Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects (kdirectory, ask.com) Also Safe mode not working.


  • This topic is locked This topic is locked
41 replies to this topic

#1 DannyH89

DannyH89

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 06 August 2010 - 05:55 PM

Hi guys, I'm a Vista *Well THERE'S the cause of the problem* user running Firefox, and intermittently my Google results are being redirected to sites such as Ask.com, kdirectory, cr*p like that...
Also my Safe mode isn't working, nor is With networking, or with Command Prompt.

I've read various posts on various boards, and tried using Combofix, MalwareBytes, Hitman Pro, Penguin Software or something along that description, and GMER.

Here's my DDS logs, although GMER ran for a few minutes then either crashed or gave me the blue screen of death, I tried it 6 times and my patience is already at it's thinnest so here goes.





DDS (Ver_10-03-17.01) - NTFSx86
Run by Danny at 22:29:57.25 on 06/08/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3000.1669 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Danny\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Danny\Desktop\dildods.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [<NO NAME>]
uRun: [AeroSnap] c:\program files\aerosnap\AeroSnap.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\uq58i15d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-7-27 28552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-2-18 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-6-26 703008]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-27 112128]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 VCam_WDM;e2eSoft VCam;c:\windows\system32\drivers\VCam_WDM.sys [2010-8-5 95840]
R3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\drivers\VCam_WDM01.sys [2010-8-5 95840]
R3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\drivers\VCAM_WDM02.sys [2010-8-5 95840]
R3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\drivers\VCAM_WDM03.sys [2010-8-5 95840]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe --> c:\program files\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]

=============== Created Last 30 ================

2010-08-06 19:01:16 0 d-----w- c:\program files\directx
2010-08-06 18:53:44 0 d-----w- c:\program files\Bethesda Softworks
2010-08-06 13:25:04 428 ----a-w- c:\windows\system32\bootdelete.lst
2010-08-06 13:25:04 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-06 13:06:10 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-06 13:05:14 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2010-08-06 13:03:57 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-05 20:52:34 0 d-----w- c:\program files\Flash Movie Player
2010-08-05 19:16:01 95840 ----a-w- c:\windows\system32\drivers\VCAM_WDM03.sys
2010-08-05 19:16:01 95840 ----a-w- c:\windows\system32\drivers\VCAM_WDM02.sys
2010-08-05 19:16:01 95840 ----a-w- c:\windows\system32\drivers\VCam_WDM01.sys
2010-08-05 19:16:01 95840 ----a-w- c:\windows\system32\drivers\VCam_WDM.sys
2010-08-05 19:16:00 0 d-----w- c:\users\danny\appdata\roaming\e2eSoft
2010-08-05 19:15:55 0 d-----w- c:\program files\e2eSoft
2010-08-05 00:59:23 0 d-----w- c:\program files\3GPplayer2010
2010-08-01 15:59:22 0 d-----w- c:\program files\AutoHotkey
2010-08-01 00:34:49 0 d-----w- c:\program files\CDisplay
2010-07-31 23:10:09 4231 ----a-w- C:\bookmarks-2010-08-01.json
2010-07-31 20:13:05 0 d-----w- c:\programdata\Protexis
2010-07-31 20:12:59 80 --sh--r- c:\windows\system32\6BB128ECAC.dll
2010-07-31 20:12:31 0 d-----w- c:\programdata\Macrovision
2010-07-31 20:12:31 0 d-----w- c:\program files\Shark Software
2010-07-28 20:08:23 0 d-----w- c:\program files\MonkeyBollocks
2010-07-27 22:44:28 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-27 22:44:09 0 d-----w- c:\program files\Panda Security
2010-07-27 21:43:13 72272 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-27 21:38:07 65536 --sha-w- c:\users\danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TM.blf
2010-07-27 21:38:07 524288 --sha-w- c:\users\danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TMContainer00000000000000000002.regtrans-ms
2010-07-27 21:38:07 524288 --sha-w- c:\users\danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TMContainer00000000000000000001.regtrans-ms
2010-07-27 02:32:00 0 d-----w- c:\program files\Lame for Audacity
2010-07-27 02:06:00 0 d-----w- c:\program files\Audacity
2010-07-27 00:22:21 0 d-----w- c:\users\danny\Pavark
2010-07-25 21:56:09 0 d-----w- c:\program files\McAfee Security Scan
2010-07-25 21:56:02 0 d-----w- c:\programdata\NOS
2010-07-25 19:11:57 0 d-----w- C:\!KillBox
2010-07-25 15:05:19 0 d-sh--w- C:\$RECYCLE(2).BIN
2010-07-25 14:30:57 0 d-----w- C:\Smeagol8373S
2010-07-25 14:29:22 0 d-----w- C:\Smeagol
2010-07-25 00:20:26 0 d-----w- c:\program files\Sophos
2010-07-24 19:49:48 0 d-----w- c:\programdata\Sun
2010-07-22 14:36:59 40960 ---ha-w- C:\SZKGFS.dat
2010-07-22 14:34:56 0 d-----w- c:\programdata\SITEguard
2010-07-22 14:34:17 0 d-----w- c:\program files\common files\iS3
2010-07-22 14:34:16 0 d-----w- c:\programdata\STOPzilla!
2010-07-22 01:27:55 0 d-----w- c:\programdata\AppData
2010-07-21 21:30:31 0 d-----w- c:\program files\Exterminate It!
2010-07-21 20:20:30 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-21 20:20:30 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-21 19:54:50 0 d-----w- C:\ComboFix
2010-07-21 18:39:49 0 d-----w- C:\$RECYCLE(0).BIN
2010-07-21 18:35:27 2621440 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2010-07-21 18:35:26 0 d-----w- c:\program files\Microsoft ATS
2010-07-21 18:07:46 0 d-----w- c:\program files\Windows Journal
2010-07-19 22:26:17 0 d-----w- c:\programdata\Hitman Pro
2010-07-16 23:35:06 0 d-----w- c:\program files\Ashampoo(193)

==================== Find3M ====================

2010-08-05 19:17:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-05 19:17:37 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-05 19:17:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-21 13:14:28 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2009-06-27 04:03:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-24 08:21:20 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-12-24 08:21:20 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-12-24 08:21:20 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 22:31:17.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:58 PM

Posted 14 August 2010 - 08:29 AM

Hello DannyH89

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 DannyH89

DannyH89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 August 2010 - 10:37 AM

Hi Kahdah, thanks so much for replying...

OTL ran, and then crashed, but I've restarted and it's looking like it's working ok so I shall post those logs in a second, but just to give you a heads up, I didn't get told about not downloading/removing any software until 4/5 days after posting those logs so I can give you an update of those if you need them?

Thanks again,
Danny.

OTL.Txt Log:
OTL logfile created on: 14/08/2010 16:20:24 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Danny\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.99 Gb Total Space | 230.57 Gb Free Space | 50.57% Space Free | Partition Type: NTFS
Drive D: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNY-BOY
Current User Name: Danny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Danny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Danny\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Users\Danny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\ThreatFire\TFWAH.dll (PC Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH)
DRV - (VCAM_WDM03) -- C:\Windows\System32\drivers\VCAM_WDM03.sys (e2eSoft)
DRV - (VCAM_WDM02) -- C:\Windows\System32\drivers\VCAM_WDM02.sys (e2eSoft)
DRV - (VCam_WDM01) -- C:\Windows\System32\drivers\VCam_WDM01.sys (e2eSoft)
DRV - (VCam_WDM) -- C:\Windows\System32\drivers\VCam_WDM.sys (e2eSoft)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5738

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/03 16:03:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 22:55:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 22:55:44 | 000,000,000 | ---D | M]

[2010/07/22 20:26:31 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions
[2010/07/22 20:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/28 21:00:03 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d(3680).default\extensions
[2010/07/28 21:00:04 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d(3680).default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/07/28 21:00:04 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d(3680).default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/07/28 21:00:07 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d(3680).default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/07/28 21:00:03 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d(3680).default\extensions\foof@foofme.com
[2010/07/28 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d(558).default\extensions
[2010/07/28 21:00:13 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d(558).default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/07/28 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d(558).default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/08/13 17:50:19 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions
[2010/07/28 21:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/28 21:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/07/28 21:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 21:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2010/07/28 21:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010/07/28 21:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/07/28 21:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
[2010/07/28 22:46:49 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/07/28 21:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
[2010/07/28 21:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2010/07/28 21:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/28 21:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{A5475360-A7EA-437b-9A79-29208F476940}
[2010/08/05 21:48:06 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/07/29 02:22:09 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/07/30 21:56:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/28 21:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010/07/28 21:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/08/03 00:35:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/28 21:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2010/08/01 03:32:57 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/07/28 21:00:22 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/07/28 21:00:22 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\facepad@lazyrussian.com
[2010/07/28 22:46:48 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\firefox@facebook.com
[2010/07/28 21:00:35 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\foof@foofme.com
[2010/07/28 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\personas@christopher.beard
[2010/07/28 21:00:39 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\youtube2mp3@mondayx.de
[2010/07/31 00:15:50 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\YouTubeAutoReplay@arikv.com
[2010/07/28 21:01:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions
[2010/07/28 21:01:44 | 000,000,000 | ---D | M] (TweakMDB) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\{15a82062-5139-4855-9706-130a8a4be80c}
[2010/07/28 21:01:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 21:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2010/07/28 21:01:46 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/07/28 21:01:50 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/07/28 21:01:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/28 21:01:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\FirefoxAddon@myfacebook.com
[2010/07/28 21:01:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\mozilla@pixelpipe.com
[2010/07/28 21:01:44 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\s.alfa@idev.com
[2010/07/27 22:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 22:55:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/23 03:09:38 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/23 03:09:38 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/07/23 03:09:38 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/23 01:29:54 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/13 00:08:56 | 000,416,619 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Danny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Danny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{38cea359-f634-11de-a2b5-001f16ad7e74}\Shell - "" = AutoRun
O33 - MountPoints2\{38cea359-f634-11de-a2b5-001f16ad7e74}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{e1232fef-f580-11de-bc10-001f16ad7e74}\Shell - "" = AutoRun
O33 - MountPoints2\{e1232fef-f580-11de-bc10-001f16ad7e74}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 16:07:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2010/08/13 23:16:56 | 001,146,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Danny\Desktop\wlsetup-custom.exe
[2010/08/13 22:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/08/13 18:53:11 | 004,657,048 | ---- | C] (Yuna Software) -- C:\Users\Danny\Desktop\MsgPlusLive-485.exe
[2010/08/13 18:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Planetarium0261
[2010/08/13 18:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\NAPALM
[2010/08/12 22:00:19 | 000,059,664 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010/08/12 22:00:19 | 000,051,984 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010/08/12 22:00:19 | 000,033,552 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010/08/12 22:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/08/12 22:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/08/12 20:31:24 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/12 20:31:23 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/12 20:31:23 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/12 20:31:23 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/12 20:31:23 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/12 20:31:11 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/12 20:31:10 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/12 20:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/12 20:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/12 19:27:48 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\Acer ePower Management V4
[2010/08/12 17:12:42 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/12 17:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/12 17:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/10 17:56:32 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\MigWiz
[2010/08/07 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\CockChops
[2010/08/07 03:33:21 | 000,097,792 | ---- | C] (Protect Software GmbH) -- C:\Windows\System32\drivers\ACEDRV05.sys
[2010/08/07 03:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2010/08/06 20:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010/08/06 19:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2010/08/06 14:25:04 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/08/06 14:05:14 | 000,134,464 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2010/08/06 14:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/05 21:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Movie Player
[2010/08/05 20:16:01 | 000,095,840 | ---- | C] (e2eSoft) -- C:\Windows\System32\drivers\VCAM_WDM03.sys
[2010/08/05 20:16:01 | 000,095,840 | ---- | C] (e2eSoft) -- C:\Windows\System32\drivers\VCAM_WDM02.sys
[2010/08/05 20:16:01 | 000,095,840 | ---- | C] (e2eSoft) -- C:\Windows\System32\drivers\VCam_WDM01.sys
[2010/08/05 20:16:01 | 000,095,840 | ---- | C] (e2eSoft) -- C:\Windows\System32\drivers\VCam_WDM.sys
[2010/08/05 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\e2eSoft
[2010/08/05 20:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\e2eSoft
[2010/08/05 01:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\3GPplayer2010
[2010/08/01 16:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2010/08/01 01:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2010/07/31 21:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2010/07/31 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Shark Software
[2010/07/31 21:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2010/07/28 21:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\MonkeyBollocks
[2010/07/27 23:44:28 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/07/27 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/07/27 22:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/27 03:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/07/27 03:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/07/27 01:22:21 | 000,000,000 | ---D | C] -- C:\Users\Danny\Pavark
[2010/07/25 23:22:32 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\NOS
[2010/07/25 22:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/07/25 22:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/07/25 20:11:57 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/07/25 16:05:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE(2).BIN
[2010/07/25 16:05:14 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\temp(447)
[2010/07/25 16:05:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/25 15:30:57 | 000,000,000 | ---D | C] -- C:\Smeagol8373S
[2010/07/25 15:29:22 | 000,000,000 | ---D | C] -- C:\Smeagol
[2010/07/25 15:29:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 01:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/07/24 20:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/24 20:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/22 15:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/07/22 15:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/22 15:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/07/22 02:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2010/07/21 22:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2010/07/21 21:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/21 21:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/21 20:54:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/21 20:04:36 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\Threat Expert
[2010/07/21 19:39:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE(0).BIN
[2010/07/21 19:39:10 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\ElevatedDiagnostics
[2010/07/21 19:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/07/21 19:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2010/07/19 23:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/07/17 00:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo(193)
[2009/06/27 05:10:11 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/14 16:19:21 | 007,864,320 | -HS- | M] () -- C:\Users\Danny\ntuser.dat
[2010/08/14 16:16:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/14 16:16:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 16:16:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 16:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/14 16:15:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/14 16:15:02 | 000,524,288 | -HS- | M] () -- C:\Users\Danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 16:15:02 | 000,065,536 | -HS- | M] () -- C:\Users\Danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TM.blf
[2010/08/14 16:14:55 | 003,710,772 | -H-- | M] () -- C:\Users\Danny\AppData\Local\IconCache.db
[2010/08/14 16:08:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2010/08/14 01:49:44 | 000,485,027 | ---- | M] () -- C:\Users\Danny\Desktop\Homer.png
[2010/08/13 23:16:57 | 001,146,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Danny\Desktop\wlsetup-custom.exe
[2010/08/13 22:30:54 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/13 22:30:54 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/13 22:30:53 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/13 22:22:14 | 000,305,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/13 21:59:15 | 000,093,696 | ---- | M] () -- C:\Users\Danny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/13 18:53:22 | 004,657,048 | ---- | M] (Yuna Software) -- C:\Users\Danny\Desktop\MsgPlusLive-485.exe
[2010/08/13 18:25:40 | 000,000,869 | ---- | M] () -- C:\Users\Danny\Desktop\Asynx Planetarium v2.61.lnk
[2010/08/13 18:19:22 | 000,000,734 | ---- | M] () -- C:\Users\Public\Desktop\NAPALM.lnk
[2010/08/13 17:05:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/13 00:08:56 | 000,416,619 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/12 22:52:36 | 000,416,619 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-000856.backup
[2010/08/12 22:00:52 | 000,001,085 | ---- | M] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/12 22:00:22 | 000,000,773 | ---- | M] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2010/08/12 20:31:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/09 01:21:45 | 000,061,066 | ---- | M] () -- C:\Users\Danny\Desktop\Daaaaaaad.mp3
[2010/08/09 00:55:13 | 000,000,809 | ---- | M] () -- C:\Windows\NTIWVEDT.INI
[2010/08/08 01:48:46 | 000,207,258 | ---- | M] () -- C:\Users\Danny\Documents\Pet Joke.exe
[2010/08/08 01:47:54 | 000,000,998 | ---- | M] () -- C:\Users\Danny\Documents\Pet Joke.ahk
[2010/08/07 16:55:59 | 000,000,732 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100812-225236.backup
[2010/08/07 16:55:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/07 16:55:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/07 03:40:57 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000000A7.LCS
[2010/08/07 03:33:21 | 000,097,792 | ---- | M] (Protect Software GmbH) -- C:\Windows\System32\drivers\ACEDRV05.sys
[2010/08/07 03:30:59 | 000,001,079 | ---- | M] () -- C:\Users\Danny\Desktop\Sacred.lnk
[2010/08/07 01:54:26 | 000,006,080 | ---- | M] () -- C:\Users\Danny\AppData\Local\d3d9caps.dat
[2010/08/07 01:43:25 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2010/08/06 17:58:58 | 3344,978,236 | ---- | M] () -- C:\Users\Danny\Desktop\Backup.rar
[2010/08/06 14:25:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/08/06 14:05:14 | 000,134,464 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2010/08/05 19:12:28 | 000,001,077 | ---- | M] () -- C:\Users\Danny\Documents\Letitia.ahk
[2010/08/01 17:05:20 | 000,001,352 | ---- | M] () -- C:\Users\Danny\Documents\AutoHotkey.ahk
[2010/08/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/08/01 00:10:09 | 000,004,231 | ---- | M] () -- C:\bookmarks-2010-08-01.json
[2010/07/31 21:28:55 | 000,000,080 | RHS- | M] () -- C:\Windows\System32\6BB128ECAC.dll
[2010/07/28 04:15:58 | 000,524,288 | -HS- | M] () -- C:\Users\Danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TMContainer00000000000000000002.regtrans-ms
[2010/07/28 00:09:23 | 000,000,104 | ---- | M] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2010/07/27 22:55:46 | 000,001,754 | ---- | M] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/27 22:43:13 | 000,072,272 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/07/27 22:43:08 | 000,008,224 | ---- | M] () -- C:\Users\Danny\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/27 21:43:46 | 000,065,536 | -HS- | M] () -- C:\Users\Danny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/27 21:43:45 | 000,524,288 | -HS- | M] () -- C:\Users\Danny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/22 15:36:59 | 000,040,960 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/21 19:35:33 | 002,621,440 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/14 01:42:06 | 000,485,027 | ---- | C] () -- C:\Users\Danny\Desktop\Homer.png
[2010/08/13 18:25:40 | 000,000,869 | ---- | C] () -- C:\Users\Danny\Desktop\Asynx Planetarium v2.61.lnk
[2010/08/13 18:19:22 | 000,000,734 | ---- | C] () -- C:\Users\Public\Desktop\NAPALM.lnk
[2010/08/12 22:00:52 | 000,001,085 | ---- | C] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/12 22:00:22 | 000,000,773 | ---- | C] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2010/08/09 01:19:22 | 000,061,066 | ---- | C] () -- C:\Users\Danny\Desktop\Daaaaaaad.mp3
[2010/08/09 00:55:11 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010/08/07 16:55:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/08/07 16:55:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/08/07 03:33:21 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000000A7.LCS
[2010/08/07 03:30:59 | 000,001,079 | ---- | C] () -- C:\Users\Danny\Desktop\Sacred.lnk
[2010/08/07 01:43:25 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2010/08/06 17:29:26 | 3344,978,236 | ---- | C] () -- C:\Users\Danny\Desktop\Backup.rar
[2010/08/06 14:06:10 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/05 19:12:28 | 000,001,077 | ---- | C] () -- C:\Users\Danny\Documents\Letitia.ahk
[2010/08/01 17:11:01 | 000,207,258 | ---- | C] () -- C:\Users\Danny\Documents\Pet Joke.exe
[2010/08/01 17:05:20 | 000,001,352 | ---- | C] () -- C:\Users\Danny\Documents\AutoHotkey.ahk
[2010/08/01 17:05:04 | 000,000,998 | ---- | C] () -- C:\Users\Danny\Documents\Pet Joke.ahk
[2010/08/01 00:10:09 | 000,004,231 | ---- | C] () -- C:\bookmarks-2010-08-01.json
[2010/07/31 21:12:59 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\6BB128ECAC.dll
[2010/07/28 00:09:23 | 000,000,104 | ---- | C] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2010/07/27 22:55:46 | 000,001,754 | ---- | C] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/27 22:38:07 | 000,524,288 | -HS- | C] () -- C:\Users\Danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TMContainer00000000000000000002.regtrans-ms
[2010/07/27 22:38:07 | 000,524,288 | -HS- | C] () -- C:\Users\Danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 22:38:07 | 000,065,536 | -HS- | C] () -- C:\Users\Danny\ntuser.dat{e8030b5c-99c6-11df-9e02-001f16ad7e74}.TM.blf
[2010/07/22 15:36:59 | 000,040,960 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/21 19:35:27 | 002,621,440 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/05/03 21:45:21 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2010/04/30 22:44:46 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2010/04/05 00:52:00 | 000,692,224 | ---- | C] () -- C:\Windows\System32\bsrmgcv.dll
[2010/04/05 00:52:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\bsrmgps.dll
[2010/04/05 00:52:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bsrgvas.dll
[2010/04/05 00:51:53 | 000,147,456 | ---- | C] () -- C:\Windows\System32\bsratwmv.dll
[2010/04/05 00:51:52 | 000,585,728 | ---- | C] () -- C:\Windows\System32\bsratswf.dll
[2010/03/07 21:49:45 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2010/01/21 15:27:35 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/12/24 12:29:12 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/24 12:29:12 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/01 02:25:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/12/01 02:25:22 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/06/27 05:01:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009/06/27 05:01:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/06/26 21:30:13 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/06/26 21:23:29 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/06/26 21:23:29 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/02/18 19:48:55 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/02/11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 21:03:57 | 000,000,057 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008/12/27 15:18:20 | 000,005,120 | ---- | C] () -- C:\Windows\System32\lwel-manifest.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/02/18 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Acer GameZone Console
[2010/01/16 00:15:32 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\AeroSnapApp
[2010/02/01 17:27:11 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\AnvSoft
[2010/03/27 13:46:02 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Ashampoo
[2010/01/28 03:02:21 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\avidemux
[2010/08/14 16:25:26 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\BitTorrent
[2010/01/15 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\BluetoothDriverInstaller
[2010/05/16 16:23:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Canon
[2010/08/05 20:16:00 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\e2eSoft
[2009/12/30 23:33:55 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\eSobi
[2010/03/08 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Nikon
[2010/01/15 21:22:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Nokia
[2010/01/15 21:21:07 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Nokia Ovi Suite
[2010/03/08 22:39:06 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\nswb
[2010/01/15 21:21:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\PC Suite
[2009/11/28 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\PowerCinema
[2010/06/08 17:06:36 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Research In Motion
[2009/11/28 22:25:52 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\SoftDMA
[2010/05/04 00:19:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Toshiba
[2010/07/30 22:43:48 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\uTorrent
[2010/08/07 01:43:25 | 000,000,286 | ---- | M] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job
[2010/06/15 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/08/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/08/14 16:15:04 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/08/01 00:10:09 | 000,004,231 | ---- | M] () -- C:\bookmarks-2010-08-01.json
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/07/25 16:05:11 | 000,016,950 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/07 16:55:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/06 00:04:01 | 000,000,362 | -H-- | M] () -- C:\IPH.PH
[2010/08/07 16:55:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/14 16:15:52 | 3460,198,400 | -HS- | M] () -- C:\pagefile.sys
[2009/05/28 01:46:16 | 000,007,290 | -HS- | M] () -- C:\Patch.rev
[2009/02/18 21:48:16 | 000,000,151 | RHS- | M] () -- C:\Preload.rev
[2010/07/27 01:15:03 | 000,060,672 | ---- | M] () -- C:\RootRepeal report 07-27-10 (01-15-02).txt
[2010/08/01 16:53:54 | 000,000,012 | ---- | M] () -- C:\System.txt
[2010/07/22 15:36:59 | 000,040,960 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/25 00:31:16 | 000,062,452 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_25.07.2010_00.28.02_log.txt
[2010/08/04 20:28:53 | 000,001,968 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_04.08.2010_20.28.48_log.txt
[2010/08/04 20:51:50 | 000,122,476 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_04.08.2010_20.29.38_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/07 03:33:21 | 000,097,792 | ---- | M] (Protect Software GmbH) -- C:\Windows\System32\drivers\ACEDRV05.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/13 17:05:46 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/30 21:57:42 | 000,095,840 | ---- | M] (e2eSoft) -- C:\Windows\System32\drivers\VCam_WDM.sys
[2010/06/30 21:58:10 | 000,095,840 | ---- | M] (e2eSoft) -- C:\Windows\System32\drivers\VCam_WDM01.sys
[2010/06/30 21:58:22 | 000,095,840 | ---- | M] (e2eSoft) -- C:\Windows\System32\drivers\VCAM_WDM02.sys
[2010/06/30 21:58:58 | 000,095,840 | ---- | M] (e2eSoft) -- C:\Windows\System32\drivers\VCAM_WDM03.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/10/22 07:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD97.DLL
[2007/10/22 07:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP97.DLL
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >



Extras.Txt Log:
OTL Extras logfile created on: 14/08/2010 16:20:24 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Danny\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.99 Gb Total Space | 230.57 Gb Free Space | 50.57% Space Free | Partition Type: NTFS
Drive D: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNY-BOY
Current User Name: Danny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{98F6A82B-B632-41FC-9B14-EB3E9318EEB5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0AF1947-E265-43A8-BFFA-C595E9B53420}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1779F049-CC71-486B-AB6A-A002C5D63950}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{20263148-7909-4607-B74B-53FD38635C71}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{3558767A-816A-49C1-BC44-7D7C82860FA8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{39F5B260-F221-4B87-A168-925D0DC9AF56}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{3E23A898-2AAA-473C-A524-90864FDA8AE7}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{48426CB5-67EA-4BA0-805C-02EC18E74CD4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D9A2BE2-E25F-4270-A88A-5C6B111C94CF}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{4F4E0965-BBA5-4870-9894-FFC4F1DDC148}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5594DA65-0248-4F98-996F-EBCE749E80E8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5C6C3B9B-2192-4DDD-B8E0-4B7712C5E8BC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6374EBA5-983F-4585-8D3B-939356EBD3FA}" = protocol=17 | dir=in | app=c:\program files\hitman pro 3.5\dildohead.exe |
"{6A602BFC-A655-426D-9260-122A88A23EC9}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{753DC499-3E48-4261-A611-E64F27AD3B2D}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{7C76F924-88AB-4A95-B5F3-77322292368C}" = protocol=6 | dir=in | app=c:\program files\hitman pro 3.5\dildohead.exe |
"{87F23AA6-577F-4DD0-94D4-1F6BBE8052B2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8E47D618-7AB2-4410-94E2-0E8E68E270C3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{98531B6E-5A0B-455A-830A-874F192B9DFD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9D037BCE-13AC-4C9F-B0F5-CD844A12F4C0}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9EF84E17-A263-4606-92D4-F425978752E7}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A362514A-6012-4C84-8896-78F2273CA83E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A65154FE-F2B1-40AC-A6E5-8926B07A7B38}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{A8CC19F5-1EE9-4AD1-AD37-CC4E2B25222B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B1059DBF-0C99-402C-A6D5-ADF4A968A6F7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BF2537E5-64BB-4963-8B95-9CB022B151BD}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{D47A2572-F44F-4ED1-A851-EB5574F01ACB}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{DCBD4355-A8FA-4092-AA77-DDDD4CF0897D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DCD74AC1-89BA-484D-B904-E6FD1C373FE2}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{EC667A6D-C696-47D4-9D4A-4E98CC50CBB9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EE4D5497-8189-4F32-BF56-A31560C693EE}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"TCP Query User{35E3A32B-FA8F-417D-B70C-74B0B59B4D45}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B59FBC4F-DCB3-4C5C-B4A3-7A70EAB4E847}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{E3E80503-1F4D-44BA-9853-3A58F313C958}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{EB0A4EF5-983D-4A50-9F80-91A63AAD063E}C:\program files\freez online tv\freez online tv.exe" = protocol=6 | dir=in | app=c:\program files\freez online tv\freez online tv.exe |
"TCP Query User{F09BB7F5-EF4E-4A12-8A38-B25B3BD4AB4C}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{0410E590-CB6D-4DD1-972F-9E34E8DCBED7}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{36E636FB-5512-46D3-8999-8E4E712BA965}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9CA5B39C-8228-4E5E-AA1A-065E281A37F3}C:\program files\freez online tv\freez online tv.exe" = protocol=17 | dir=in | app=c:\program files\freez online tv\freez online tv.exe |
"UDP Query User{B3AD22A4-B44D-4CCE-9950-8946D5B03A0A}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{E92A7A80-8A9F-4EAA-831A-26D567F45184}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76C6B994-8FA7-47BF-B1E0-3AFC09A2AC6B}" = MSN Webcam Recorder 28.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CA199A8-574E-432F-A98F-A55741E233D1}_is1" = 3GP Player 2010
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B06CC379-BA38-4572-9539-CDB0C544AA1E}" = BlackBerry Desktop Software 5.0
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFCB1F6F-E16B-4015-8C47-1D8445EC1685}_is1" = FreeZ Online TV v1.30
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C6B51FD8-942C-45FE-9704-19B687372691}" = Auto Clicker - Image Recognizer
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acer Screensaver" = Acer ScreenSaver
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_7" = AIM 7
"Any Video Converter_is1" = Any Video Converter 3.0.3
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Asynx Planetarium v2.61_is1" = Asynx Planetarium Version 2.61
"Audacity_is1" = Audacity 1.2.6
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast5" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"BlackBerry_{B06CC379-BA38-4572-9539-CDB0C544AA1E}" = BlackBerry Desktop Software 5.0
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CEDP Stealer 6.0 for Messenger" = CEDP Stealer 6.0 for Messenger
"Celebrity Toolbar" = Celebrity Toolbar
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Debut" = Debut Video Capture Software
"DupDetector" = Dup Detector
"e2eSoft VCam_is1" = e2eSoft VCam v5.0
"Easy Gif Animator Extension" = Easy Gif Animator Extension
"Easy GIF Animator_is1" = Easy GIF Animator 5.02
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ExpressBurn" = Express Burn
"Flash Movie Player" = Flash Movie Player 1.5
"FreePOPs" = NSIS FreePOPs (remove only)
"GridVista" = Acer GridVista
"Guild Wars" = Guild Wars
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"LogonStudio" = LogonStudio
"MAGIX Xtreme Photo Designer 6 US" = MAGIX Xtreme Photo Designer 6 6.0.19.0 (US)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NAPALM_is1" = NAPALM 1.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"Prism" = Prism Video Converter
"Recuva" = Recuva
"Sacred Underworld_is1" = Sacred Underworld
"ShapeCollage" = Shape Collage
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"Web2Pop_is1" = Web2Pop 1.0.3.8
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e74bedb8a7842f55" = MySpace Realcovery

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/08/2010 14:56:51 | Computer Name = Danny-Boy | Source = VSS | ID = 8194
Description =

Error - 06/08/2010 14:56:55 | Computer Name = Danny-Boy | Source = SPP | ID = 16387
Description =

Error - 06/08/2010 14:56:55 | Computer Name = Danny-Boy | Source = System Restore | ID = 8193
Description =

Error - 06/08/2010 15:36:21 | Computer Name = Danny-Boy | Source = Application Error | ID = 1000
Description = Faulting application Morrowind.exe, version 1.2.0.722, time stamp
0x3d3c453e, faulting module Morrowind.exe, version 1.2.0.722, time stamp 0x3d3c453e,
exception code 0xc0000005, fault offset 0x00295a8c, process id 0x15ac, application
start time 0x01cb3599cd894299.

Error - 06/08/2010 16:44:56 | Computer Name = Danny-Boy | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc000071b, fault offset 0x00088ed9, process id 0xb0, application
start time 0x01cb3583e514bbd9.

Error - 06/08/2010 16:48:05 | Computer Name = Danny-Boy | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2010 17:06:07 | Computer Name = Danny-Boy | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc000071b, fault offset 0x00088ed9, process id 0x75c, application
start time 0x01cb35a863be98b9.

Error - 06/08/2010 17:09:11 | Computer Name = Danny-Boy | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2010 17:54:05 | Computer Name = Danny-Boy | Source = Perflib | ID = 1010
Description =

Error - 06/08/2010 17:54:11 | Computer Name = Danny-Boy | Source = PerfNet | ID = 2005
Description =

[ System Events ]
Error - 13/08/2010 18:20:42 | Computer Name = Danny-Boy | Source = Service Control Manager | ID = 7009
Description =

Error - 13/08/2010 18:20:42 | Computer Name = Danny-Boy | Source = Service Control Manager | ID = 7000
Description =

Error - 13/08/2010 22:33:45 | Computer Name = Danny-Boy | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 14/08/2010 10:56:50 | Computer Name = Danny-Boy | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 14/08/2010 10:56:54 | Computer Name = Danny-Boy | Source = HTTP | ID = 15016
Description =

Error - 14/08/2010 10:57:09 | Computer Name = Danny-Boy | Source = Service Control Manager | ID = 7000
Description =

Error - 14/08/2010 11:06:53 | Computer Name = Danny-Boy | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.87.1626.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 14/08/2010 11:16:15 | Computer Name = Danny-Boy | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 14/08/2010 11:16:17 | Computer Name = Danny-Boy | Source = HTTP | ID = 15016
Description =

Error - 14/08/2010 11:16:31 | Computer Name = Danny-Boy | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:58 PM

Posted 14 August 2010 - 11:02 AM

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

No maybe just the Combofix log if you have it.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 DannyH89

DannyH89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 August 2010 - 11:55 AM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:04 on 14/08/2010 (Danny)
Firefox version 3.6.8 (en-GB)

========== GooredScan ==========

Removing Orphan:
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"="C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:55 27/07/2010]

C:\Users\Danny\Application Data\Mozilla\Firefox\Profiles\uq58i15d(3680).default\extensions\
foof@foofme.com [17:36 27/07/2010]
{35106bca-6c78-48c7-ac28-56df30b51d2d} [17:36 27/07/2010]
{47624dda-b77e-4feb-820a-e4f077d5d4ca} [22:00 25/07/2010]
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [01:47 27/07/2010]

C:\Users\Danny\Application Data\Mozilla\Firefox\Profiles\uq58i15d(558).default\extensions\
YoutubeDownloader@PeterOlayev.com [18:01 25/07/2010]
{47624dda-b77e-4feb-820a-e4f077d5d4ca} [17:29 25/07/2010]

C:\Users\Danny\Application Data\Mozilla\Firefox\Profiles\uq58i15d.default\extensions\
canitbecheaper@trafficbroker.co.uk [02:32 01/08/2010]
en-GB@dictionaries.addons.mozilla.org [20:16 29/11/2009]
facepad@lazyrussian.com [23:17 30/05/2010]
firefox@facebook.com [21:46 28/07/2010]
foof@foofme.com [03:00 28/07/2010]
personas@christopher.beard [17:00 16/04/2010]
youtube2mp3@mondayx.de [21:41 30/04/2010]
YouTubeAutoReplay@arikv.com [23:15 30/07/2010]
{02450954-cdd9-410f-b1da-db804e18c671} [23:40 25/03/2010]
{097d3191-e6fa-4728-9826-b533d755359d} [16:55 31/01/2010]
{20a82645-c095-46ed-80e3-08825760534b} [21:41 30/04/2010]
{241aae70-0022-11de-87af-0800200c9a66} [16:55 31/01/2010]
{2458abc0-f443-11dd-87af-0800200c9a66} [16:59 16/04/2010]
{3d7eb24f-2740-49df-8937-200b1cc08f8a} [23:28 20/06/2010]
{3ffb7be0-8bde-11de-8a39-0800200c9a66} [00:46 19/02/2010]
{47624dda-b77e-4feb-820a-e4f077d5d4ca} [21:46 28/07/2010]
{586bd060-22d6-11de-8c30-0800200c9a66} [20:02 24/02/2010]
{64e8cc5b-20db-4212-8320-178fc5ae71f7} [21:02 10/01/2010]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [16:50 02/06/2010]
{A5475360-A7EA-437b-9A79-29208F476940} [03:51 15/12/2009]
{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [20:48 05/08/2010]
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [01:22 29/07/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [20:56 30/07/2010]
{d122ad80-ff45-11dd-87af-0800200c9a66} [16:55 31/01/2010]
{e2c58150-9d72-11dd-ad8b-0800200c9a66} [15:17 13/01/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [23:35 02/08/2010]
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [17:37 13/03/2010]

C:\Users\Danny\Application Data\Mozilla\Firefox\Profiles\v5n6n81a.default\extensions\
FirefoxAddon@myfacebook.com [20:46 24/07/2010]
mozilla@pixelpipe.com [19:32 23/07/2010]
s.alfa@idev.com [19:32 23/07/2010]
{15a82062-5139-4855-9706-130a8a4be80c} [23:01 22/07/2010]
{20a82645-c095-46ed-80e3-08825760534b} [23:02 22/07/2010]
{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} [20:46 24/07/2010]
{47624dda-b77e-4feb-820a-e4f077d5d4ca} [19:38 23/07/2010]
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [19:32 23/07/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [23:01 22/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:29 30/11/2009]

-=E.O.F=-

Again I can't say thanks enough smile.gif

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:58 PM

Posted 14 August 2010 - 01:23 PM

You are welcome smile.gif

See if the redirects are still present please.
Also let me know if it is only present in Firefox or both IE and Firefox.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 DannyH89

DannyH89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 August 2010 - 01:59 PM

Hi, Firefox appears to be clean, I've gone through around 10 batches of the first 5 results with different search terms, with no redirects (Not being too optimistic at the moment because this has cleared up and re-occurred...)

Anyhow, Internet Explorer hit a redirect on the first 3 results straight away.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:58 PM

Posted 14 August 2010 - 04:30 PM

  1. Please download mbrcheck from Here
  2. Save that file to your desktop and double click on it to run it.
  3. It will show a Black screen with some data on it then hit any key to continue.
  4. Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  5. Please post the contents of that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 DannyH89

DannyH89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 August 2010 - 05:03 PM

Hey I've just had to reboot from a crash and IE is back to redirecting :@

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5738
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 168):
0x8201E000 \SystemRoot\system32\ntkrnlpa.exe
0x823D7000 \SystemRoot\system32\hal.dll
0x87500000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80470000 \SystemRoot\system32\PSHED.dll
0x80481000 \SystemRoot\system32\BOOTVID.dll
0x80489000 \SystemRoot\system32\CLFS.SYS
0x804CA000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\System32\drivers\mountmgr.sys
0x80797000 \SystemRoot\system32\drivers\pavboot.sys
0x8079D000 \SystemRoot\System32\Drivers\UBHelper.sys
0x82608000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x826E3000 \SystemRoot\system32\drivers\atapi.sys
0x826EB000 \SystemRoot\system32\drivers\ataport.SYS
0x82709000 \SystemRoot\system32\drivers\msahci.sys
0x82713000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82721000 \SystemRoot\system32\drivers\fltmgr.sys
0x82753000 \SystemRoot\system32\drivers\fileinfo.sys
0x82763000 \SystemRoot\system32\drivers\TfFsMon.sys
0x82774000 \SystemRoot\system32\drivers\TfSysMon.sys
0x82785000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82800000 \SystemRoot\system32\drivers\ndis.sys
0x8290B000 \SystemRoot\system32\drivers\msrpc.sys
0x82936000 \SystemRoot\system32\drivers\NETIO.SYS
0x82A03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82B12000 \SystemRoot\system32\drivers\volsnap.sys
0x82B4B000 \SystemRoot\System32\Drivers\spldr.sys
0x82B53000 \SystemRoot\System32\Drivers\mup.sys
0x82B62000 \SystemRoot\System32\drivers\ecache.sys
0x82B89000 \SystemRoot\system32\drivers\disk.sys
0x82B9A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82BBB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8DCE3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8DCEE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E407000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EB02000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EBA1000 \SystemRoot\System32\drivers\watchdog.sys
0x8EBAE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EBB9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8DCF7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DD06000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DD18000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x8E00D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E0FD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E101000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E114000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8E11E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E129000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8E15D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E180000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x8E188000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E191000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E1A0000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8E1B0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DD52000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E1DE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E1E9000 \SystemRoot\system32\DRIVERS\VCam_WDM.sys
0x8E000000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8DD93000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DDBD000 \SystemRoot\system32\DRIVERS\VCam_WDM01.sys
0x8DDD3000 \SystemRoot\system32\DRIVERS\VCAM_WDM02.sys
0x8DDE9000 \SystemRoot\system32\DRIVERS\VCAM_WDM03.sys
0x8EBF7000 \SystemRoot\System32\Drivers\RootMdm.sys
0x82BD1000 \SystemRoot\system32\drivers\modem.sys
0x82BDE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x82BF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82970000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82993000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x829A2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x829B6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E400000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x829CB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x829DB000 \SystemRoot\system32\DRIVERS\VClone.sys
0x807A5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8DC00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x829E6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x829F0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x80600000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x805AA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F207000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F43D000 \SystemRoot\system32\drivers\portcls.sys
0x8F46A000 \SystemRoot\system32\drivers\drmk.sys
0x8F48F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8F5B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F5B7000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8F5D8000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8F601000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
0x8F660000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F669000 \SystemRoot\System32\Drivers\Null.SYS
0x8F670000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F680000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F687000 \SystemRoot\System32\drivers\vga.sys
0x8F693000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F6B4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F6BC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F6C4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F6CF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F6DD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F6E6000 \SystemRoot\System32\drivers\tcpip.sys
0x8F7CF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F7EA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x827F6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x805BB000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F805000 \SystemRoot\system32\drivers\afd.sys
0x8F84D000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8F852000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F884000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F89A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F8BB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F8DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F8F4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F8FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F936000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F940000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F961000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8F966000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F97D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8F9A4000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8DC02000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8F9CC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90404000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x966D0000 \SystemRoot\System32\win32k.sys
0x904DF000 \SystemRoot\System32\drivers\Dxapi.sys
0x904E9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x968F0000 \SystemRoot\System32\TSDDD.dll
0x96910000 \SystemRoot\System32\cdd.dll
0x904F8000 \SystemRoot\system32\drivers\luafv.sys
0x90513000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x9052A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9052D000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x90536000 \SystemRoot\system32\drivers\spsys.sys
0x8F9D9000 \SystemRoot\system32\DRIVERS\irda.sys
0x905E5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8DC3D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x905F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8DC67000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAE205000 \SystemRoot\system32\drivers\HTTP.sys
0xAE270000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAE28D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAE2A6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAE2BB000 \SystemRoot\system32\drivers\mrxdav.sys
0xAE2DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE2FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE333000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE34B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE372000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE3D6000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0xAE3DF000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0xAF60C000 \SystemRoot\system32\drivers\peauth.sys
0xAF6EA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAF6F4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAF700000 \??\C:\Windows\system32\drivers\TfNetMon.sys
0xAF70C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77200000 \Windows\System32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
620 C:\Windows\System32\smss.exe
692 C:\Windows\System32\csrss.exe
736 C:\Windows\System32\wininit.exe
744 C:\Windows\System32\csrss.exe
780 C:\Windows\System32\services.exe
792 C:\Windows\System32\lsass.exe
800 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1100 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1308 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\audiodg.exe
1492 C:\Windows\System32\SLsvc.exe
1552 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\svchost.exe
1948 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
612 C:\Windows\System32\spoolsv.exe
1216 C:\Windows\System32\svchost.exe
1944 C:\Windows\System32\agrsmsvc.exe
1920 C:\Windows\System32\svchost.exe
1588 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
2124 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
2148 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2208 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2228 C:\Windows\System32\svchost.exe
2240 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2276 C:\Windows\System32\svchost.exe
2320 C:\Program Files\ThreatFire\TFService.exe
2336 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2380 C:\Windows\System32\svchost.exe
2436 C:\Windows\System32\SearchIndexer.exe
2500 C:\Windows\System32\taskeng.exe
2576 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3500 C:\Windows\System32\taskeng.exe
3548 C:\Windows\System32\dwm.exe
3600 C:\Windows\explorer.exe
3120 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3136 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3196 C:\Program Files\Microsoft Security Essentials\msseces.exe
3036 C:\Program Files\Launch Manager\LManager.exe
2844 C:\Windows\System32\igfxtray.exe
3464 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3608 C:\Program Files\Apoint2K\Apoint.exe
2692 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2688 C:\Program Files\ThreatFire\TFTray.exe
2700 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3716 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2072 C:\Program Files\BitTorrent\bittorrent.exe
2056 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2304 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2568 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3672 C:\Windows\System32\igfxsrvc.exe
3684 C:\Program Files\Apoint2K\ApMsgFwd.exe
3484 C:\Windows\System32\igfxext.exe
1676 C:\Program Files\Mozilla Firefox\firefox.exe
3588 C:\Users\Danny\AppData\Local\Temp\RtkBtMnt.exe
4200 C:\Program Files\Apoint2K\Hidfind.exe
4220 C:\Program Files\Apoint2K\ApntEx.exe
5240 C:\Program Files\Windows Live\Contacts\wlcomm.exe
3356 C:\Windows\System32\wbem\WMIADAP.exe
4372 C:\Windows\System32\wbem\WmiPrvSE.exe
4160 C:\Windows\System32\SearchProtocolHost.exe
4304 C:\Windows\System32\SearchFilterHost.exe
1852 C:\Windows\System32\wbem\WmiPrvSE.exe
3212 C:\Windows\System32\wuauclt.exe
3952 C:\Users\Danny\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OC60F

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: CCF356FEC6D9BBB29EF3EF1E4270A2B799955EA4


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:58 PM

Posted 14 August 2010 - 05:16 PM

Run mbrcheck again and choose 'Y' and hit ENTER for more options.
Then choose option 1.
When prompted for a save name choose mbrdump then hit Enter.
This will save the file to your desktop.
Then you can close out of mbrcheck.

Then click Here to upload the file please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 DannyH89

DannyH89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 August 2010 - 05:20 PM

Hi, it's asking for a physical disk number between 1 and 99?
Not sure what to put here as I've only heard of disks being lettered (C:/ E:/ etc.)

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:58 PM

Posted 14 August 2010 - 05:21 PM

Hi it is number 0.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 DannyH89

DannyH89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 August 2010 - 05:28 PM

On trying to upload I get the message You don't have permission to open this file. Contact the file owner or administrator to obtain permission.

Also when I made the first dump I got a warning from Microsoft Security Essentials Alert about Trojan:DOS/Alureon.A saying it's been suspended and should I remove.

I'm thinking that removing this will unlock the mbrdump file for uploading but I'd rather double check with you than dash ahead and screw up.

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:58 PM

Posted 14 August 2010 - 05:32 PM

Temporarily disable Security essentials then you will be able to upload it.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 DannyH89

DannyH89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 August 2010 - 05:58 PM

Thanks a lot, the log should be uploaded now smile.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users