE-2078-A4F0-CB06525A4FFA}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{7F085F4A-CC3A-0101-E380-F510AA324C43}" = CCC Help English
"{80A41A47-40C9-891C-FE7C-BC6E0E93C720}" = Catalyst Control Center Localization Arabic
"{80B0A5B4-4DA4-D1D2-F339-9402B39B8709}" = Catalyst Control Center Graphics Full New
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855EF1FF-6C22-1EE4-EB6D-F09653C1D82C}" = Catalyst Control Center Localization Arabic
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8FD19401-37F8-5162-DD65-43F15131AF43}" = CCC Help Chinese Traditional
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
"{9254D884-145F-26EA-0082-DE517816AC42}" = Catalyst Control Center Localization Arabic
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974A0BAD-4337-C39C-06BB-09FD098C1E23}" = Catalyst Control Center Localization Arabic
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{991803F9-3E05-EF39-CABC-4B7CCF2AD7AE}" = CCC Help Spanish
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BCBE007-6C18-C4E5-9F5C-4DCD23D1D844}" = Catalyst Control Center Core Implementation
"{9DD8A162-07D8-083D-ACD1-CE9BED793882}" = CCC Help German
"{9F1C1015-3B20-7536-2457-D75B2009D57C}" = Catalyst Control Center Localization French
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD37EE3-50A7-45DB-97B9-1C8B900E9E8B}" = Movavi Video Converter 7
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC9B83BF-3AEB-E307-F5C7-6F50F72BAB03}" = CCC Help Norwegian
"{ACAA8E1C-DE7C-C8D9-0C73-9FBA318E8F9A}" = CCC Help Hungarian
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74AD1C2-BF07-7619-B0E5-14BB4C416ED8}" = CCC Help Chinese Standard
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{BAE5F6BB-595D-67CE-063D-A7889DD273DA}" = Catalyst Control Center Localization Arabic
"{BC73CB0E-12E6-33C4-A0FD-9CCBF8250A07}" = CCC Help Polish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEBAE81A-68B8-FA4F-1CC9-CDF3CF16A9BE}" = Catalyst Control Center Localization Chinese Traditional
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CCB6B80B-41CD-8EF5-2CA3-4767D9B3B6FB}" = ccc-localization-da
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D0D88043-F87D-8E9C-FB0E-12E4B4058477}" = Catalyst Control Center Localization Greek
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D11EEB8E-9F12-A546-7175-9BC4CF5824A3}" = CCC Help Korean
"{D1B65F06-A5EF-9D4B-67C9-5AC907DE616A}" = Catalyst Control Center Graphics Full Existing
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D57935-D987-7637-0322-01399573A351}" = Catalyst Control Center Localization Spanish
"{F2EAA2B4-30A1-E093-1093-D905545EE7AE}" = CCC Help Finnish
"{F5DDE40D-3BE2-B129-D78F-FF31DD941FD7}" = CCC Help Italian
"{FCCC21F7-161D-CA84-8877-7543F77011F2}" = CCC Help Danish
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF4CB48E-A97F-CA1F-9DBE-77CBEDC04170}" = Catalyst Control Center Localization German
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"amazonCD110" = Amazon Trail
"ATI Uninstaller" = ATI Uninstaller
"avast" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ElyseeUk_is1" = Élysée 3.54
"ffdshow" = ffdshow (remove only)
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"GSpot" = GSpot Codec Information Appliance
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 11" = Maple 11
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"Red Alert 2" = Command & Conquer Red Alert 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WYSIWYG_Web_Builder_2.6" = WYSIWYG Web Builder 4.3.1
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >




===========================================================================================================================




ComboFix 11-05-03.02 - Dan 03/05/2011 21:28:30.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2046.1012 [GMT -4:00]
Running from: c:\users\Dan\Desktop\george.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 02:04 . 2011-05-04 02:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-04 02:04 . 2011-05-04 02:04 -------- d-----w- c:\users\MD\AppData\Local\temp
2011-05-04 02:04 . 2011-05-04 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-01 03:30 . 2011-05-02 21:25 -------- d-----w- c:\users\Dan\AppData\Local\Temp(189)
2011-05-01 03:25 . 2011-05-01 03:25 -------- d-----w- C:\$RECYCLE(0).BIN
2011-04-30 13:27 . 2011-04-30 13:27 -------- d-----w- c:\programdata\Symantec
2011-04-30 11:07 . 2011-04-30 11:43 -------- d-----w- C:\george
2011-04-30 00:41 . 2011-04-30 00:41 -------- d-----w- C:\_OTL
2011-04-30 00:36 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-30 00:36 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-30 00:36 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-30 00:36 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-30 00:36 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-30 00:35 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-30 00:35 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-30 00:35 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-30 00:34 . 2011-04-30 00:34 -------- d-----w- c:\programdata\AVAST Software
2011-04-30 00:34 . 2011-04-30 00:34 -------- d-----w- c:\program files\AVAST Software
2011-04-25 20:19 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 20:19 . 2011-04-25 20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-25 20:19 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 20:18 . 2011-04-25 20:18 -------- d-----w- C:\Antivirus
2011-04-25 19:15 . 2006-11-02 09:45 308224 ----a-w- c:\windows\system32\winlogon.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-30 03:00 . 2008-02-13 08:07 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 464168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-21 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1940228112-2126371991-3483199835-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-10-12 46824]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 02:04]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 02:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.ca.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5w6kqlso.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.ca/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 22:04
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4148)
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2011-05-03 22:16:34
ComboFix-quarantined-files.txt 2011-05-04 02:16
ComboFix2.txt 2011-05-01 03:30
ComboFix3.txt 2011-04-30 11:42
.
Pre-Run: 84,766,507,008 bytes free
Post-Run: 84,716,118,016 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - ED93B8C4DCEBF04AFE96AD8E2F6283AF

Attached Thumbnails

  • error2.jpg

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
Running without the cooling fan will definitely be slower. Modern CPU's monitor their own temperature and will run slower as they get hotter.

Your logs don't look too bad. Just some locked registry items which we will fix. I'm not going to touch the one that triggered the warning so it should be OK.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}]


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.



Ron
  • 0

#20
DVCnerfherder

DVCnerfherder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Ron,

I got back from work today, booted the laptop, and was met with the "Unauthorized change" popup again. It would not let me log into Windows so I did what I usually do - unplug the laptop and remove the battery. Sometimes I can log in, sometimes I can't. Right now I can't; it just logs me right back out.

I'm wondering whether this may be related to the hardware issues we've been having recently as we didn't make any changes the last time we ran Combofix. I'm not sure what to try next. Any suggestions?

- Mike
  • 0

#21
DVCnerfherder

DVCnerfherder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Ron,

I was able to get the laptop to allow me to log in, so I ran the Combofix script file. Once Combofix had completed the various stages it then said it needed to do a deeper scan and proceeded to scan what looked like every file on the hard drive. It's now showing a message:

Deleting Folders:
C:\


and it's been sitting at this point for at least 15 minutes. The hard drive light is going like crazy. Is Combofix deleting every file on my C:\ drive? Should I reboot? Since the fan has died I'm using a vacuum to draw air across the heat sinks to keep things cool but I'm not sure I'll be able to stay up all night doing that until Combofix finishes. ;-)

- Mike
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
Doesn't sound good. I've never seen it do this deeper scan you mention and we certainly don't want it to delete every file on the c:\.

I think it's time to reboot it but I fear it's not going to be pretty.

Ron
  • 0

#23
DVCnerfherder

DVCnerfherder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
You're right; not pretty. Hard drive has been wiped clean.

I copied all of his documents (office, pictures, music) to another machine before embarking on this process, but reinstalling all the software will be a pain.

I can always remove the drive and connect it to another machine - can you recommend a process by which I might try "undeleting" all the files on the drive? If not, it's back to the Vista DVDs...

- Mike
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
Combofix is supposed to put the files it deletes in a folder but the folder is a sub-folder of c:\qoobox so I'm not sure that's much help.

I've posted on our internal forum. Perhaps someone will have an idea but I don't hold out a lot of hope. Is this a Dell, HP or Compaq? They often have a way of reverting back to how it came from the factory. Which will be some 100 Microsoft updates behind but better than nothing perhaps. Good that you have the disks and have his files backed up.

Ron
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
The developer sUBs has replied and requested that you see if the folder C:\Combofix still exists. If so can you zip it up and send it to me. I'll send you my email in a PM.

Ron

PS. I'm thinking it may have been renamed to C:\george
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
Is there anything else on the drive?

sUBs is asking if there was something wrong with the attachment I sent him but it appears to be the same thing you sent me.

He appears to be puzzled as to how it could have deleted the C:\ as even if you tell it in cfscript to remove it it won't do it.

I don't suppose the last cfscript.txt is still on the drive?

Ron
  • 0

#27
DVCnerfherder

DVCnerfherder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Ron,

I am looking at the contents of the boot drive now (on another PC). Much of the data on the drive has been deleted, although C:\ itself still remains. I've attached a screenshot showing the contents of the root directory of the drive. The Windows directory looks pretty much intact, but any files in the root directory and most of the contents of the Users folder and Program Files have been deleted. (This includes the Desktop which would have included the cfscript.txt file.) I checked the drive with Recuva yesterday and there are several hundred thousand files which are recoverable on the drive. Whether or not restoring them will provide a functional laptop I don't know. Is there any way to tell what shape the registry is in?

The other thing missing is the boot manager. I get an error "BOOTMGR is missing" when I try to boot the laptop. I'm assuming I can restore that off the DVD; I've found a process for doing that on a variety of web site (thank goodness for Google :-).

Where do we go now?

- Mike

Attached Thumbnails

  • Dan's drive.JPG

Edited by DVCnerfherder, 06 May 2011 - 06:21 AM.

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
sUBs may pop in here with some advice. If not I have no great advice tho I expect timewise it will be quicker (and surer) to just reinstall.

The basic current registry files are stored in \windows\system32\config\

see attachment.

There is also a user file Ntuser.dat which is kept in each user's folder. In your case it would be in C:\Users\Dan\

System Restore keeps copies of the critical registry files in the C:\System Volume Information folder.

See Step 4 in http://community.spi...how_to/show/214

Ron
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
This is what sUBs said in his last post:

"It's most regrettable but since Qoobox is no longer intact, there's no way to restore the files.

Quote
I checked the drive with Recuva yesterday and there are several hundred thousand files which are recoverable on the drive.


I would like to get to the bottom of things. If it could be recovered, the deleted contents of C:\george19604g\ likely holds the answer.
My experience with recovery software as such has never been good. They may claim to recover thousands but many are corrupt files.

As much as I would like to attempt recovery, this user has had too much bad fortune. It would be cruel to put him through any more.
His best bet would be to try to recover his personal documents and then wipe the machine. Please extend my apologies



If anyone manages to reproduce this mishap, kindly let me know. "

Ron
  • 0

#30
DVCnerfherder

DVCnerfherder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Ron,

Although I have tried a variety of things to resurrect his laptop, I gave up and reinstalled Windows from the DVD. I am now working with my son to minimize the risk of infection down the road and would appreciate any suggestions as to what tools you would recommend we install on his laptop.

Thanks for your efforts. Some you win, some turn out like this...

- Mike
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP