Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine results - redirect


  • This topic is locked This topic is locked
13 replies to this topic

#1 ctech101

ctech101

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 01 April 2011 - 02:09 AM

I've been trying to fix my computer. Whenever I use a search engine, redirects occur when I click on the search engine result (Google, Yahoo, and Bing is what I've noticed so far).

I'm guessing it's a rootkit issue. I've scanned with Malwarebytes and MS Security Essentials and have attempted to clean my computer. Nothing is working yet and I'd like to remove or fix this issue.

Here is my DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by johnp at 23:34:05.44 on Thu 03/31/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_19
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Users\johnp\Desktop\Defogger.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\johnp\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://whatismyipaddress.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=0509&m=aspire_m1202
uInternet Settings,ProxyServer = 96.9.164.140:3128
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "d:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: taxsoftware.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\johnp\appdata\roaming\mozilla\firefox\profiles\xpvd2f97.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.ftp - 96.9.164.140
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 96.9.164.140
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 96.9.164.140
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 96.9.164.140
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 96.9.164.140
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
============= SERVICES / DRIVERS ===============
.
R? androidusb;SAMSUNG Android Composite ADB Interface Driver
R? athrusb;Atheros Wireless LAN USB device driver
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? ETService;Empowering Technology Service
R? FontCache;Windows Font Cache Service
R? gbridge;Gbridge Virtual Miniport
R? gupdate;Google Update Service (gupdate)
R? MLPTDR_Q;MLPTDR_Q
R? MpKsl8c0135a8;MpKsl8c0135a8
R? MpNWMon;Microsoft Malware Protection Network Driver
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? NTIBackupSvc;NTI Backup Now 5 Backup Service
R? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
R? ssadmdm;SAMSUNG Android USB Modem Drivers
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Acer HomeMedia Connect Service;Acer HomeMedia Connect Service
S? atashost;WebEx Service Host for Support Center
S? athrusb6;Atheros Wireless LAN USB device driver 6 Series
S? easytether;easytether
S? MpFilter;Microsoft Malware Protection Driver
S? TeamViewer6;TeamViewer 6
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-03-31 23:05:43 -------- d-----w- c:\users\johnp\appdata\local\temp
2011-03-31 23:03:01 -------- d-----w- C:\$RECYCLE.BIN
2011-03-31 17:57:56 89088 ----a-w- c:\windows\MBR.exe
2011-03-31 17:57:55 98816 ----a-w- c:\windows\sed.exe
2011-03-31 17:57:55 256512 ----a-w- c:\windows\PEV.exe
2011-03-31 17:57:55 161792 ----a-w- c:\windows\SWREG.exe
2011-03-31 17:28:48 -------- d-----w- c:\program files\CCleaner
2011-03-31 17:23:59 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{881814ab-49df-435d-abfd-925e2e99ce78}\mpengine.dll
2011-03-25 05:51:16 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-25 05:50:59 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{7b7cf2db-291c-45a0-bf03-d21201507aad}\gapaengine.dll
2011-03-15 08:42:12 -------- d-----w- C:\btax
2011-03-15 08:36:41 10240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\MIMFPR_Q.DLL
2011-03-13 00:54:13 -------- d-----w- C:\Portable
2011-03-13 00:41:51 -------- d-----w- c:\progra~2\JohnPBackup
2011-03-12 18:01:01 -------- d-----w- c:\program files\JohnPBackup
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-18 05:16:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-18 05:16:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2007-02-02 01:02:54 313344 ----a-w- c:\program files\hjsplit.exe
2006-05-02 23:00:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-20 23:00:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-15 23:00:00 216064 --sh--r- c:\windows\system32\nbDX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3320813AS rev.SD23 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85E1B439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e217d0]; MOV EAX, [0x85e2184c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82249962] -> \Device\Harddisk0\DR0[0x850AF7D0]
3 CLASSPNP[0x879A68B3] -> ntkrnlpa!IofCallDriver[0x82249962] -> [0x850B3A70]
5 acpi[0x806146BC] -> ntkrnlpa!IofCallDriver[0x82249962] -> [0x850A8030]
\Driver\atapi[0x85E07F38] -> IRP_MJ_CREATE -> 0x85E1B439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3320813AS_____________________________SD23____#5&267d2570&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 23:35:01.48 ===============


Your help would be greatly appreciated!

John

Attached Files


Edited by ctech101, 01 April 2011 - 02:10 AM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:55 AM

Posted 01 April 2011 - 07:32 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 ctech101

ctech101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 02 April 2011 - 12:29 PM

Hi SweetTech,

Thanks for helping!

Here are the 3 logs:

TDSSkiller

2011/04/02 09:43:31.0762 5812 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/02 09:43:31.0980 5812 ================================================================================
2011/04/02 09:43:31.0980 5812 SystemInfo:
2011/04/02 09:43:31.0980 5812
2011/04/02 09:43:31.0980 5812 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/02 09:43:31.0980 5812 Product type: Workstation
2011/04/02 09:43:31.0980 5812 ComputerName: ACER1
2011/04/02 09:43:31.0980 5812 UserName: johnp
2011/04/02 09:43:31.0980 5812 Windows directory: C:\Windows
2011/04/02 09:43:31.0980 5812 System windows directory: C:\Windows
2011/04/02 09:43:31.0980 5812 Processor architecture: Intel x86
2011/04/02 09:43:31.0980 5812 Number of processors: 1
2011/04/02 09:43:31.0980 5812 Page size: 0x1000
2011/04/02 09:43:31.0980 5812 Boot type: Normal boot
2011/04/02 09:43:31.0980 5812 ================================================================================
2011/04/02 09:43:34.0804 5812 Initialize success
2011/04/02 09:44:10.0216 4532 ================================================================================
2011/04/02 09:44:10.0216 4532 Scan started
2011/04/02 09:44:10.0216 4532 Mode: Manual;
2011/04/02 09:44:10.0216 4532 ================================================================================
2011/04/02 09:44:11.0604 4532 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/02 09:44:11.0651 4532 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/02 09:44:11.0807 4532 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/02 09:44:11.0916 4532 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/02 09:44:11.0948 4532 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/02 09:44:12.0057 4532 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/02 09:44:12.0228 4532 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/02 09:44:12.0431 4532 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/02 09:44:12.0603 4532 ahcix86s (844a6734e8bb3530fb1444ed698087bd) C:\Windows\system32\drivers\ahcix86s.sys
2011/04/02 09:44:12.0681 4532 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/02 09:44:12.0806 4532 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/02 09:44:12.0930 4532 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/02 09:44:12.0962 4532 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/02 09:44:13.0024 4532 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/02 09:44:13.0149 4532 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/02 09:44:13.0352 4532 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
2011/04/02 09:44:13.0586 4532 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/02 09:44:13.0710 4532 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/02 09:44:13.0851 4532 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/02 09:44:13.0944 4532 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/02 09:44:14.0116 4532 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
2011/04/02 09:44:14.0288 4532 athrusb6 (373469e83fb000aae521068c84827fa7) C:\Windows\system32\DRIVERS\athru6.sys
2011/04/02 09:44:14.0506 4532 atikmdag (8ae1745bfc7d383daa3f82fe8d7be7c0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/02 09:44:14.0631 4532 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/02 09:44:14.0849 4532 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/02 09:44:15.0052 4532 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/02 09:44:15.0192 4532 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/02 09:44:15.0302 4532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/02 09:44:15.0395 4532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/02 09:44:15.0567 4532 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/02 09:44:15.0598 4532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/02 09:44:15.0645 4532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/02 09:44:15.0660 4532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/02 09:44:15.0801 4532 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/02 09:44:16.0316 4532 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/02 09:44:16.0362 4532 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/02 09:44:16.0487 4532 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/02 09:44:16.0534 4532 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/02 09:44:16.0690 4532 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/02 09:44:16.0752 4532 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/02 09:44:16.0784 4532 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/02 09:44:16.0893 4532 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/02 09:44:17.0033 4532 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/02 09:44:17.0376 4532 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/02 09:44:17.0517 4532 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/02 09:44:17.0844 4532 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/02 09:44:18.0172 4532 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/02 09:44:18.0328 4532 easytether (df197feb19746f8a6a310d32655814a0) C:\Windows\system32\DRIVERS\easytthr.sys
2011/04/02 09:44:18.0500 4532 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/02 09:44:18.0687 4532 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/02 09:44:18.0749 4532 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/02 09:44:19.0077 4532 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/02 09:44:19.0233 4532 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/02 09:44:19.0280 4532 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/02 09:44:19.0358 4532 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/02 09:44:19.0404 4532 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/02 09:44:19.0560 4532 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/02 09:44:19.0638 4532 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/02 09:44:19.0794 4532 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/02 09:44:19.0841 4532 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/02 09:44:19.0997 4532 gbridge (1130fe19f5ee6a514536a9fadff18664) C:\Windows\system32\DRIVERS\gbridge.sys
2011/04/02 09:44:20.0091 4532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/02 09:44:20.0309 4532 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/02 09:44:20.0434 4532 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/02 09:44:20.0559 4532 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/02 09:44:20.0606 4532 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/02 09:44:20.0715 4532 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/02 09:44:20.0871 4532 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/02 09:44:21.0183 4532 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/02 09:44:21.0308 4532 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/02 09:44:21.0386 4532 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/02 09:44:21.0495 4532 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/02 09:44:21.0542 4532 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/02 09:44:21.0588 4532 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/04/02 09:44:21.0698 4532 IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/02 09:44:21.0822 4532 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/02 09:44:21.0854 4532 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/02 09:44:21.0916 4532 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/02 09:44:22.0072 4532 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/02 09:44:22.0119 4532 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/02 09:44:22.0166 4532 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/02 09:44:22.0197 4532 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/02 09:44:22.0259 4532 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/02 09:44:22.0290 4532 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/02 09:44:22.0322 4532 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/02 09:44:22.0368 4532 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/02 09:44:22.0415 4532 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/02 09:44:22.0493 4532 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/02 09:44:22.0680 4532 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/04/02 09:44:22.0899 4532 L8042mou (8a5993705add14352c9a279fa8338334) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/04/02 09:44:23.0226 4532 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/02 09:44:23.0351 4532 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/02 09:44:23.0429 4532 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/02 09:44:23.0554 4532 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/04/02 09:44:23.0616 4532 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/02 09:44:23.0726 4532 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/02 09:44:23.0866 4532 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/02 09:44:23.0913 4532 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/02 09:44:24.0131 4532 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\Windows\system32\DRIVERS\lvpopflt.sys
2011/04/02 09:44:24.0334 4532 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
2011/04/02 09:44:24.0506 4532 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/02 09:44:24.0818 4532 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/04/02 09:44:24.0974 4532 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/02 09:44:25.0052 4532 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/02 09:44:25.0130 4532 MLPTDR_Q (b39bf953a3a304a2d12751692ec355a0) C:\Windows\system32\MLPTDR_Q.sys
2011/04/02 09:44:25.0192 4532 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/02 09:44:25.0317 4532 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/02 09:44:25.0348 4532 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/02 09:44:25.0442 4532 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/02 09:44:25.0488 4532 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/02 09:44:25.0582 4532 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/02 09:44:25.0754 4532 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/02 09:44:26.0066 4532 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/02 09:44:26.0222 4532 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/02 09:44:26.0284 4532 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/02 09:44:26.0331 4532 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/02 09:44:26.0393 4532 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/02 09:44:26.0424 4532 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/02 09:44:26.0487 4532 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/02 09:44:26.0518 4532 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/02 09:44:26.0549 4532 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/02 09:44:26.0612 4532 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/02 09:44:26.0690 4532 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/02 09:44:26.0752 4532 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/02 09:44:26.0970 4532 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/02 09:44:27.0126 4532 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/02 09:44:27.0251 4532 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/02 09:44:27.0282 4532 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/02 09:44:27.0329 4532 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/02 09:44:27.0392 4532 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/02 09:44:27.0485 4532 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/02 09:44:27.0548 4532 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/02 09:44:27.0579 4532 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/02 09:44:27.0610 4532 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/02 09:44:27.0672 4532 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/02 09:44:27.0719 4532 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/02 09:44:27.0750 4532 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/02 09:44:27.0813 4532 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/02 09:44:27.0984 4532 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/02 09:44:28.0078 4532 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/02 09:44:28.0296 4532 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/02 09:44:28.0359 4532 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/02 09:44:28.0437 4532 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/02 09:44:28.0484 4532 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/04/02 09:44:28.0530 4532 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/02 09:44:28.0562 4532 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/02 09:44:28.0608 4532 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/02 09:44:28.0640 4532 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/02 09:44:28.0686 4532 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/02 09:44:28.0827 4532 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/02 09:44:28.0998 4532 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/02 09:44:29.0076 4532 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/02 09:44:29.0170 4532 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/02 09:44:29.0217 4532 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/02 09:44:29.0264 4532 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/02 09:44:29.0310 4532 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/02 09:44:29.0388 4532 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/02 09:44:29.0544 4532 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/02 09:44:29.0607 4532 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/02 09:44:29.0685 4532 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/02 09:44:29.0732 4532 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/04/02 09:44:29.0778 4532 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/04/02 09:44:29.0856 4532 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/04/02 09:44:30.0028 4532 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/02 09:44:30.0184 4532 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/02 09:44:30.0262 4532 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/02 09:44:30.0340 4532 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/02 09:44:30.0387 4532 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/02 09:44:30.0465 4532 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/02 09:44:30.0527 4532 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/02 09:44:30.0590 4532 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/02 09:44:30.0605 4532 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/02 09:44:30.0652 4532 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/02 09:44:30.0683 4532 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/02 09:44:30.0746 4532 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/02 09:44:30.0933 4532 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/04/02 09:44:30.0995 4532 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/02 09:44:31.0042 4532 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/02 09:44:31.0198 4532 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
2011/04/02 09:44:31.0260 4532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/02 09:44:31.0292 4532 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/02 09:44:31.0338 4532 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/02 09:44:31.0370 4532 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/02 09:44:31.0416 4532 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/02 09:44:31.0432 4532 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/02 09:44:31.0448 4532 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/02 09:44:31.0479 4532 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/02 09:44:31.0510 4532 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/02 09:44:31.0541 4532 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/02 09:44:31.0557 4532 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/02 09:44:31.0666 4532 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/02 09:44:31.0728 4532 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/02 09:44:31.0806 4532 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/02 09:44:31.0900 4532 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/02 09:44:32.0025 4532 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/02 09:44:32.0430 4532 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/04/02 09:44:32.0493 4532 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/04/02 09:44:32.0524 4532 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/04/02 09:44:32.0633 4532 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/02 09:44:32.0696 4532 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/02 09:44:32.0727 4532 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/02 09:44:32.0742 4532 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/02 09:44:32.0852 4532 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/02 09:44:33.0054 4532 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/02 09:44:33.0257 4532 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/02 09:44:33.0398 4532 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/02 09:44:33.0444 4532 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/02 09:44:33.0507 4532 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/02 09:44:33.0569 4532 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/02 09:44:33.0632 4532 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/02 09:44:33.0710 4532 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/02 09:44:33.0803 4532 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/02 09:44:33.0866 4532 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/02 09:44:33.0912 4532 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/04/02 09:44:34.0006 4532 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/02 09:44:34.0131 4532 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/02 09:44:34.0178 4532 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/02 09:44:34.0209 4532 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/02 09:44:34.0240 4532 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/02 09:44:34.0271 4532 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/02 09:44:34.0365 4532 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/02 09:44:34.0458 4532 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/02 09:44:34.0505 4532 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/02 09:44:34.0552 4532 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/02 09:44:34.0614 4532 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/02 09:44:34.0661 4532 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/02 09:44:34.0755 4532 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/02 09:44:34.0817 4532 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/02 09:44:34.0911 4532 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/02 09:44:35.0067 4532 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/02 09:44:35.0145 4532 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/02 09:44:35.0254 4532 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/02 09:44:35.0301 4532 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/02 09:44:35.0332 4532 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/02 09:44:35.0348 4532 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/02 09:44:35.0379 4532 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/02 09:44:35.0441 4532 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/02 09:44:35.0504 4532 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/02 09:44:35.0550 4532 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/02 09:44:35.0597 4532 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/02 09:44:35.0628 4532 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 09:44:35.0644 4532 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 09:44:35.0706 4532 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/02 09:44:35.0753 4532 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/02 09:44:35.0878 4532 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/02 09:44:35.0972 4532 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/02 09:44:36.0065 4532 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/02 09:44:36.0143 4532 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/02 09:44:36.0315 4532 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/02 09:44:36.0440 4532 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/02 09:44:36.0455 4532 ================================================================================
2011/04/02 09:44:36.0455 4532 Scan finished
2011/04/02 09:44:36.0455 4532 ================================================================================
2011/04/02 09:44:36.0471 4224 Detected object count: 1
2011/04/02 09:45:29.0074 4224 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/02 09:45:29.0074 4224 \HardDisk0 - ok
2011/04/02 09:45:29.0090 4224 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/02 09:46:04.0159 4288 Deinitialize success


OTL.txt

OTL Extras logfile created on: 4/2/2011 9:52:54 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\johnp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.69 Gb Total Space | 33.40 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive D: | 67.13 Gb Total Space | 53.00 Gb Free Space | 78.95% Space Free | Partition Type: NTFS

Computer Name: ACER1 | User Name: johnp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F0ED18-6011-45AD-A9E6-21D994E6C125}" = lport=139 | protocol=6 | dir=in | app=system |
"{07A9BE0E-3686-4867-87BE-D3080442D3E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{0C771613-9605-4F5C-ABAB-CD92F8B1FD42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11F9A87C-3629-486D-B2D0-9643705D6CF2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{149EDFBA-9C76-4148-AD5D-3F749C4DEECE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2AC3B6DA-8820-4DF8-A345-1E6015553593}" = lport=137 | protocol=17 | dir=in | app=system |
"{2CA7F22C-49E5-4D13-B0AD-3F4BC062D778}" = lport=138 | protocol=17 | dir=in | app=system |
"{33C16619-CAF8-4ACC-84B3-E7104FF93DBC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F44350D-6675-409D-88F6-063C44913854}" = lport=445 | protocol=6 | dir=in | app=system |
"{51F4F75E-D1AE-445F-9B6E-8D57C4F14F3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A4E3D91-E126-4501-9F2F-7BB63B6AE876}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AB69EA0-1215-40DD-A33D-F3D725003A1C}" = lport=5357 | protocol=6 | dir=in | name=5357 |
"{6B9E128B-ED38-4685-BDF5-32D65C7BD301}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{746C9D1F-D1B0-4ED3-A0A8-280BC2D3A82C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{894AC9F6-5CD3-43B2-B949-940776295606}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9562A6C0-A543-4022-8AAC-AD4D589BFF7B}" = lport=3702 | protocol=17 | dir=in | name=3702 |
"{A85F3BCC-B53D-4E2E-BA30-185419B617D9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B3DF7879-F077-48C7-9A6C-534919568152}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B739117C-4989-4A97-B1F6-508FA2DF4791}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD096A30-89A0-4F58-A806-486E7C77FBEE}" = rport=445 | protocol=6 | dir=out | app=system |
"{BD2FA16D-BBBB-43D5-AB0A-CBDDEF312E0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDC72AFD-D474-40F0-9FE2-FE86AE89737E}" = lport=445 | protocol=6 | dir=in | app=system |
"{C875ED63-0969-45A5-85A0-5E8C92A603DA}" = lport=137 | protocol=17 | dir=in | name=137 |
"{CEE931B5-8637-42F3-A9DD-3A6952D22DDA}" = lport=139 | protocol=6 | dir=in | name=139 |
"{E26E2D65-30CD-470A-9AAA-892511D92D9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6B80725-78F0-4C36-9015-DA38ED376E85}" = lport=5358 | protocol=6 | dir=in | name=5358 |
"{F9D59315-E632-4DCF-AC0E-559DAD66754E}" = lport=138 | protocol=17 | dir=in | name=138 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03002C81-27BF-4631-AEF3-772A598670CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{068B393A-64A0-4963-B717-2650F5C51E6D}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbridge.exe |
"{139DD3AA-6892-469A-8834-5FB43E3A8892}" = protocol=6 | dir=in | app=c:\program files\acer\acer assist\acerassist.exe |
"{175E6AD9-91FC-492C-9429-F7F309E177EB}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{17A4FF37-8C61-4098-B1FE-557E3479C398}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1B9BCF83-FF37-4AD5-8B35-507EB9848BA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20AA1398-C727-408E-88AA-492C4F732918}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2499E459-1E21-4A50-8D37-B89D3896C930}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbridge.exe |
"{24B5FD35-D750-4684-B2A4-00C8A7906D25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B55A5CE-E0AB-460F-9C9C-4F15F435CA4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F15021D-70C2-4B48-B9A9-5E2AB1E65BFA}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbvncviewer.exe |
"{3046D15C-C0A9-435A-8D85-F93B07DCEE83}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{326E934E-B1E1-4E57-A87B-B7D6C83F1BDA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{3424B884-FB0A-4DD5-9AD8-F23A71E780C6}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{34C812C6-8C7D-4CB5-AE0F-07C74CFBB458}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37F4B56C-7012-472C-8969-678D99A81094}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{39CC261A-F0E3-461A-ADD0-C2CA1F4F9BE7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EF67C82-A228-4083-BCC5-7DF13B7C6461}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{4102994A-28FF-4218-8B85-7CEF85A4A67E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41C4DDA7-98BB-405E-8FF3-F6A77217E131}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbridge.exe |
"{436382BF-13CF-4C74-93FC-0B4E02CC330E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43E7CFC4-1C1D-4B2D-A7EF-B3B294B24297}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbwinvnc.exe |
"{45EBF856-5E08-4610-B9EE-14389A6A52C6}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{4DDF3096-2BD8-47A4-AF24-C7495C0F4698}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4EB462F3-F0B4-47D9-BFCD-AA6DAD872900}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{576B4796-AA6B-46DF-B1EE-AD8F1F23BCCC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{5D8721DC-2076-4354-8CAB-08F36ACE1527}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmapp.exe |
"{61013635-EED9-46BA-BBC8-3BAA2F96095D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{61257A51-BDA6-4FAC-8DF2-7C53273971C5}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbvncviewer.exe |
"{656E7283-89C7-4688-9194-AD65F929D142}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B2AF6DE-4EC5-4CEE-94A2-8454A5F75796}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D045135-8267-4103-81F2-09B60FCB6E53}" = protocol=6 | dir=in | app=d:\program files\opera\opera.exe |
"{7258D046-3FF2-463F-81C7-58A82F0297B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73F53045-D46C-456A-A7ED-F7A5459364EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7724D23D-EA47-42CE-94D6-17BC84150795}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79379EF6-2D44-486C-AECE-C562B5802747}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AB81A95-5E59-4B8A-BB17-55FA4703F249}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{837F6A55-3820-4884-9375-73C01DF57C7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84B71819-6E37-40F8-9EAB-F9993F036465}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmapp.exe |
"{87641EEB-A146-435F-B94F-B4E7A1FE6A52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CC0548D-96E7-444E-9D27-054203FC09B7}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmctxth.exe |
"{8E24023B-9C9C-4F6E-A075-5DA6D6643522}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8F56E084-3FE3-41FF-8D10-1DE138AB2F41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92CAC36C-0C6D-479D-A346-D06DBBCC3D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B1E96CD-256A-46A5-919F-0CF9484785FC}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbridge.exe |
"{9C1AD608-9C39-4DDF-96EB-9A1C758FD755}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DE82A9B-D673-4CDF-8C82-009C0391209F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E239E23-D81D-44A0-A1F0-2CE418825AB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EEB6F76-E028-49BB-A58F-70058947D955}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A05106C4-1C98-4D43-88ED-0CAF3A8909E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0F676D9-8BA6-4C95-A030-4F2072898395}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A172583B-F7F0-4B29-B58E-BB51CECB3B68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3D31F5A-F836-4FA0-A74F-A1103C0FF3D1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A45B8BC8-B6E4-4361-BEC2-4AA8DA09131A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7B5C124-F401-4D1F-B5E2-D76F8880B807}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{AA672E56-0797-48C5-AD2B-433F0F003B57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABAC3336-7332-4036-9876-F35AB8BA2C00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACF42200-7414-43E4-A8B2-9E914266FEE2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{AD898EB4-C9B2-4D74-8007-AF32BB4EC322}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AD8BAB8A-2F22-467F-AA91-12AE35F1AD30}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmctxth.exe |
"{AF0E3C1A-C24C-4B56-A211-9D20898F321E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{AFFE2500-4842-49C3-89A1-364EBF53DC24}" = protocol=17 | dir=in | app=c:\program files\acer\acer assist\acerassist.exe |
"{B331D88C-2093-4A34-8DD1-A6365320B069}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD2844D7-8F34-4DC5-8179-CE94CE04A9A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDD5B064-37A5-4A43-868F-BAE68A3D5890}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C247077B-7414-4E8A-8B2C-7F12818B016C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C262F867-D60F-4C47-A645-D81FD8626CC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C52AE657-CF5A-4B2F-A7A9-FCE361DF48E5}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbwinvnc.exe |
"{C56566D9-B26E-42B8-A253-619704271C3D}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{C5FA7533-AC93-4E4F-9D36-C40F2E90BCD1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C7C9B11F-989A-45B9-96D9-82AF90442AA5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{C9AB31C2-9699-4FD1-8BBC-54B8217FBEED}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmapp.exe |
"{CB46954B-1C0E-4C30-9032-8A329ACE9DCC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{CBB3072A-F1F8-460A-8A8F-DDE47B6F2E4B}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmapp.exe |
"{CCC5FDDE-DFC6-46F5-8E40-F5D470D77C34}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{CF007FDE-28E5-4729-930C-A2BDBB62745D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF732BAB-2434-43CE-8537-E8E3F7B91790}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D123BB98-FC28-44DB-8A74-DC4CE8F0B1F8}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbwinvnc.exe |
"{D16B042A-3C3F-4E62-B074-257648EE5400}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D23C1D21-DAE5-40A3-BE48-B8369F500D54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D273A5D0-E034-4D19-89CF-21444163881E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D283C2A1-56F4-436D-89FC-00681E82C182}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{D359F420-2DB1-4A42-BC59-48C050F3D1B4}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbwinvnc.exe |
"{D3B219FB-F5D3-4E41-843B-CE091E691B31}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3EF3938-2C6A-453D-A020-9FCD1D4F7041}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbvncviewer.exe |
"{D48F7730-964C-4927-B0C9-B1AC4B7FA67A}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{D5F55413-0999-4C9D-803A-A1737B545FA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7F1BD08-DE70-4E30-BB31-DEE58FEB6219}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB0C3FB6-03CE-41FE-AF5A-30338FC8C68F}" = protocol=17 | dir=in | app=d:\program files\opera\opera.exe |
"{DB800697-D0B5-488A-BAF6-E13D0AEA6CE7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E09E759F-2836-4C83-9C66-A613DC7729BF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{E131CE0E-77D2-4C80-B469-39F5B5F93D72}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{EA2058C1-4F07-4133-B027-5C7AFD69F527}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EEE7D582-80A3-4FF6-BF39-1B9B2FEFA710}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{F2C45439-931D-413D-85C3-9EA1A46BC489}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbvncviewer.exe |
"{F911BAE8-1A77-4FE5-880A-0CC7E30F3A76}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB85ACBE-2326-40AA-B94A-3411339B3790}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{FEBD59A2-1002-4297-AB42-30DBF07E26D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5108E755-C4C3-46EC-A627-5B6C3C474818}C:\program files\utorrent\utorrent-.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent-.exe |
"TCP Query User{5457B324-3AC7-49B0-9F21-2506F14D36E1}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |
"TCP Query User{8AE2F393-1E27-4D26-A597-D6EFA153A58C}C:\program files\tightvnc\tvnserver.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"TCP Query User{944F220E-AB23-4BF5-A0C1-B2E41319FF6E}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"TCP Query User{B401240D-1541-48AF-B2D8-E955F1B693D4}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{C2E52CA4-8C47-4AD1-91E5-F4B7E05D6BAE}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{CE88D324-4F07-41BE-9C34-29659AFB5655}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D59DC528-D265-4BA0-8D03-5CAC37CE7959}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{17542FC1-3B05-4D13-A9B5-2756EA92233D}C:\program files\utorrent\utorrent-.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent-.exe |
"UDP Query User{2A900501-DA4E-4028-BEBB-E26CD02DD4A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{391BDA0D-CA79-4E45-8025-A410F4FDCF97}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"UDP Query User{5C082976-6E04-4083-8FD3-EF56A53690FD}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{64F4A6DE-B67C-4763-B4A2-43CBB5E62902}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{901212B1-6664-415C-B94B-7302A9A7E51F}C:\program files\tightvnc\tvnserver.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"UDP Query User{C8FE7D76-335D-4550-98CB-03B8E62D92E7}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |
"UDP Query User{FC8EFD58-0A24-4453-9AEF-FD72BED42F46}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0025DA8D-F344-E316-885A-2D71C66B0FB1}" = Catalyst Control Center Localization Norwegian
"{01B0503D-45A2-CCA2-44DF-C716B80B7EB6}" = Catalyst Control Center Graphics Light
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C74BC57-4128-D428-D4A5-267F66C80C7C}" = CCC Help German
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1AEB447A-34B8-7DB5-67B8-1E54DADD6572}" = Catalyst Control Center Localization Polish
"{1B897B3A-57C2-DF09-C6CC-E6B9FA0AC44F}" = CCC Help Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{2037D7FD-6401-DDC7-A499-2FDF9ADCD04F}" = CCC Help Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AD8584-EDAC-7D00-71CC-79D111C5B27B}" = CCC Help Italian
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2295D7EE-0575-D2CC-E52A-102F2AF01169}" = CCC Help Russian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 19
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2ED84754-62AA-80F6-E434-9C03FF1D4221}" = Catalyst Control Center Localization Korean
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30965141-4363-2683-885F-4A35810A382B}" = CCC Help Portuguese
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{311D49FD-6B52-D68F-CFBC-796F22554404}" = Catalyst Control Center Localization Dutch
"{31FDDB24-D8FE-456A-8479-5E0526D5EAAF}" = Skype Call Recorder
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3AD4FFEC-0DEC-5037-C92F-C294FEA8F320}" = Catalyst Control Center Localization Hungarian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C71054A-352C-4ABD-5643-4C8F8617AE08}" = CCC Help Danish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FE1C3BB-91B1-119B-47FE-49143E2AD10B}" = CCC Help Spanish
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86)
"{48EF56FD-3B28-DEB7-7C63-85908395E6A6}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager
"{4F896C8E-8AEF-4C27-31CD-56E6E200FAB4}" = CCC Help Dutch
"{53C436CD-155C-6159-D12B-55967DAB8887}" = CCC Help Norwegian
"{5E396C14-A2E0-3F7B-42FE-15569155234A}" = CCC Help Chinese Standard
"{60245C29-8A73-CF88-275F-A79BA580E748}" = CCC Help Korean
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{68F2FB07-4F60-734A-46FD-493A109D1514}" = CCC Help English
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FD29E18-619D-259B-948F-3A65967486A3}" = ccc-core-static
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77FB2697-2C28-9572-6452-F2418A33834E}" = Catalyst Control Center Localization Russian
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CC14E1A-17B4-27A6-2086-2A52BCC16A16}" = Catalyst Control Center Localization Italian
"{7D30776C-F30F-4207-6A82-EF0E1D6DCD23}" = CCC Help Chinese Traditional
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8011B8CD-CD37-5B5D-4423-78D358B70C21}" = ccc-utility
"{804AB28B-F929-370A-B3AB-5BB99DFD73DF}" = Catalyst Control Center Localization Chinese Standard
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84E98285-BEC0-8C52-EB74-10C281737023}" = Catalyst Control Center Localization Portuguese
"{862673D1-8F64-A109-47A9-CD5CFAABBD2A}" = Catalyst Control Center Localization Finnish
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89EFA70F-87DF-4B19-6366-77B9D693C20E}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB9E645-E6DB-A4BB-B18A-265435D13274}" = Catalyst Control Center Graphics Full Existing
"{8E62F311-A40C-A7B3-C595-FE1E17D838F8}" = Skins
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DD5DE-0798-883F-8B23-55D3843F3E59}" = Catalyst Control Center Localization Turkish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92933B9E-3273-9DD6-7F47-EB6DD029C6AC}" = Catalyst Control Center Localization Chinese Traditional
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954513A8-AAE3-97E9-1FB8-A1D70FD1A549}" = CCC Help Greek
"{9738C893-02C6-6694-DD7B-D50CC8D57248}" = Catalyst Control Center Core Implementation
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DF93979-12BD-D361-0624-9025215FD8B5}" = CCC Help Finnish
"{9F153AD3-3523-4542-818E-AE2F92249667}" = SAMSUNG USB Driver for Mobile Phones
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4BEC8AC-0E57-E1F8-C3C5-01ED0F27ECB9}" = Catalyst Control Center Localization French
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A91FB756-A9B5-7A88-7637-21B3061B97A7}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{ABB2D074-04BC-4F41-A1CB-7FB9AF4100DC}" = GFX Video Writer
"{AC4451B3-1CC2-7C5D-F0EC-AD2DADE9DFF2}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC9450D2-2344-132D-AAA8-DB418BC6F3E5}" = CCC Help Hungarian
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2F6A8F0-927A-D0CC-D1CB-FCEBD7528799}" = Catalyst Control Center Localization Czech
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{C0AF881D-EB63-A1D6-F29A-1EAD7BAEDB95}" = Catalyst Control Center Localization Japanese
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf
"{C75252FF-A765-B58A-44D1-D10C24E69E59}" = Catalyst Control Center Localization Thai
"{CAAF4EB9-68E8-6BC9-ADC2-24491B70A84D}" = Catalyst Control Center Graphics Previews Vista
"{CC25FBAD-153D-0EB7-5EC5-0DE97A7A8788}" = Catalyst Control Center Localization Danish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D526673A-CF8C-4024-A20B-384591BFFCA8}" = VC90
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E95C1190-3C4A-45B7-B2ED-B49BD1972BB4}" = EasyTether
"{EA34B5D9-A3C9-333A-B1CD-ABCC975FB5EF}" = CCC Help French
"{EBCDE4F2-C6F7-1188-DDE7-15966902EC6A}" = Catalyst Control Center Localization Swedish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}" = VGA USB Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F66208C6-E88B-27B6-9C49-09E78739F017}" = Catalyst Control Center Localization German
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F9E0767F-6DB6-9B56-3BEF-50BAFC430934}" = Catalyst Control Center Localization Greek
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCB5EE95-A308-F826-9C6B-18DD2EEA1992}" = CCC Help Polish
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE8A68F6-3C7C-D143-F898-C6C1F26CB41E}" = CCC Help Czech
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AI RoboForm" = AI RoboForm (All Users)
"AP Tuner 3.08" = AP Tuner 3.08
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
"DebugMode Wink" = DebugMode Wink
"DivXCodec" = DivX 4.12 Codec
"doPDF 6 printer_is1" = doPDF 6.3 printer
"Foxit Reader" = Foxit Reader
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"Gzip-1.3.12-1_is1" = GnuWin32: Gzip-1.3.12-1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IIM5_is1" = iMacros V6.90
"InfoRapid Search & Replace" = InfoRapid Search & Replace
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
"KONICA MINOLTA PagePro 1350W" = KONICA MINOLTA PagePro 1350W
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LameACM" = Lame ACM MP3 Codec
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MPEG Mediator" = MPEG Mediator 1.5
"mpegable DS" = mpegable DS decoder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"SUPER " = SUPER Version 2010.bld.42 (Nov 7, 2010)
"TeamViewer 6" = TeamViewer 6
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Viral PDF Silver Edition_is1" = Viral PDF Silver Edition v2.0
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.0.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2936BA206D985FAE13777719CA18A9A97FD3533C" = Microsoft Advertising Intelligence
"FileZilla Client" = FileZilla Client 3.3.4.1
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Extras.txt

OTL Extras logfile created on: 4/2/2011 9:52:54 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\johnp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.69 Gb Total Space | 33.40 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive D: | 67.13 Gb Total Space | 53.00 Gb Free Space | 78.95% Space Free | Partition Type: NTFS

Computer Name: ACER1 | User Name: johnp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F0ED18-6011-45AD-A9E6-21D994E6C125}" = lport=139 | protocol=6 | dir=in | app=system |
"{07A9BE0E-3686-4867-87BE-D3080442D3E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{0C771613-9605-4F5C-ABAB-CD92F8B1FD42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11F9A87C-3629-486D-B2D0-9643705D6CF2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{149EDFBA-9C76-4148-AD5D-3F749C4DEECE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2AC3B6DA-8820-4DF8-A345-1E6015553593}" = lport=137 | protocol=17 | dir=in | app=system |
"{2CA7F22C-49E5-4D13-B0AD-3F4BC062D778}" = lport=138 | protocol=17 | dir=in | app=system |
"{33C16619-CAF8-4ACC-84B3-E7104FF93DBC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F44350D-6675-409D-88F6-063C44913854}" = lport=445 | protocol=6 | dir=in | app=system |
"{51F4F75E-D1AE-445F-9B6E-8D57C4F14F3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A4E3D91-E126-4501-9F2F-7BB63B6AE876}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AB69EA0-1215-40DD-A33D-F3D725003A1C}" = lport=5357 | protocol=6 | dir=in | name=5357 |
"{6B9E128B-ED38-4685-BDF5-32D65C7BD301}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{746C9D1F-D1B0-4ED3-A0A8-280BC2D3A82C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{894AC9F6-5CD3-43B2-B949-940776295606}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9562A6C0-A543-4022-8AAC-AD4D589BFF7B}" = lport=3702 | protocol=17 | dir=in | name=3702 |
"{A85F3BCC-B53D-4E2E-BA30-185419B617D9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B3DF7879-F077-48C7-9A6C-534919568152}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B739117C-4989-4A97-B1F6-508FA2DF4791}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD096A30-89A0-4F58-A806-486E7C77FBEE}" = rport=445 | protocol=6 | dir=out | app=system |
"{BD2FA16D-BBBB-43D5-AB0A-CBDDEF312E0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDC72AFD-D474-40F0-9FE2-FE86AE89737E}" = lport=445 | protocol=6 | dir=in | app=system |
"{C875ED63-0969-45A5-85A0-5E8C92A603DA}" = lport=137 | protocol=17 | dir=in | name=137 |
"{CEE931B5-8637-42F3-A9DD-3A6952D22DDA}" = lport=139 | protocol=6 | dir=in | name=139 |
"{E26E2D65-30CD-470A-9AAA-892511D92D9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6B80725-78F0-4C36-9015-DA38ED376E85}" = lport=5358 | protocol=6 | dir=in | name=5358 |
"{F9D59315-E632-4DCF-AC0E-559DAD66754E}" = lport=138 | protocol=17 | dir=in | name=138 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03002C81-27BF-4631-AEF3-772A598670CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{068B393A-64A0-4963-B717-2650F5C51E6D}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbridge.exe |
"{139DD3AA-6892-469A-8834-5FB43E3A8892}" = protocol=6 | dir=in | app=c:\program files\acer\acer assist\acerassist.exe |
"{175E6AD9-91FC-492C-9429-F7F309E177EB}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{17A4FF37-8C61-4098-B1FE-557E3479C398}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1B9BCF83-FF37-4AD5-8B35-507EB9848BA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20AA1398-C727-408E-88AA-492C4F732918}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2499E459-1E21-4A50-8D37-B89D3896C930}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbridge.exe |
"{24B5FD35-D750-4684-B2A4-00C8A7906D25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B55A5CE-E0AB-460F-9C9C-4F15F435CA4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F15021D-70C2-4B48-B9A9-5E2AB1E65BFA}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbvncviewer.exe |
"{3046D15C-C0A9-435A-8D85-F93B07DCEE83}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{326E934E-B1E1-4E57-A87B-B7D6C83F1BDA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{3424B884-FB0A-4DD5-9AD8-F23A71E780C6}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{34C812C6-8C7D-4CB5-AE0F-07C74CFBB458}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37F4B56C-7012-472C-8969-678D99A81094}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{39CC261A-F0E3-461A-ADD0-C2CA1F4F9BE7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EF67C82-A228-4083-BCC5-7DF13B7C6461}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{4102994A-28FF-4218-8B85-7CEF85A4A67E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41C4DDA7-98BB-405E-8FF3-F6A77217E131}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbridge.exe |
"{436382BF-13CF-4C74-93FC-0B4E02CC330E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43E7CFC4-1C1D-4B2D-A7EF-B3B294B24297}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbwinvnc.exe |
"{45EBF856-5E08-4610-B9EE-14389A6A52C6}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{4DDF3096-2BD8-47A4-AF24-C7495C0F4698}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4EB462F3-F0B4-47D9-BFCD-AA6DAD872900}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{576B4796-AA6B-46DF-B1EE-AD8F1F23BCCC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{5D8721DC-2076-4354-8CAB-08F36ACE1527}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmapp.exe |
"{61013635-EED9-46BA-BBC8-3BAA2F96095D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{61257A51-BDA6-4FAC-8DF2-7C53273971C5}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbvncviewer.exe |
"{656E7283-89C7-4688-9194-AD65F929D142}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B2AF6DE-4EC5-4CEE-94A2-8454A5F75796}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D045135-8267-4103-81F2-09B60FCB6E53}" = protocol=6 | dir=in | app=d:\program files\opera\opera.exe |
"{7258D046-3FF2-463F-81C7-58A82F0297B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73F53045-D46C-456A-A7ED-F7A5459364EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7724D23D-EA47-42CE-94D6-17BC84150795}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79379EF6-2D44-486C-AECE-C562B5802747}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AB81A95-5E59-4B8A-BB17-55FA4703F249}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{837F6A55-3820-4884-9375-73C01DF57C7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84B71819-6E37-40F8-9EAB-F9993F036465}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmapp.exe |
"{87641EEB-A146-435F-B94F-B4E7A1FE6A52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CC0548D-96E7-444E-9D27-054203FC09B7}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmctxth.exe |
"{8E24023B-9C9C-4F6E-A075-5DA6D6643522}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8F56E084-3FE3-41FF-8D10-1DE138AB2F41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92CAC36C-0C6D-479D-A346-D06DBBCC3D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B1E96CD-256A-46A5-919F-0CF9484785FC}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbridge.exe |
"{9C1AD608-9C39-4DDF-96EB-9A1C758FD755}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DE82A9B-D673-4CDF-8C82-009C0391209F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E239E23-D81D-44A0-A1F0-2CE418825AB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EEB6F76-E028-49BB-A58F-70058947D955}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A05106C4-1C98-4D43-88ED-0CAF3A8909E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0F676D9-8BA6-4C95-A030-4F2072898395}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A172583B-F7F0-4B29-B58E-BB51CECB3B68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3D31F5A-F836-4FA0-A74F-A1103C0FF3D1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A45B8BC8-B6E4-4361-BEC2-4AA8DA09131A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7B5C124-F401-4D1F-B5E2-D76F8880B807}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{AA672E56-0797-48C5-AD2B-433F0F003B57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABAC3336-7332-4036-9876-F35AB8BA2C00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACF42200-7414-43E4-A8B2-9E914266FEE2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{AD898EB4-C9B2-4D74-8007-AF32BB4EC322}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AD8BAB8A-2F22-467F-AA91-12AE35F1AD30}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmctxth.exe |
"{AF0E3C1A-C24C-4B56-A211-9D20898F321E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{AFFE2500-4842-49C3-89A1-364EBF53DC24}" = protocol=17 | dir=in | app=c:\program files\acer\acer assist\acerassist.exe |
"{B331D88C-2093-4A34-8DD1-A6365320B069}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD2844D7-8F34-4DC5-8179-CE94CE04A9A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDD5B064-37A5-4A43-868F-BAE68A3D5890}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C247077B-7414-4E8A-8B2C-7F12818B016C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C262F867-D60F-4C47-A645-D81FD8626CC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C52AE657-CF5A-4B2F-A7A9-FCE361DF48E5}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbwinvnc.exe |
"{C56566D9-B26E-42B8-A253-619704271C3D}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{C5FA7533-AC93-4E4F-9D36-C40F2E90BCD1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C7C9B11F-989A-45B9-96D9-82AF90442AA5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{C9AB31C2-9699-4FD1-8BBC-54B8217FBEED}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmapp.exe |
"{CB46954B-1C0E-4C30-9032-8A329ACE9DCC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{CBB3072A-F1F8-460A-8A8F-DDE47B6F2E4B}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmapp.exe |
"{CCC5FDDE-DFC6-46F5-8E40-F5D470D77C34}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{CF007FDE-28E5-4729-930C-A2BDBB62745D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF732BAB-2434-43CE-8537-E8E3F7B91790}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D123BB98-FC28-44DB-8A74-DC4CE8F0B1F8}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbwinvnc.exe |
"{D16B042A-3C3F-4E62-B074-257648EE5400}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D23C1D21-DAE5-40A3-BE48-B8369F500D54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D273A5D0-E034-4D19-89CF-21444163881E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D283C2A1-56F4-436D-89FC-00681E82C182}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{D359F420-2DB1-4A42-BC59-48C050F3D1B4}" = protocol=17 | dir=in | app=c:\program files\gbridge llc\gbridge\gbwinvnc.exe |
"{D3B219FB-F5D3-4E41-843B-CE091E691B31}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3EF3938-2C6A-453D-A020-9FCD1D4F7041}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbvncviewer.exe |
"{D48F7730-964C-4927-B0C9-B1AC4B7FA67A}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{D5F55413-0999-4C9D-803A-A1737B545FA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7F1BD08-DE70-4E30-BB31-DEE58FEB6219}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB0C3FB6-03CE-41FE-AF5A-30338FC8C68F}" = protocol=17 | dir=in | app=d:\program files\opera\opera.exe |
"{DB800697-D0B5-488A-BAF6-E13D0AEA6CE7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E09E759F-2836-4C83-9C66-A613DC7729BF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{E131CE0E-77D2-4C80-B469-39F5B5F93D72}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{EA2058C1-4F07-4133-B027-5C7AFD69F527}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EEE7D582-80A3-4FF6-BF39-1B9B2FEFA710}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{F2C45439-931D-413D-85C3-9EA1A46BC489}" = protocol=6 | dir=in | app=c:\program files\gbridge llc\gbridge\gbvncviewer.exe |
"{F911BAE8-1A77-4FE5-880A-0CC7E30F3A76}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB85ACBE-2326-40AA-B94A-3411339B3790}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{FEBD59A2-1002-4297-AB42-30DBF07E26D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5108E755-C4C3-46EC-A627-5B6C3C474818}C:\program files\utorrent\utorrent-.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent-.exe |
"TCP Query User{5457B324-3AC7-49B0-9F21-2506F14D36E1}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |
"TCP Query User{8AE2F393-1E27-4D26-A597-D6EFA153A58C}C:\program files\tightvnc\tvnserver.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"TCP Query User{944F220E-AB23-4BF5-A0C1-B2E41319FF6E}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"TCP Query User{B401240D-1541-48AF-B2D8-E955F1B693D4}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{C2E52CA4-8C47-4AD1-91E5-F4B7E05D6BAE}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{CE88D324-4F07-41BE-9C34-29659AFB5655}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D59DC528-D265-4BA0-8D03-5CAC37CE7959}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{17542FC1-3B05-4D13-A9B5-2756EA92233D}C:\program files\utorrent\utorrent-.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent-.exe |
"UDP Query User{2A900501-DA4E-4028-BEBB-E26CD02DD4A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{391BDA0D-CA79-4E45-8025-A410F4FDCF97}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"UDP Query User{5C082976-6E04-4083-8FD3-EF56A53690FD}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{64F4A6DE-B67C-4763-B4A2-43CBB5E62902}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{901212B1-6664-415C-B94B-7302A9A7E51F}C:\program files\tightvnc\tvnserver.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"UDP Query User{C8FE7D76-335D-4550-98CB-03B8E62D92E7}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |
"UDP Query User{FC8EFD58-0A24-4453-9AEF-FD72BED42F46}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0025DA8D-F344-E316-885A-2D71C66B0FB1}" = Catalyst Control Center Localization Norwegian
"{01B0503D-45A2-CCA2-44DF-C716B80B7EB6}" = Catalyst Control Center Graphics Light
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C74BC57-4128-D428-D4A5-267F66C80C7C}" = CCC Help German
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1AEB447A-34B8-7DB5-67B8-1E54DADD6572}" = Catalyst Control Center Localization Polish
"{1B897B3A-57C2-DF09-C6CC-E6B9FA0AC44F}" = CCC Help Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{2037D7FD-6401-DDC7-A499-2FDF9ADCD04F}" = CCC Help Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AD8584-EDAC-7D00-71CC-79D111C5B27B}" = CCC Help Italian
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2295D7EE-0575-D2CC-E52A-102F2AF01169}" = CCC Help Russian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 19
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2ED84754-62AA-80F6-E434-9C03FF1D4221}" = Catalyst Control Center Localization Korean
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30965141-4363-2683-885F-4A35810A382B}" = CCC Help Portuguese
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{311D49FD-6B52-D68F-CFBC-796F22554404}" = Catalyst Control Center Localization Dutch
"{31FDDB24-D8FE-456A-8479-5E0526D5EAAF}" = Skype Call Recorder
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3AD4FFEC-0DEC-5037-C92F-C294FEA8F320}" = Catalyst Control Center Localization Hungarian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C71054A-352C-4ABD-5643-4C8F8617AE08}" = CCC Help Danish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FE1C3BB-91B1-119B-47FE-49143E2AD10B}" = CCC Help Spanish
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86)
"{48EF56FD-3B28-DEB7-7C63-85908395E6A6}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager
"{4F896C8E-8AEF-4C27-31CD-56E6E200FAB4}" = CCC Help Dutch
"{53C436CD-155C-6159-D12B-55967DAB8887}" = CCC Help Norwegian
"{5E396C14-A2E0-3F7B-42FE-15569155234A}" = CCC Help Chinese Standard
"{60245C29-8A73-CF88-275F-A79BA580E748}" = CCC Help Korean
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{68F2FB07-4F60-734A-46FD-493A109D1514}" = CCC Help English
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FD29E18-619D-259B-948F-3A65967486A3}" = ccc-core-static
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77FB2697-2C28-9572-6452-F2418A33834E}" = Catalyst Control Center Localization Russian
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CC14E1A-17B4-27A6-2086-2A52BCC16A16}" = Catalyst Control Center Localization Italian
"{7D30776C-F30F-4207-6A82-EF0E1D6DCD23}" = CCC Help Chinese Traditional
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8011B8CD-CD37-5B5D-4423-78D358B70C21}" = ccc-utility
"{804AB28B-F929-370A-B3AB-5BB99DFD73DF}" = Catalyst Control Center Localization Chinese Standard
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84E98285-BEC0-8C52-EB74-10C281737023}" = Catalyst Control Center Localization Portuguese
"{862673D1-8F64-A109-47A9-CD5CFAABBD2A}" = Catalyst Control Center Localization Finnish
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89EFA70F-87DF-4B19-6366-77B9D693C20E}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB9E645-E6DB-A4BB-B18A-265435D13274}" = Catalyst Control Center Graphics Full Existing
"{8E62F311-A40C-A7B3-C595-FE1E17D838F8}" = Skins
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DD5DE-0798-883F-8B23-55D3843F3E59}" = Catalyst Control Center Localization Turkish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92933B9E-3273-9DD6-7F47-EB6DD029C6AC}" = Catalyst Control Center Localization Chinese Traditional
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954513A8-AAE3-97E9-1FB8-A1D70FD1A549}" = CCC Help Greek
"{9738C893-02C6-6694-DD7B-D50CC8D57248}" = Catalyst Control Center Core Implementation
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB43A29-9E60-43F7-927C-2196137ED7E0}_is1" = Feed Submitter 3.0.0.0
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DF93979-12BD-D361-0624-9025215FD8B5}" = CCC Help Finnish
"{9F153AD3-3523-4542-818E-AE2F92249667}" = SAMSUNG USB Driver for Mobile Phones
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4BEC8AC-0E57-E1F8-C3C5-01ED0F27ECB9}" = Catalyst Control Center Localization French
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A91FB756-A9B5-7A88-7637-21B3061B97A7}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{ABB2D074-04BC-4F41-A1CB-7FB9AF4100DC}" = GFX Video Writer
"{AC4451B3-1CC2-7C5D-F0EC-AD2DADE9DFF2}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC9450D2-2344-132D-AAA8-DB418BC6F3E5}" = CCC Help Hungarian
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2F6A8F0-927A-D0CC-D1CB-FCEBD7528799}" = Catalyst Control Center Localization Czech
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{C0AF881D-EB63-A1D6-F29A-1EAD7BAEDB95}" = Catalyst Control Center Localization Japanese
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf
"{C75252FF-A765-B58A-44D1-D10C24E69E59}" = Catalyst Control Center Localization Thai
"{CAAF4EB9-68E8-6BC9-ADC2-24491B70A84D}" = Catalyst Control Center Graphics Previews Vista
"{CC25FBAD-153D-0EB7-5EC5-0DE97A7A8788}" = Catalyst Control Center Localization Danish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D526673A-CF8C-4024-A20B-384591BFFCA8}" = VC90
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E95C1190-3C4A-45B7-B2ED-B49BD1972BB4}" = EasyTether
"{EA34B5D9-A3C9-333A-B1CD-ABCC975FB5EF}" = CCC Help French
"{EBCDE4F2-C6F7-1188-DDE7-15966902EC6A}" = Catalyst Control Center Localization Swedish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}" = VGA USB Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F66208C6-E88B-27B6-9C49-09E78739F017}" = Catalyst Control Center Localization German
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F9E0767F-6DB6-9B56-3BEF-50BAFC430934}" = Catalyst Control Center Localization Greek
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCB5EE95-A308-F826-9C6B-18DD2EEA1992}" = CCC Help Polish
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE8A68F6-3C7C-D143-F898-C6C1F26CB41E}" = CCC Help Czech
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AI RoboForm" = AI RoboForm (All Users)
"AP Tuner 3.08" = AP Tuner 3.08
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
"DebugMode Wink" = DebugMode Wink
"DivXCodec" = DivX 4.12 Codec
"doPDF 6 printer_is1" = doPDF 6.3 printer
"Foxit Reader" = Foxit Reader
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"Gzip-1.3.12-1_is1" = GnuWin32: Gzip-1.3.12-1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IIM5_is1" = iMacros V6.90
"InfoRapid Search & Replace" = InfoRapid Search & Replace
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
"KONICA MINOLTA PagePro 1350W" = KONICA MINOLTA PagePro 1350W
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LameACM" = Lame ACM MP3 Codec
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"mpegable DS" = mpegable DS decoder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"SUPER " = SUPER Version 2010.bld.42 (Nov 7, 2010)
"TeamViewer 6" = TeamViewer 6
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.0.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2936BA206D985FAE13777719CA18A9A97FD3533C" = Microsoft Advertising Intelligence
"FileZilla Client" = FileZilla Client 3.3.4.1
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:55 AM

Posted 02 April 2011 - 12:31 PM

It looks like you posted the Extras.txt log twice. Can you please re-post the contents of OTL.txt?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 ctech101

ctech101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 02 April 2011 - 01:26 PM

Sorry about that.

Here's the OTL.txt
===
OTL logfile created on: 4/2/2011 9:52:53 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\johnp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.69 Gb Total Space | 33.40 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive D: | 67.13 Gb Total Space | 53.00 Gb Free Space | 78.95% Space Free | Partition Type: NTFS

Computer Name: ACER1 | User Name: johnp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/02 09:43:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\johnp\Desktop\OTL.exe
PRC - [2011/03/24 18:14:23 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/22 18:06:40 | 004,137,688 | ---- | M] () -- C:\Program Files\Conference Recording Service\ConferenceRS.exe
PRC - [2010/08/29 21:32:06 | 000,047,432 | ---- | M] (Mobile Stream) -- C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/10 23:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/05/20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/05/20 03:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/11 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/04/02 09:43:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\johnp\Desktop\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/26 19:00:37 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/09 18:02:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/08/19 15:27:22 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/05/20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/29 19:18:06 | 000,017,232 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether)
DRV - [2010/07/27 01:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 300(UVC)
DRV - [2010/07/27 01:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 01:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/25 00:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/25 00:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/05/25 00:59:24 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/05/25 00:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/10 10:46:02 | 000,041,216 | ---- | M] (Gbridge LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gbridge.sys -- (gbridge)
DRV - [2008/11/02 01:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/08/19 15:23:00 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008/04/01 21:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/03/09 07:58:42 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/05 22:10:54 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/04/20 21:31:14 | 000,870,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athru6.sys -- (athrusb6)
DRV - [2006/10/29 20:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2004/11/19 11:13:02 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\Windows\System32\MLPTDR_Q.SYS -- (MLPTDR_Q)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=0509&m=aspire_m1202


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:81

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:81



IE - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://whatismyipaddress.com/
IE - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 96.9.164.140:3128

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/09/07 22:35:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 22:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 22:40:53 | 000,000,000 | ---D | M]

[2010/08/17 03:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Extensions
[2009/10/27 02:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/08/17 03:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/31 23:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\00x2orcu.default\extensions
[2011/04/02 09:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions
[2010/08/04 19:37:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 20:46:58 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/03/20 11:34:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/20 11:34:12 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/20 11:34:05 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\anttoolbar@ant.com
[2011/03/30 18:18:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\engine@conduit.com
[2011/02/09 07:20:20 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\firebug@software.joehewitt.com
[2010/08/03 07:51:42 | 000,000,000 | ---D | M] (Sxipper) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\sxipper@sxip.com
[2011/04/01 00:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/25 09:02:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/12 10:49:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2011/03/31 22:03:23 | 000,615,932 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16258 more lines...
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [DNS7reminder] D:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\..Trusted Domains: taxsoftware.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/02 09:43:16 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\johnp\Desktop\TDSSKiller.exe
[2011/04/02 09:42:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\johnp\Desktop\OTL.exe
[2011/03/31 16:05:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/31 16:05:43 | 000,000,000 | ---D | C] -- C:\Users\johnp\AppData\Local\temp
[2011/03/31 16:03:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/03/31 13:30:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/31 10:57:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/31 10:57:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/31 10:57:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/31 10:57:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/31 10:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/31 09:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/15 01:42:12 | 000,000,000 | ---D | C] -- C:\btax
[2011/03/12 17:54:13 | 000,000,000 | ---D | C] -- C:\Portable
[2011/03/12 17:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/03/12 17:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\JohnPBackup
[2011/03/12 11:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\JohnPBackup
[2009/01/20 16:10:11 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/04/02 09:55:53 | 003,664,535 | ---- | M] ( ) -- C:\Users\johnp\Desktop\setup_9.0.0.722_02.04.2011_18-23.exe.part
[2011/04/02 09:55:34 | 000,608,464 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/02 09:55:34 | 000,105,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/02 09:54:35 | 000,000,000 | ---- | M] () -- C:\Users\johnp\Desktop\setup_9.0.0.722_02.04.2011_18-23.exe
[2011/04/02 09:48:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/02 09:48:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/02 09:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/02 09:47:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/04/02 09:47:18 | 1878,188,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/02 09:43:12 | 001,263,721 | ---- | M] () -- C:\Users\johnp\Desktop\tdsskiller.zip
[2011/04/02 09:43:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\johnp\Desktop\OTL.exe
[2011/04/01 00:11:41 | 000,000,000 | ---- | M] () -- C:\Users\johnp\defogger_reenable
[2011/03/31 23:03:14 | 001,743,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/31 22:52:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/31 22:52:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/31 22:25:03 | 274,008,621 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/31 22:06:21 | 000,050,477 | ---- | M] () -- C:\Users\johnp\Desktop\Defogger.exe
[2011/03/31 22:03:23 | 000,615,932 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/31 21:13:30 | 000,625,664 | ---- | M] () -- C:\Users\johnp\Desktop\dds.scr
[2011/03/31 11:34:27 | 001,006,778 | ---- | M] () -- C:\Users\johnp\Desktop\uSeRiNiT.exe
[2011/03/29 03:00:37 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2011/03/28 16:28:10 | 000,023,126 | ---- | M] () -- C:\Users\johnp\.recently-used.xbel
[2011/03/28 02:00:39 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2011/03/24 07:27:18 | 000,000,680 | ---- | M] () -- C:\Users\johnp\AppData\Local\d3d9caps.dat
[2011/03/21 15:03:39 | 000,091,648 | ---- | M] () -- C:\Users\johnp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Users\johnp\Desktop\gmer.exe
[2011/03/19 07:53:15 | 000,002,056 | ---- | M] () -- C:\Users\johnp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/03/13 18:41:30 | 000,005,950 | ---- | M] () -- C:\Windows\seRapid.INI
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\johnp\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2011/04/02 09:54:35 | 000,000,000 | ---- | C] () -- C:\Users\johnp\Desktop\setup_9.0.0.722_02.04.2011_18-23.exe
[2011/04/02 09:54:31 | 002,699,205 | ---- | C] () -- C:\Users\johnp\Desktop\setup_9.0.0.722_02.04.2011_18-23.exe.part
[2011/04/02 09:42:45 | 001,263,721 | ---- | C] () -- C:\Users\johnp\Desktop\tdsskiller.zip
[2011/04/01 00:11:41 | 000,000,000 | ---- | C] () -- C:\Users\johnp\defogger_reenable
[2011/03/31 22:52:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/03/31 22:52:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/03/31 22:07:12 | 000,050,477 | ---- | C] () -- C:\Users\johnp\Desktop\Defogger.exe
[2011/03/31 21:13:46 | 000,301,568 | ---- | C] () -- C:\Users\johnp\Desktop\gmer.exe
[2011/03/31 21:13:38 | 000,625,664 | ---- | C] () -- C:\Users\johnp\Desktop\dds.scr
[2011/03/31 20:59:16 | 1878,188,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/31 11:34:23 | 001,006,778 | ---- | C] () -- C:\Users\johnp\Desktop\uSeRiNiT.exe
[2011/03/31 11:05:45 | 274,008,621 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/31 10:57:56 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/31 10:57:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/31 10:57:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/31 10:57:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/31 10:57:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/28 16:28:10 | 000,023,126 | ---- | C] () -- C:\Users\johnp\.recently-used.xbel
[2011/03/19 07:53:15 | 000,002,056 | ---- | C] () -- C:\Users\johnp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/01/17 13:05:46 | 000,202,149 | ---- | C] () -- C:\Windows\XHeader Uninstaller.exe
[2011/01/07 03:10:25 | 011,270,466 | ---- | C] () -- C:\Program Files\FreeRapid-0.85u1.zip
[2010/12/19 19:27:55 | 000,239,074 | ---- | C] () -- C:\Users\johnp\AppData\Local\adCenterExcelAddinV5.5_External.config
[2010/12/15 01:26:31 | 001,456,268 | ---- | C] () -- C:\Program Files\FSResizer30.zip
[2010/11/04 07:10:15 | 000,000,680 | ---- | C] () -- C:\Users\johnp\AppData\Local\d3d9caps.dat
[2010/10/02 12:10:24 | 000,091,648 | ---- | C] () -- C:\Users\johnp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/29 23:21:22 | 000,313,344 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2010/09/28 19:50:05 | 013,348,864 | ---- | C] () -- C:\Users\johnp\AppData\Roaming\places.sqlite
[2010/09/23 00:02:16 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/22 23:55:13 | 000,047,104 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010/08/30 22:16:33 | 000,000,096 | ---- | C] () -- C:\Windows\System32\detbpi2x.dll
[2010/08/08 16:12:23 | 000,004,143 | ---- | C] () -- C:\ProgramData\igtxgpmi.mtl
[2010/08/08 11:55:48 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
[2010/08/08 11:55:25 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
[2010/08/08 11:55:25 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
[2010/08/08 11:55:24 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
[2010/08/07 18:07:06 | 000,000,250 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/27 01:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 01:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 01:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 00:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/06/21 00:00:04 | 000,000,680 | ---- | C] () -- C:\Users\johnp\AppData\Roaming\coreavc.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/11/28 18:55:39 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/11/20 20:58:54 | 000,169,500 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/11/17 10:39:02 | 000,004,110 | ---- | C] () -- C:\ProgramData\vsrenaae.pyv
[2009/10/29 22:56:34 | 000,000,268 | ---- | C] () -- C:\Windows\Gbridge.INI
[2009/09/22 22:30:14 | 000,005,950 | ---- | C] () -- C:\Windows\seRapid.INI
[2009/09/17 10:05:07 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/09/16 16:27:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/16 16:27:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/14 11:38:11 | 000,002,274 | ---- | C] () -- C:\Users\johnp\AppData\Roaming\SAS7_000.DAT
[2009/09/07 23:31:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/07 22:32:03 | 000,000,000 | ---- | C] () -- C:\Users\johnp\AppData\Roaming\wklnhst.dat
[2009/09/07 21:48:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/07 21:25:48 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2009/09/07 21:25:47 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009/09/07 21:25:47 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009/05/14 12:46:09 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009/05/14 12:46:09 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009/05/14 12:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/20 17:44:53 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/20 16:56:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/20 16:08:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/01/20 16:08:48 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/01/20 16:08:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/01/20 16:08:47 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,743,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,608,464 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,105,818 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/11/19 11:10:42 | 000,011,521 | ---- | C] () -- C:\Windows\MSUMLT_Q.INI
[2002/05/13 02:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\System32\xvid.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4D066AD2

< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:55 AM

Posted 02 April 2011 - 01:37 PM

Hello,

The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/04/02 09:44:36.0471 4224 Detected object count: 1
2011/04/02 09:45:29.0074 4224 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/02 09:45:29.0074 4224 \HardDisk0 - ok
2011/04/02 09:45:29.0090 4224 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/02 09:46:04.0159 4288 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Did you set this proxy in Internet Explorer?

IE - HKU\S-1-5-21-2187111495-2872751517-3570867934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 96.9.164.140:3128



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:81
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:81
    O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



How are things running?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 ctech101

ctech101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 02 April 2011 - 05:20 PM

Things are running better now. Hopefully every bad thing is cleared out.

The IE proxy was something that I set up.

Here is my OTL Fix Log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\johnp\Desktop\cmd.bat deleted successfully.
C:\Users\johnp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: AlphaNet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 4760366 bytes
->Flash cache emptied: 82964 bytes

User: johnp
->Temp folder emptied: 9752775 bytes
->Temporary Internet Files folder emptied: 426998 bytes
->Java cache emptied: 4759570 bytes
->FireFox cache emptied: 54927246 bytes
->Google Chrome cache emptied: 17125553 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2897834 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10877 bytes
RecycleBin emptied: 1495 bytes

Total Files Cleaned = 90.00 mb


[EMPTYFLASH]

User: All Users

User: AlphaNet
->Flash cache emptied: 0 bytes

User: johnp
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04022011_132226

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\WebEx\Log\42\atashost.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Here is my MalwareBytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6249

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

4/2/2011 1:42:21 PM
mbam-log-2011-04-02 (13-42-21).txt

Scan type: Quick scan
Objects scanned: 168373
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\johnp\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Here is my ESET Log:
C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application cleaned by deleting - quarantined

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:55 AM

Posted 02 April 2011 - 06:45 PM

Please run this scan:

Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 ctech101

ctech101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 02 April 2011 - 06:58 PM

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 19
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:55 AM

Posted 02 April 2011 - 07:07 PM

Your logs are looking good.

Lets update a few programs and then run a new OTL scan to see where we stand. You are doing a great job with all of these scans!

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: Unprecedented Wave of Java Exploitation
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 ctech101

ctech101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 02 April 2011 - 09:18 PM

So far, things appear to be fine.

Here's my OTL log:
OTL logfile created on: 4/2/2011 7:02:19 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\johnp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.69 Gb Total Space | 33.15 Gb Free Space | 23.40% Space Free | Partition Type: NTFS
Drive D: | 67.13 Gb Total Space | 53.00 Gb Free Space | 78.95% Space Free | Partition Type: NTFS

Computer Name: ACER1 | User Name: johnp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/02 09:43:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\johnp\Desktop\OTL.exe
PRC - [2011/03/24 18:14:23 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/22 18:06:40 | 004,137,688 | ---- | M] () -- C:\Program Files\Conference Recording Service\ConferenceRS.exe
PRC - [2010/08/29 21:32:06 | 000,047,432 | ---- | M] (Mobile Stream) -- C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/05/20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/05/20 03:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/11 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe
PRC - [2004/03/30 10:33:58 | 000,106,496 | ---- | M] (Dev1) -- C:\Program Files\RSI Saver\nhc.exe


========== Modules (SafeList) ==========

MOD - [2011/04/02 09:43:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\johnp\Desktop\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/26 19:00:37 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper) getPlus®
SRV - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/09 18:02:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/08/19 15:27:22 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/05/20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/29 19:18:06 | 000,017,232 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether)
DRV - [2010/07/27 01:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 300(UVC)
DRV - [2010/07/27 01:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 01:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/25 00:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/25 00:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/05/25 00:59:24 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/05/25 00:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/10 10:46:02 | 000,041,216 | ---- | M] (Gbridge LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gbridge.sys -- (gbridge)
DRV - [2008/11/02 01:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/08/19 15:23:00 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008/04/01 21:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/03/09 07:58:42 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/05 22:10:54 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/04/20 21:31:14 | 000,870,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athru6.sys -- (athrusb6)
DRV - [2006/10/29 20:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2004/11/19 11:13:02 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\Windows\System32\MLPTDR_Q.SYS -- (MLPTDR_Q)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=0509&m=aspire_m1202

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://whatismyipaddress.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 96.9.164.140:3128

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/09/07 22:35:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 11:52:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 18:54:21 | 000,000,000 | ---D | M]

[2010/08/17 03:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Extensions
[2009/10/27 02:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/08/17 03:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/31 23:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\00x2orcu.default\extensions
[2011/04/02 19:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions
[2010/08/04 19:37:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 20:46:58 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/04/02 17:22:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/03 19:36:53 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/03/20 11:34:12 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/20 11:34:05 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\anttoolbar@ant.com
[2011/03/30 18:18:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\johnp\AppData\Roaming\Mozilla\Firefox\Profiles\xpvd2f97.default\extensions\engine@conduit.com
[2011/04/02 19:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/25 09:02:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/02 18:54:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/02 18:54:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/12 10:49:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2011/04/02 13:22:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DNS7reminder] D:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - Startup: C:\Users\johnp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSI Saver.lnk = C:\Program Files\RSI Saver\nhc.exe (Dev1)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: taxsoftware.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.xvid - C:\Windows\System32\xvid.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/02 18:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/02 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/02 17:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/04/02 17:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/04/02 17:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/04/02 17:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/04/02 15:23:32 | 000,000,000 | ---D | C] -- C:\Users\johnp\AppData\Roaming\uTorrent
[2011/04/02 13:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/02 13:10:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/02 11:54:15 | 000,000,000 | ---D | C] -- C:\Users\johnp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/04/02 09:54:35 | 096,028,024 | ---- | C] ( ) -- C:\Users\johnp\Desktop\setup_9.0.0.722_02.04.2011_18-23.exe
[2011/04/02 09:43:16 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\johnp\Desktop\TDSSKiller.exe
[2011/04/02 09:42:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\johnp\Desktop\OTL.exe
[2011/03/31 16:05:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/31 16:05:43 | 000,000,000 | ---D | C] -- C:\Users\johnp\AppData\Local\temp
[2011/03/31 16:03:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/03/31 13:30:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/31 10:57:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/31 10:57:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/31 10:57:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/31 10:57:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/31 10:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/31 09:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/15 01:42:12 | 000,000,000 | ---D | C] -- C:\btax
[2011/03/12 17:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/03/12 17:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\JohnPBackup
[2009/01/20 16:10:11 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/02 18:57:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2187111495-2872751517-3570867934-1000UA.job
[2011/04/02 18:45:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/02 18:45:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/02 18:45:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/02 18:45:08 | 1878,188,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/02 18:45:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/04/02 17:26:34 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/02 17:21:22 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/04/02 17:21:22 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/04/02 17:02:34 | 000,034,398 | ---- | M] () -- C:\Users\johnp\Desktop\bookmarks-2011-04-02.json
[2011/04/02 17:02:30 | 000,067,611 | ---- | M] () -- C:\Users\johnp\Desktop\bookmarks.html
[2011/04/02 16:48:08 | 000,879,081 | ---- | M] () -- C:\Users\johnp\Desktop\SecurityCheck.exe
[2011/04/02 16:02:55 | 000,021,504 | ---- | M] () -- C:\Users\johnp\Documents\real estate investing.msam
[2011/04/02 16:02:11 | 000,169,500 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/04/02 15:27:05 | 000,000,740 | ---- | M] () -- C:\Users\johnp\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
[2011/04/02 15:27:05 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Torrent.lnk
[2011/04/02 15:26:02 | 000,608,464 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/02 15:26:02 | 000,105,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/02 13:22:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/02 11:58:21 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2187111495-2872751517-3570867934-1000Core.job
[2011/04/02 11:54:24 | 000,097,384 | ---- | M] () -- C:\Users\johnp\Desktop\RICHTX32.zip
[2011/04/02 11:54:20 | 000,002,056 | ---- | M] () -- C:\Users\johnp\Desktop\Google Chrome.lnk
[2011/04/02 11:54:20 | 000,002,018 | ---- | M] () -- C:\Users\johnp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/02 10:30:46 | 096,028,024 | ---- | M] ( ) -- C:\Users\johnp\Desktop\setup_9.0.0.722_02.04.2011_18-23.exe
[2011/04/02 09:43:12 | 001,263,721 | ---- | M] () -- C:\Users\johnp\Desktop\tdsskiller.zip
[2011/04/02 09:43:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\johnp\Desktop\OTL.exe
[2011/04/01 00:11:41 | 000,000,000 | ---- | M] () -- C:\Users\johnp\defogger_reenable
[2011/03/31 23:03:14 | 001,743,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/31 22:52:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/31 22:52:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/31 22:06:21 | 000,050,477 | ---- | M] () -- C:\Users\johnp\Desktop\Defogger.exe
[2011/03/31 21:13:30 | 000,625,664 | ---- | M] () -- C:\Users\johnp\Desktop\dds.scr
[2011/03/29 03:00:37 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2011/03/28 16:28:10 | 000,023,126 | ---- | M] () -- C:\Users\johnp\.recently-used.xbel
[2011/03/28 02:00:39 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2011/03/24 07:27:18 | 000,000,680 | ---- | M] () -- C:\Users\johnp\AppData\Local\d3d9caps.dat
[2011/03/21 15:03:39 | 000,091,648 | ---- | M] () -- C:\Users\johnp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Users\johnp\Desktop\gmer.exe
[2011/03/19 07:53:15 | 000,002,056 | ---- | M] () -- C:\Users\johnp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/03/13 18:41:30 | 000,005,950 | ---- | M] () -- C:\Windows\seRapid.INI
[2011/03/12 09:13:20 | 002,506,171 | ---- | M] () -- C:\Users\johnp\Desktop\SCAE_Inside_Web_final_sp11_jan (2).pdf
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\johnp\Desktop\TDSSKiller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/02 17:26:34 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/02 17:26:34 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/02 17:21:22 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/04/02 17:21:22 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/04/02 17:02:33 | 000,034,398 | ---- | C] () -- C:\Users\johnp\Desktop\bookmarks-2011-04-02.json
[2011/04/02 17:02:30 | 000,067,611 | ---- | C] () -- C:\Users\johnp\Desktop\bookmarks.html
[2011/04/02 16:48:03 | 000,879,081 | ---- | C] () -- C:\Users\johnp\Desktop\SecurityCheck.exe
[2011/04/02 16:01:41 | 000,021,504 | ---- | C] () -- C:\Users\johnp\Documents\real estate investing.msam
[2011/04/02 15:24:31 | 000,000,740 | ---- | C] () -- C:\Users\johnp\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
[2011/04/02 15:24:31 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Torrent.lnk
[2011/04/02 11:54:20 | 000,002,056 | ---- | C] () -- C:\Users\johnp\Desktop\Google Chrome.lnk
[2011/04/02 11:54:20 | 000,002,018 | ---- | C] () -- C:\Users\johnp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/02 11:54:12 | 000,097,384 | ---- | C] () -- C:\Users\johnp\Desktop\RICHTX32.zip
[2011/04/02 11:52:21 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2187111495-2872751517-3570867934-1000UA.job
[2011/04/02 11:52:21 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2187111495-2872751517-3570867934-1000Core.job
[2011/04/02 09:42:45 | 001,263,721 | ---- | C] () -- C:\Users\johnp\Desktop\tdsskiller.zip
[2011/04/01 00:11:41 | 000,000,000 | ---- | C] () -- C:\Users\johnp\defogger_reenable
[2011/03/31 22:52:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/03/31 22:52:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/03/31 22:07:12 | 000,050,477 | ---- | C] () -- C:\Users\johnp\Desktop\Defogger.exe
[2011/03/31 21:13:46 | 000,301,568 | ---- | C] () -- C:\Users\johnp\Desktop\gmer.exe
[2011/03/31 21:13:38 | 000,625,664 | ---- | C] () -- C:\Users\johnp\Desktop\dds.scr
[2011/03/31 20:59:16 | 1878,188,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/31 10:57:56 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/31 10:57:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/31 10:57:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/31 10:57:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/31 10:57:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/28 16:28:10 | 000,023,126 | ---- | C] () -- C:\Users\johnp\.recently-used.xbel
[2011/03/19 07:53:15 | 000,002,056 | ---- | C] () -- C:\Users\johnp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/12/19 19:27:55 | 000,239,074 | ---- | C] () -- C:\Users\johnp\AppData\Local\adCenterExcelAddinV5.5_External.config
[2010/12/15 01:26:31 | 001,456,268 | ---- | C] () -- C:\Program Files\FSResizer30.zip
[2010/11/04 07:10:15 | 000,000,680 | ---- | C] () -- C:\Users\johnp\AppData\Local\d3d9caps.dat
[2010/10/02 12:10:24 | 000,091,648 | ---- | C] () -- C:\Users\johnp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/29 23:21:22 | 000,313,344 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2010/09/28 19:50:05 | 013,348,864 | ---- | C] () -- C:\Users\johnp\AppData\Roaming\places.sqlite
[2010/09/23 00:02:16 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/22 23:55:13 | 000,047,104 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010/08/30 22:16:33 | 000,000,096 | ---- | C] () -- C:\Windows\System32\detbpi2x.dll
[2010/08/08 16:12:23 | 000,004,143 | ---- | C] () -- C:\ProgramData\igtxgpmi.mtl
[2010/08/08 11:55:48 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
[2010/08/08 11:55:25 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
[2010/08/08 11:55:25 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
[2010/08/08 11:55:24 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
[2010/08/07 18:07:06 | 000,000,250 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/27 01:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 01:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 01:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 00:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/06/21 00:00:04 | 000,000,680 | ---- | C] () -- C:\Users\johnp\AppData\Roaming\coreavc.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/11/28 18:55:39 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/11/20 20:58:54 | 000,169,500 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/11/17 10:39:02 | 000,004,110 | ---- | C] () -- C:\ProgramData\vsrenaae.pyv
[2009/09/22 22:30:14 | 000,005,950 | ---- | C] () -- C:\Windows\seRapid.INI
[2009/09/17 10:05:07 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/09/16 16:27:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/16 16:27:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/14 11:38:11 | 000,002,274 | ---- | C] () -- C:\Users\johnp\AppData\Roaming\SAS7_000.DAT
[2009/09/07 23:31:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/07 22:32:03 | 000,000,000 | ---- | C] () -- C:\Users\johnp\AppData\Roaming\wklnhst.dat
[2009/09/07 21:48:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/07 21:25:48 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2009/09/07 21:25:47 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009/09/07 21:25:47 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009/05/14 12:46:09 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009/05/14 12:46:09 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009/05/14 12:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/20 17:44:53 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/20 16:56:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/20 16:08:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/01/20 16:08:48 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/01/20 16:08:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/01/20 16:08:47 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,743,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,608,464 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,105,818 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/11/19 11:10:42 | 000,011,521 | ---- | C] () -- C:\Windows\MSUMLT_Q.INI
[2002/05/13 02:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\System32\xvid.dll

========== LOP Check ==========

[2010/08/10 18:47:38 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\.kde
[2009/09/07 12:20:34 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Acer
[2009/05/14 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Acer GameZone Console
[2010/08/03 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Artisteer
[2011/03/31 23:18:41 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Asterisks Password Viewer
[2011/01/31 16:03:48 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\atunes
[2009/09/26 00:10:09 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Audacity
[2009/09/09 00:58:51 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Bullzip
[2009/10/12 15:36:18 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/02 18:30:53 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\FileZilla
[2009/11/06 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Foxit
[2010/08/12 10:50:15 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Foxit Software
[2011/03/31 22:41:51 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\GoodSync
[2011/03/28 16:30:25 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\gtk-2.0
[2010/01/19 01:32:44 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\JGsoft
[2009/11/05 08:59:10 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\JonDo
[2010/08/10 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\KDE
[2009/09/20 17:01:41 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Kingsoft
[2009/09/28 00:17:48 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\kompozer.net
[2009/09/07 12:20:29 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Leadertech
[2011/02/17 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\LinkWheelData
[2010/08/21 17:13:20 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\main
[2010/01/23 03:32:37 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Mobipocket
[2009/10/26 18:06:13 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\MP3SkypeRecorder
[2011/02/12 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\mstech
[2010/08/22 08:12:01 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\MySQL
[2011/03/31 10:13:23 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Notepad++
[2009/09/14 09:45:49 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Nuance
[2009/09/09 21:22:08 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\OpenOffice.org
[2009/09/21 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Opera
[2009/10/05 00:36:49 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\RenamerNG
[2010/08/11 10:08:09 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\SharePod
[2011/02/16 00:08:30 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\TeamViewer
[2009/09/07 22:32:06 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Template
[2009/10/29 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\Thunderbird
[2010/07/25 21:34:41 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\VitySoft
[2010/08/17 06:03:19 | 000,000,000 | ---D | M] -- C:\Users\johnp\AppData\Roaming\WinBatch
[2011/03/28 02:00:39 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2011/03/29 03:00:37 | 000,000,518 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
[2011/04/02 18:34:29 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/04/02 19:01:49 | 000,000,004 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/04/02 19:01:48 | 000,001,766 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Local State
[2011/04/02 18:55:17 | 007,067,932 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/04/02 18:55:18 | 002,076,165 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/04/02 11:54:22 | 000,053,248 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/04/02 13:41:02 | 000,000,755 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/04/02 13:41:02 | 000,000,755 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/04/02 18:55:35 | 000,022,528 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/04/02 19:01:49 | 000,000,965 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/04/02 19:01:48 | 000,000,523 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2011/04/02 18:48:52 | 000,022,528 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/04/02 19:01:48 | 000,122,880 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\History
[2011/04/02 18:50:45 | 000,434,176 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-04
[2011/04/02 18:50:08 | 000,005,371 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/04/02 18:50:07 | 000,002,212 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/04/02 13:40:50 | 000,012,288 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/04/02 19:01:49 | 000,003,223 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/04/02 18:50:50 | 000,032,768 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/04/02 13:27:12 | 000,000,008 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2011/04/02 18:50:08 | 000,131,072 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/04/02 18:50:33 | 000,061,440 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/04/02 18:50:08 | 000,045,056 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2011/04/02 19:01:49 | 000,794,624 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2011/04/02 18:50:08 | 001,056,768 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2011/04/02 18:50:08 | 004,202,496 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2011/04/02 13:27:24 | 000,090,032 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2011/04/02 13:27:26 | 000,026,133 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2011/04/02 13:27:27 | 000,019,231 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2011/04/02 13:40:30 | 000,017,608 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2011/04/02 13:40:32 | 000,065,167 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2011/04/02 13:40:35 | 000,024,262 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2011/04/02 13:40:50 | 000,031,334 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2011/04/02 13:40:51 | 000,031,858 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2011/04/02 13:40:52 | 000,065,167 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2011/04/02 13:40:53 | 000,040,214 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2011/04/02 13:40:57 | 000,017,265 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2011/04/02 13:40:57 | 000,078,601 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2011/04/02 13:40:58 | 000,039,802 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2011/04/02 13:40:58 | 000,033,981 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2011/04/02 13:40:58 | 000,038,404 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2011/04/02 13:40:58 | 000,120,220 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2011/04/02 13:40:58 | 000,109,976 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2011/04/02 13:41:00 | 000,206,981 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
[2011/04/02 13:46:07 | 000,016,582 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2011/04/02 13:46:08 | 000,035,733 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2011/04/02 13:46:08 | 000,025,120 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2011/04/02 13:46:11 | 000,050,286 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
[2011/04/02 13:46:14 | 000,054,211 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
[2011/04/02 13:46:15 | 000,018,631 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
[2011/04/02 13:46:16 | 000,024,113 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
[2011/04/02 13:46:17 | 000,034,811 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
[2011/04/02 13:46:17 | 000,016,615 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
[2011/04/02 13:46:18 | 000,028,874 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
[2011/04/02 13:46:19 | 000,034,645 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
[2011/04/02 13:46:19 | 000,548,874 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
[2011/04/02 13:46:21 | 000,026,948 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
[2011/04/02 13:46:42 | 000,054,211 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
[2011/04/02 13:46:46 | 000,039,307 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
[2011/04/02 13:46:46 | 000,021,506 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
[2011/04/02 13:47:22 | 000,054,211 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
[2011/04/02 13:47:23 | 000,018,631 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
[2011/04/02 13:47:24 | 000,040,651 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
[2011/04/02 13:47:25 | 000,050,358 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
[2011/04/02 13:48:30 | 000,066,907 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
[2011/04/02 13:48:31 | 000,018,277 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
[2011/04/02 13:48:31 | 000,022,864 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
[2011/04/02 13:48:31 | 000,017,134 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
[2011/04/02 13:48:31 | 000,168,327 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
[2011/04/02 13:48:32 | 000,134,297 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
[2011/04/02 13:48:37 | 000,023,658 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
[2011/04/02 13:48:39 | 000,180,300 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
[2011/04/02 13:48:40 | 000,022,735 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f
[2011/04/02 13:54:11 | 000,042,128 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
[2011/04/02 13:54:14 | 000,025,756 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
[2011/04/02 13:54:15 | 000,032,278 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
[2011/04/02 13:54:15 | 000,019,670 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
[2011/04/02 13:54:15 | 000,019,638 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
[2011/04/02 13:56:02 | 000,047,703 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
[2011/04/02 13:56:02 | 000,089,763 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
[2011/04/02 13:56:03 | 000,206,617 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
[2011/04/02 13:58:35 | 000,020,030 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
[2011/04/02 14:01:10 | 000,035,735 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
[2011/04/02 16:28:14 | 000,104,203 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
[2011/04/02 16:28:15 | 000,018,151 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
[2011/04/02 16:28:17 | 000,049,786 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
[2011/04/02 16:28:18 | 000,036,707 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
[2011/04/02 16:28:18 | 000,038,096 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e
[2011/04/02 16:28:18 | 000,030,840 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f
[2011/04/02 16:28:18 | 000,045,003 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040
[2011/04/02 16:28:19 | 000,030,970 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041
[2011/04/02 16:28:19 | 000,027,397 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042
[2011/04/02 16:28:19 | 000,060,655 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043
[2011/04/02 16:28:19 | 000,047,262 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044
[2011/04/02 16:28:20 | 000,228,825 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045
[2011/04/02 16:28:20 | 000,127,158 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046
[2011/04/02 16:28:21 | 000,115,846 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000047
[2011/04/02 16:28:21 | 000,017,542 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000048
[2011/04/02 16:31:47 | 041,939,143 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000049
[2011/04/02 16:33:57 | 000,078,963 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004a
[2011/04/02 16:33:59 | 000,075,920 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004b
[2011/04/02 17:39:09 | 000,032,835 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004d
[2011/04/02 17:39:11 | 000,031,032 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004e
[2011/04/02 17:39:11 | 000,078,620 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004f
[2011/04/02 18:09:58 | 000,031,279 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005e
[2011/04/02 18:48:36 | 000,033,382 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005f
[2011/04/02 18:48:37 | 000,018,684 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000060
[2011/04/02 18:48:38 | 000,016,669 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000061
[2011/04/02 18:48:56 | 000,884,512 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000062
[2011/04/02 13:27:17 | 000,524,656 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2011/04/02 11:54:36 | 000,017,408 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2011/04/02 11:54:36 | 000,019,456 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2011/04/02 11:54:31 | 000,000,000 | ---- | M] () -- C:\Users\johnp\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-23 20:25:38

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4D066AD2

< End of report >

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:55 AM

Posted 03 April 2011 - 07:37 AM

Hello,

Be sure to update your version of Windows to the latest version.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 ctech101

ctech101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 03 April 2011 - 11:18 AM

Thank you so much for all of your help :clapping:

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:55 AM

Posted 03 April 2011 - 11:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users