Sponsored By

Sup3rior

Members
  • Content Count

    15
  • Joined

  • Last visited

About Sup3rior

  • Rank
    Member
  1. Sorry for the late reply. This is a firefox only problem. Internet explorer seems to work fine. Thanks
  2. OTL logfile created on: 30/12/2009 12:32:14 AM - Run 4 OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Daniel\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 29.71% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 291.68 Gb Total Space | 241.79 Gb Free Space | 82.90% Space Free | Partition Type: NTFS Drive D: | 291.68 Gb Total Space | 264.30 Gb Free Space | 90.61% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC Current User Name: Daniel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. ) PRC - D:\World of Warcraft\Wow.exe (Blizzard Entertainment) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\Daniel\Desktop\Freecap\freecap.exe () PRC - C:\Users\Daniel\Desktop\Freecap\putty.exe (Simon Tatham) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.) MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. ) SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com)) SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Sound Blaster MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe (Creative Labs) SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/03 00:34:14 | 00,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.com" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/28 01:49:51 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/28 01:49:43 | 00,000,000 | ---D | M] [2009/12/28 01:49:56 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions [2009/12/29 01:58:16 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\u8tnv9ev.default\extensions [2009/12/29 12:04:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2007/04/17 04:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe File not found O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [iusage] C:\PROGRA~2\INTERN~2\netdet.exe File not found O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKLM..\Run: [updReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== [2009/12/26 14:16:38 | 00,029,752 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspSanity64.sys [2009/12/26 14:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\SanityCheck [2009/12/26 13:57:53 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Pavark [2009/12/26 13:45:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Usage Monitor Lite Edition [2009/12/20 09:11:52 | 00,000,000 | ---D | C] -- C:\_OTL [2009/12/19 11:56:32 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2009/12/16 22:29:52 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DVDVideoSoft [2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2009/12/16 22:15:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity [2009/12/16 21:47:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2008/08/25 20:40:00 | 00,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/30 00:35:22 | 02,621,440 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT [2009/12/30 00:04:16 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/30 00:04:16 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/29 12:10:17 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/12/29 12:10:17 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009/12/29 12:10:17 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009/12/29 12:06:13 | 00,002,463 | ---- | M] () -- C:\Users\Daniel\Desktop\ProxyCap.lnk [2009/12/29 12:05:07 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009/12/29 12:05:07 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009/12/29 12:04:20 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2009/12/29 12:04:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/29 12:04:11 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2009/12/29 12:04:07 | 42,942,05440 | -HS- | M] () -- C:\hiberfil.sys [2009/12/29 02:38:16 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/12/29 02:38:16 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/12/29 02:37:59 | 04,016,099 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db [2009/12/29 02:37:55 | 00,000,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND [2009/12/27 00:44:09 | 00,007,352 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Temp22.html [2009/12/27 00:43:53 | 00,001,293 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Temp1.html [2009/12/27 00:43:42 | 00,003,367 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Temp31.html [2009/12/26 14:48:48 | 00,003,367 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Temp50.html [2009/12/26 14:19:23 | 00,048,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT [2009/12/26 14:18:31 | 00,229,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/12/26 14:16:39 | 00,000,715 | ---- | M] () -- C:\Users\Daniel\Desktop\SanityCheck.lnk [2009/12/25 06:00:06 | 00,001,730 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job [2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/27 00:44:09 | 00,007,352 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp22.html [2009/12/27 00:43:42 | 00,003,367 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp31.html [2009/12/26 14:48:48 | 00,003,367 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp50.html [2009/12/26 14:16:49 | 00,001,293 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp1.html [2009/12/26 14:16:39 | 00,000,715 | ---- | C] () -- C:\Users\Daniel\Desktop\SanityCheck.lnk [2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll [2009/11/05 11:35:18 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/11/05 11:35:17 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/11/05 11:35:16 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2009/11/05 11:35:15 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009/11/05 11:35:15 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/11/05 11:35:15 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/11/05 11:35:13 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/11/05 11:35:13 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/09/17 00:09:40 | 00,540,272 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI4740.txt [2009/09/17 00:09:39 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI4740.txt [2009/09/17 00:09:17 | 00,536,708 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI46F4.txt [2009/09/17 00:09:16 | 00,012,544 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI46F4.txt [2009/09/11 16:25:56 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/11 16:25:04 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/22 16:38:50 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/06/20 18:43:37 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/06/15 13:29:58 | 00,000,180 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup.log [2009/06/15 13:29:54 | 00,000,760 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup_ldm.iss [2008/10/22 15:36:23 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008/10/01 22:01:03 | 00,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND [2008/10/01 19:13:24 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008/10/01 19:10:04 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2008/10/01 18:53:11 | 00,012,288 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/09 08:13:17 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008/09/09 08:13:17 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008/04/29 04:18:00 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/01/21 13:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2002/05/16 11:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll [2002/05/05 01:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll [2001/12/27 10:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001/09/04 17:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001/07/31 10:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001/07/24 16:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008/10/05 12:20:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\acccore [2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer [2009/08/20 16:52:11 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acreon [2008/10/01 18:35:06 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi [2009/03/30 22:25:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeCap [2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2009/08/26 20:00:39 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire [2008/10/01 22:21:19 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProxyCap [2008/10/25 18:21:08 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung [2009/12/29 02:38:29 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/12/25 06:00:06 | 00,001,730 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job ========== Purity Check ========== < End of report > Thanks.
  3. Guess I was wrong. Even after re-installing I am still getting the error when trying to browse.
  4. That seems to have fixed it. Thanks again
  5. Hi, Sorry to bother you again but something else has come up. I'm getting the following message when trying to browse: "Firefox can't find the file at jar:file:///C:/Program Files (x86)/Mozilla Firefox/chrome/en-US.jar!/locale/browser-region/region.properties" followed by the web address. I'm assuming this is somehow related to the problem I was having before..? Thanks
  6. Seems all good now. thanks for all your help, much appreciated
  7. Here's the Run Fix scan: ========== OTL ========== Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E! Prefs.js: "Ask" removed from browser.search.defaultenginename Prefs.js: "Ask" removed from browser.search.order.1 Prefs.js: "http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. OTL by OldTimer - Version 3.1.18.0 log created on 12202009_091152 And the other scan: OTL logfile created on: 20/12/2009 9:16:08 AM - Run 3 OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Daniel\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 27.41% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 291.68 Gb Total Space | 201.47 Gb Free Space | 69.07% Space Free | Partition Type: NTFS Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC Current User Name: Daniel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. ) PRC - D:\World of Warcraft\Wow.exe (Blizzard Entertainment) PRC - C:\Program Files (x86)\Nakido\nakido.exe (Nakido) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\Daniel\Desktop\Freecap\freecap.exe () PRC - C:\Users\Daniel\Desktop\Freecap\putty.exe (Simon Tatham) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.) MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. ) SRV - (Nakido) -- C:\Program Files (x86)\Nakido\nakido.exe (Nakido) SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com)) SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Sound Blaster MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe (Creative Labs) SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/03 00:34:14 | 00,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (ssidrv) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com)) DRV:64bit: - (ssfs0bbc) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com)) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\ccHPx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SRTSP64.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1007020.00B\SYMEFA64.SYS (Symantec Corporation) DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\BHDrvx64.sys (Symantec Corporation) DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMTDI.SYS (Symantec Corporation) DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMFW.SYS (Symantec Corporation) DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMNDISV.SYS (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1007020.00B\SRTSPX64.SYS (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation) DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\C7D1.tmp (Sophos Plc) DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (WSVD) -- C:\Windows\SysNative\drivers\WSVD.sys (Wasay) DRV:64bit: - (SkLaggProtocol) -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys (Marvell) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (SkVlanProtocol) -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys (Marvell) DRV:64bit: - (ssm_mdm) -- C:\Windows\SysNative\DRIVERS\ssm_mdm.sys (MCCI Corporation) DRV:64bit: - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\SysNative\DRIVERS\ssm_bus.sys (MCCI Corporation) DRV:64bit: - (ssm_mdfl) -- C:\Windows\SysNative\DRIVERS\ssm_mdfl.sys (MCCI Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091219.003\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091219.003\ENG64.SYS (Symantec Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 16:49:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/17 16:49:48 | 00,000,000 | ---D | M] [2008/10/01 19:01:47 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions [2009/12/19 11:49:51 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions [2008/11/30 11:13:35 | 00,000,682 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\searchplugins\ask.xml [2009/12/19 11:52:24 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2007/04/17 04:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe File not found O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKLM..\Run: [updReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/20 09:11:52 | 00,000,000 | ---D | C] -- C:\_OTL [2009/12/19 11:56:32 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2009/12/16 22:29:52 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DVDVideoSoft [2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2009/12/16 22:15:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity [2009/12/16 21:47:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2009/12/15 20:04:39 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll [2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP [2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2009/12/15 20:04:10 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Webroot [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot [2009/12/14 18:07:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2009/12/14 08:50:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2009/12/14 08:50:21 | 00,000,000 | ---D | C] -- C:\rsit [2009/12/11 23:51:30 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Takeoverseason_99 [2009/12/11 19:44:09 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Portrait_Of_A_King [2009/12/11 18:58:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro [2009/12/10 03:00:38 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll [2009/12/10 03:00:37 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll [2009/12/10 03:00:28 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll [2009/12/10 03:00:27 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll [2009/12/09 15:43:40 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2009/12/09 15:43:37 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009/12/09 15:43:32 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2009/12/09 15:43:31 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll [2009/12/09 15:43:31 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll [2009/12/09 15:43:25 | 00,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2009/12/09 15:43:25 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2009/12/09 15:43:16 | 00,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll [2009/12/09 15:43:16 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll [2009/12/08 19:06:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nakido [2009/12/05 11:14:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2009/11/25 15:46:31 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2009/11/25 15:46:31 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2009/11/21 15:15:42 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Microsoft Games [2008/08/25 20:40:00 | 00,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/20 09:18:51 | 02,621,440 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT [2009/12/20 07:52:08 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/20 07:52:08 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/19 11:58:23 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009/12/19 11:58:22 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/12/19 11:58:22 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009/12/19 11:57:22 | 00,002,463 | ---- | M] () -- C:\Users\Daniel\Desktop\ProxyCap.lnk [2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2009/12/19 11:53:06 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009/12/19 11:53:05 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009/12/19 11:52:23 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2009/12/19 11:52:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/19 11:52:12 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2009/12/19 11:52:08 | 42,942,05440 | -HS- | M] () -- C:\hiberfil.sys [2009/12/19 11:51:05 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/12/19 11:51:05 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/12/19 11:50:44 | 03,075,897 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db [2009/12/19 11:50:40 | 00,000,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND [2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job [2009/12/15 20:10:25 | 00,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS [2009/12/15 20:04:40 | 00,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk [2009/12/15 20:04:30 | 00,012,288 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/15 20:04:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe [2009/12/15 20:04:00 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat [2009/12/09 15:32:05 | 00,000,680 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2009/12/06 16:01:10 | 00,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/15 20:10:22 | 00,001,730 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job [2009/12/15 20:04:40 | 00,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk [2009/12/15 20:04:13 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe [2009/12/15 20:03:56 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat [2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll [2009/11/05 11:35:18 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/11/05 11:35:17 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/11/05 11:35:16 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2009/11/05 11:35:15 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009/11/05 11:35:15 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/11/05 11:35:15 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/11/05 11:35:13 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/11/05 11:35:13 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/09/17 00:09:40 | 00,540,272 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI4740.txt [2009/09/17 00:09:39 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI4740.txt [2009/09/17 00:09:17 | 00,536,708 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI46F4.txt [2009/09/17 00:09:16 | 00,012,544 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI46F4.txt [2009/09/11 16:25:56 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/11 16:25:04 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/22 16:38:50 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/06/20 18:43:37 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/06/15 13:29:58 | 00,000,180 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup.log [2009/06/15 13:29:54 | 00,000,760 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup_ldm.iss [2008/10/22 15:36:23 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008/10/01 22:01:03 | 00,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND [2008/10/01 19:13:24 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008/10/01 19:10:04 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2008/10/01 18:53:11 | 00,012,288 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/09 08:13:17 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008/09/09 08:13:17 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008/04/29 04:18:00 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/01/21 13:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2002/05/16 11:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll [2002/05/05 01:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll [2001/12/27 10:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001/09/04 17:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001/07/31 10:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001/07/24 16:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll < End of report > OTL Extras logfile created on: 20/12/2009 9:16:08 AM - Run 3 OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Daniel\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 27.41% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 291.68 Gb Total Space | 201.47 Gb Free Space | 69.07% Space Free | Partition Type: NTFS Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC Current User Name: Daniel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (All) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\ieframe.dll (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWow64\ieframe.dll (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* File not found batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 89 FF 06 29 09 35 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1067394268-2681360301-3327359440-1000] "EnableNotificationsRef" = 2 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02D44CEC-02B2-4D65-8663-EFB9CB37D08A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{0F995E31-4388-41AC-880A-97008487A81F}" = lport=137 | protocol=17 | dir=in | app=system | "{21D5788B-22DB-4996-9BB4-C51B0512333B}" = lport=2869 | protocol=6 | dir=in | app=system | "{24478225-28A0-441C-92DC-3FAEAE08DDF2}" = lport=2869 | protocol=6 | dir=in | app=system | "{3327E486-F97A-4981-8334-35DA823B5A6F}" = rport=138 | protocol=17 | dir=out | app=system | "{3B65546A-0C55-46C9-8154-783DD7244D31}" = lport=445 | protocol=6 | dir=in | app=system | "{4FBBE82A-7D26-45DF-B461-701719B427DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5B8F156F-06FD-40FD-A222-4E7E84D568B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{992E814C-9BBF-4ED2-84E7-481B9F9351D1}" = rport=445 | protocol=6 | dir=out | app=system | "{A1716E1C-8F1F-434A-A561-50223F7761C6}" = lport=139 | protocol=6 | dir=in | app=system | "{BC650E5C-2C89-4830-A693-4D61C27F980A}" = rport=137 | protocol=17 | dir=out | app=system | "{C05A6BC2-36AF-4FB8-B2FD-1391D315FB9A}" = lport=138 | protocol=17 | dir=in | app=system | "{D4AA7685-AB14-4CAF-B3C8-66D32517B037}" = rport=139 | protocol=6 | dir=out | app=system | "{FC389C46-918B-46AA-B5C8-C91F7F5112D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00219235-3BBA-4A2A-BBFA-1513E69AF589}" = protocol=17 | dir=in | app=c:\program files (x86)\nakido\nakido.exe | "{05FFAB45-AA76-4089-97AF-7CBF841ED9A5}" = protocol=58 | dir=in | [email protected],-28545 | "{1521B4B1-7092-4DB7-88BB-64D4883CBCE1}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\playmovie.exe | "{1C94DE51-C696-4905-B749-0F495F30FADA}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{233F0EAC-2D64-432E-8E54-A41F65DB2216}" = protocol=58 | dir=out | [email protected],-28546 | "{278EB41A-FB5B-4BBC-8749-924A19CB41C4}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{2AABE72B-2723-48AC-B9A1-9503755B0A76}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{304C33B9-1C41-47E9-A612-89BBAD747F55}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{4DE2FCE6-EB71-4BF3-B0AC-1631B378108F}" = protocol=6 | dir=in | app=c:\program files (x86)\nakido\nakido.exe | "{4EB79052-4411-4368-9EB3-286219A79D9F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{4F126944-E2D0-4538-9B14-D0634CB08E5D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{51EBC6AF-55C8-4859-A83D-C927299C0B29}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | "{5F6733F4-3E7E-43D1-BCED-2D1CC5866489}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{630BF419-59CD-4445-A14A-3FD7C3FB9736}" = protocol=1 | dir=in | [email protected],-28543 | "{68A7170D-A52A-48DC-8005-6F454FBF5A0D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{6AEDED5B-3A66-4510-B834-7103AE584032}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\locallow\dyyno receiver\dppm.exe | "{8621B396-6D78-4E0D-9EB1-770B83E02FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{87B8969F-F582-481C-9841-E2871B01D736}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{8CA6B9F2-5E6B-48DC-A85F-311582768B6C}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe | "{927C78CA-7117-4960-94F1-9A603E77F02E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{93EF07F5-E864-421E-8718-3A2E9BC955B3}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\locallow\dyyno receiver\dppm.exe | "{9FBCCC55-86BD-4709-BBB6-C07D54455692}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{A7241609-C5B2-4CAB-B5A2-75EB760E6AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{ABB4D55D-6DF4-483C-822E-425CFA60B3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{AFA66603-176C-4AF6-AD91-F2FD064FC2F0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{B17CB27D-80C5-4706-BAC0-17F149B11968}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{B1935623-BADE-47B6-8762-74C6208D19D8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{C117D882-3DA4-4EDD-85E9-EC998CB63EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{C21790FA-DF63-455B-A72E-22B6AEBEBB78}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{C9C2378A-4021-45DD-BD13-FF2D5767DD04}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{E3A5AEA1-AE5B-4B51-9DBE-183EF70318F7}" = protocol=1 | dir=out | [email protected],-28544 | "{E6B11E63-232A-402E-8ECF-3185098AADC2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\pmvservice.exe | "{F3CB28B7-BE9F-47A2-9F89-4E0D63337ED0}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{F53BAE5D-716F-4C3E-A29B-04234C3ACA82}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{F84004BA-2DF5-451E-BF06-738C4341E315}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{094D498F-466E-4822-97BF-FB43A961B669}" = ProxyCap "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{59427B1F-852F-4AF1-8215-E5B12F966D89}" = Logitech G11 Keyboard Software 1.03 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{41CE9D26-2DF7-498D-8E16-314507EDEE21}" = Samsung PC Studio 3 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8 "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "Acer Assist" = Acer Assist "Acer Registration" = Acer Registration "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AIM_6" = AIM 6 "ALchemy SB MB" = Creative ALchemy (SB MB Edition) "Fraps" = Fraps (remove only) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "GOM Player" = GOM Player "HandBrake" = HandBrake 0.9.3 "HijackThis" = HijackThis 2.0.2 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0 "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "LimeWire" = LimeWire 4.18.8 "Messenger Plus! Live" = Messenger Plus! Live "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "Nakido" = Nakido "NIS" = Norton Internet Security "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0 "Uninstall_is1" = Uninstall 1.0.0.1 "ViewpointMediaPlayer" = Viewpoint Media Player "VST Bridge_is1" = VST Bridge 1.1 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "World of Warcraft" = World of Warcraft "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape Streaming Services" = Octoshape Streaming Services ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/12/2009 7:03:06 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000 Description = Faulting application Wow.exe, version 3.2.2.10505, time stamp 0x4aba8ccc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x77e39400, process id 0xdd0, application start time 0x01ca7535ed75cfb0. Error - 6/12/2009 1:01:50 AM | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: dc8 Start Time: 01ca6fe218dc807f Termination Time: 32 Error - 6/12/2009 2:09:32 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000 Description = Faulting application Wow.exe, version 3.2.2.10505, time stamp 0x4aba8ccc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x77e39400, process id 0x1580, application start time 0x01ca763aaaec6400. Error - 7/12/2009 12:48:46 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 8/12/2009 12:38:05 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 9/12/2009 12:32:38 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 9/12/2009 12:34:55 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000 Description = Faulting application Wow.exe, version 3.3.0.10958, time stamp 0x4b157b80, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x77e39400, process id 0x122c, application start time 0x01ca7888f1d0d36f. Error - 9/12/2009 12:22:47 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 10/12/2009 12:44:28 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 11/12/2009 12:38:20 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 18/12/2009 3:52:19 PM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 18/12/2009 8:52:05 PM | Computer Name = Daniel-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 18/12/2009 8:52:30 PM | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Error - 19/12/2009 1:11:32 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 19/12/2009 1:19:31 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 19/12/2009 1:51:35 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 19/12/2009 2:24:43 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 19/12/2009 7:03:26 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 19/12/2009 7:11:29 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 19/12/2009 5:53:28 PM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = < End of report > Thanks.
  8. I am still having the same problem. Firefox keeps giving me a "Not responding" message on the top bar. And shortly after it redirects me to ask.com. Here's the new OTL log file. OTL logfile created on: 19/12/2009 11:56:58 AM - Run 2 OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Daniel\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 63.96% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 291.68 Gb Total Space | 200.95 Gb Free Space | 68.89% Space Free | Partition Type: NTFS Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.61% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC Current User Name: Daniel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe PRC - [2009/12/17 16:49:36 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/12/15 20:04:41 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe PRC - [2009/12/03 04:53:34 | 00,328,704 | ---- | M] (Nakido) -- C:\Program Files (x86)\Nakido\nakido.exe PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe PRC - [2009/10/03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe PRC - [2009/08/22 18:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe PRC - [2009/07/26 17:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe PRC - [2009/07/20 05:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009/07/14 13:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009/03/11 16:25:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe PRC - [2008/06/19 07:54:20 | 00,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe PRC - [2008/05/23 00:59:46 | 00,156,944 | ---- | M] (Octoshape ApS) -- C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2008/02/26 12:57:48 | 00,034,040 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008/02/26 12:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008/02/26 12:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008/02/25 20:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008/01/26 12:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2007/01/18 05:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe PRC - [2007/01/05 08:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe PRC - [2006/07/20 05:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ========== Modules (SafeList) ========== MOD - [2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe MOD - [2009/12/05 11:14:52 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2009/07/20 05:00:00 | 00,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll MOD - [2009/07/20 05:00:00 | 00,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/09/25 12:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009/07/20 13:36:14 | 00,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2008/04/26 07:30:26 | 00,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV:64bit: - [2008/01/21 13:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/12/15 20:04:41 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2009/12/03 04:53:34 | 00,328,704 | ---- | M] (Nakido) [Auto | Running] -- C:\Program Files (x86)\Nakido\nakido.exe -- (Nakido) SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/08/22 18:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009/07/14 13:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009/04/28 08:23:56 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/03/30 15:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008/09/09 08:07:57 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service) SRV - [2008/02/26 12:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008/02/26 12:53:16 | 00,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008/02/25 20:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008/01/26 12:49:04 | 00,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007/01/18 05:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/01/05 08:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/11/03 00:34:14 | 00,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2006/11/02 17:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2006/11/02 17:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) SRV - [2006/07/20 05:36:58 | 00,262,247 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 16:49:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/17 16:49:48 | 00,000,000 | ---D | M] [2008/10/01 19:01:47 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions [2009/12/19 11:49:51 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions [2008/11/30 11:13:35 | 00,000,682 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\searchplugins\ask.xml [2009/12/19 11:52:24 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2007/04/17 04:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe File not found O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKLM..\Run: [updReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/21 14:06:38 | 00,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 14:08:35 | 00,000,000 | ---D | M] NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2009/12/19 11:56:32 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2009/12/16 22:29:52 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DVDVideoSoft [2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2009/12/16 22:15:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity [2009/12/16 21:47:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP [2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2009/12/15 20:04:10 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Webroot [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot [2009/12/14 18:07:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2009/12/14 08:50:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2009/12/14 08:50:21 | 00,000,000 | ---D | C] -- C:\rsit [2009/12/11 23:51:30 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Takeoverseason_99 [2009/12/11 19:44:09 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Portrait_Of_A_King [2009/12/11 18:58:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro [2009/12/08 19:06:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nakido [2008/08/25 20:40:00 | 00,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/19 11:58:23 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009/12/19 11:58:22 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/12/19 11:58:22 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009/12/19 11:58:05 | 02,621,440 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT [2009/12/19 11:57:22 | 00,002,463 | ---- | M] () -- C:\Users\Daniel\Desktop\ProxyCap.lnk [2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2009/12/19 11:53:06 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009/12/19 11:53:05 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009/12/19 11:52:23 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2009/12/19 11:52:16 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/19 11:52:15 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/19 11:52:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/19 11:52:12 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2009/12/19 11:52:08 | 42,942,05440 | -HS- | M] () -- C:\hiberfil.sys [2009/12/19 11:51:05 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/12/19 11:51:05 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/12/19 11:50:44 | 03,075,897 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db [2009/12/19 11:50:40 | 00,000,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND [2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job [2009/12/15 20:10:25 | 00,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS [2009/12/15 20:04:40 | 00,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk [2009/12/15 20:04:30 | 00,012,288 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/15 20:04:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe [2009/12/15 20:04:00 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat [2009/12/09 15:32:05 | 00,000,680 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2009/12/06 16:01:10 | 00,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/15 20:10:22 | 00,001,730 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job [2009/12/15 20:04:40 | 00,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk [2009/12/15 20:04:13 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe [2009/12/15 20:03:56 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat [2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll [2009/11/05 11:35:18 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/11/05 11:35:17 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/11/05 11:35:16 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2009/11/05 11:35:15 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009/11/05 11:35:15 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/11/05 11:35:15 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/11/05 11:35:13 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/11/05 11:35:13 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/09/17 00:09:40 | 00,540,272 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI4740.txt [2009/09/17 00:09:39 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI4740.txt [2009/09/17 00:09:17 | 00,536,708 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI46F4.txt [2009/09/17 00:09:16 | 00,012,544 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI46F4.txt [2009/09/11 16:25:56 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/11 16:25:04 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/22 16:38:50 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/06/20 18:43:37 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/06/15 13:29:58 | 00,000,180 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup.log [2009/06/15 13:29:54 | 00,000,760 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup_ldm.iss [2008/10/22 15:36:23 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008/10/01 22:01:03 | 00,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND [2008/10/01 19:13:24 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008/10/01 19:10:04 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2008/10/01 18:53:11 | 00,012,288 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/09 08:13:17 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008/09/09 08:13:17 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008/04/29 04:18:00 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/01/21 13:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2002/05/16 11:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll [2002/05/05 01:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll [2001/12/27 10:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001/09/04 17:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001/07/31 10:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001/07/24 16:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008/10/05 12:20:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\acccore [2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer [2009/08/20 16:52:11 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acreon [2008/10/01 18:35:06 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi [2009/03/30 22:25:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeCap [2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2009/08/26 20:00:39 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire [2008/10/01 22:21:19 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProxyCap [2008/10/25 18:21:08 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung [2009/12/19 11:51:14 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/21 13:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/21 13:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/21 13:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009/04/11 18:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 22:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/21 13:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/21 13:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 18:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/21 13:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/21 13:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 13:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/21 13:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 18:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < %systemroot%\*. /mp /s > < End of report >
  9. Hi, Still having the same problems. Here are the logs: OTL logfile created on: 18/12/2009 10:17:34 AM - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Daniel\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 23.38% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 291.68 Gb Total Space | 199.00 Gb Free Space | 68.22% Space Free | Partition Type: NTFS Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC Current User Name: Daniel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/18 10:16:54 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe PRC - [2009/12/17 16:49:36 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/12/15 20:04:41 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe PRC - [2009/12/15 15:47:18 | 11,196,560 | ---- | M] (Blizzard Entertainment) -- D:\World of Warcraft\Wow.exe PRC - [2009/12/03 04:53:34 | 00,328,704 | ---- | M] (Nakido) -- C:\Program Files (x86)\Nakido\nakido.exe PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe PRC - [2009/09/11 01:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2009/08/22 18:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe PRC - [2009/07/26 17:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe PRC - [2009/07/20 05:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009/07/14 13:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009/06/25 19:53:58 | 00,669,184 | ---- | M] () -- C:\Users\Daniel\Desktop\Freecap\freecap.exe PRC - [2009/06/25 19:53:58 | 00,454,656 | ---- | M] (Simon Tatham) -- C:\Users\Daniel\Desktop\Freecap\putty.exe PRC - [2009/03/11 16:25:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe PRC - [2008/06/19 07:54:20 | 00,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe PRC - [2008/05/23 00:59:46 | 00,156,944 | ---- | M] (Octoshape ApS) -- C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2008/02/26 12:57:48 | 00,034,040 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008/02/26 12:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008/02/26 12:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008/02/25 20:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008/01/26 12:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2007/11/17 15:58:48 | 01,388,544 | ---- | M] () -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe PRC - [2007/01/18 05:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe PRC - [2007/01/05 08:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe PRC - [2006/07/20 05:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ========== Modules (SafeList) ========== MOD - [2009/12/18 10:16:54 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe MOD - [2009/12/05 11:14:52 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2009/07/20 05:00:00 | 00,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll MOD - [2009/07/20 05:00:00 | 00,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/09/25 12:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009/07/20 13:36:14 | 00,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2008/04/26 07:30:26 | 00,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV:64bit: - [2008/01/21 13:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/12/15 20:04:41 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2009/12/03 04:53:34 | 00,328,704 | ---- | M] (Nakido) [Auto | Running] -- C:\Program Files (x86)\Nakido\nakido.exe -- (Nakido) SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/08/22 18:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009/07/14 13:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009/04/28 08:23:56 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/03/30 15:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008/09/09 08:07:57 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service) SRV - [2008/02/26 12:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008/02/26 12:53:16 | 00,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008/02/25 20:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008/01/26 12:49:04 | 00,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007/01/18 05:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/01/05 08:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/11/03 00:34:14 | 00,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2006/11/02 17:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2006/11/02 17:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) SRV - [2006/07/20 05:36:58 | 00,262,247 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.26 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 16:49:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/17 16:49:48 | 00,000,000 | ---D | M] [2008/10/01 19:01:47 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions [2009/12/17 22:42:57 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions [2009/07/23 13:50:19 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions\[email protected] [2008/11/30 11:13:35 | 00,000,682 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\searchplugins\ask.xml [2009/12/17 22:42:57 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2007/04/17 04:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe File not found O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [updReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/21 14:06:38 | 00,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 14:08:35 | 00,000,000 | ---D | M] NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2009/12/18 10:16:50 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2009/12/17 16:27:01 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\GooredFix Backups [2009/12/16 22:29:52 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DVDVideoSoft [2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2009/12/16 22:15:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity [2009/12/16 21:47:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP [2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2009/12/15 20:04:10 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Webroot [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot [2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot [2009/12/14 18:07:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2009/12/14 08:50:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2009/12/14 08:50:21 | 00,000,000 | ---D | C] -- C:\rsit [2009/12/11 23:51:30 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Takeoverseason_99 [2009/12/11 19:44:09 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Portrait_Of_A_King [2009/12/11 18:58:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro [2009/12/08 19:06:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nakido [2009/12/05 11:14:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2008/08/25 20:40:00 | 00,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/18 10:22:08 | 02,621,440 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT [2009/12/18 10:16:54 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2009/12/18 10:04:51 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/18 10:04:51 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job [2009/12/17 16:28:37 | 00,002,463 | ---- | M] () -- C:\Users\Daniel\Desktop\ProxyCap.lnk [2009/12/17 16:11:07 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/12/17 16:11:07 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009/12/17 16:11:07 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009/12/17 16:05:19 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009/12/17 16:05:18 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009/12/17 16:04:52 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2009/12/17 16:04:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/17 16:04:41 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2009/12/17 16:04:38 | 42,942,05440 | -HS- | M] () -- C:\hiberfil.sys [2009/12/17 06:18:24 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/12/17 06:18:24 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/12/17 06:18:19 | 02,754,265 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db [2009/12/16 22:51:41 | 00,000,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND [2009/12/15 20:10:25 | 00,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS [2009/12/15 20:04:40 | 00,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk [2009/12/15 20:04:30 | 00,012,288 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/15 20:04:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe [2009/12/15 20:04:00 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat [2009/12/09 15:32:05 | 00,000,680 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2009/12/06 16:01:10 | 00,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/15 20:10:22 | 00,001,730 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job [2009/12/15 20:04:40 | 00,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk [2009/12/15 20:04:13 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe [2009/12/15 20:03:56 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat [2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll [2009/11/05 11:35:18 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/11/05 11:35:17 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/11/05 11:35:16 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2009/11/05 11:35:15 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009/11/05 11:35:15 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/11/05 11:35:15 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/11/05 11:35:13 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/11/05 11:35:13 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/09/17 00:09:40 | 00,540,272 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI4740.txt [2009/09/17 00:09:39 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI4740.txt [2009/09/17 00:09:17 | 00,536,708 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI46F4.txt [2009/09/17 00:09:16 | 00,012,544 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI46F4.txt [2009/09/11 16:25:56 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/11 16:25:04 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/22 16:38:50 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/06/20 18:43:37 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/06/15 13:29:58 | 00,000,180 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup.log [2009/06/15 13:29:54 | 00,000,760 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup_ldm.iss [2008/10/22 15:36:23 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008/10/01 22:01:03 | 00,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND [2008/10/01 19:13:24 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008/10/01 19:10:04 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2008/10/01 18:53:11 | 00,012,288 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/09 08:13:17 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008/09/09 08:13:17 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008/04/29 04:18:00 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/01/21 13:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2002/05/16 11:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll [2002/05/05 01:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll [2001/12/27 10:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001/09/04 17:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001/07/31 10:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001/07/24 16:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008/10/05 12:20:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\acccore [2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer [2009/08/20 16:52:11 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acreon [2008/10/01 18:35:06 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi [2009/03/30 22:25:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeCap [2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2009/08/26 20:00:39 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire [2008/10/01 22:21:19 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProxyCap [2008/10/25 18:21:08 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung [2009/12/17 06:18:26 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/21 13:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/21 13:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/21 13:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009/04/11 18:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 22:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/21 13:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/21 13:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 18:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/21 13:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/21 13:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 13:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/21 13:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 18:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < %systemroot%\*. /mp /s > < End of report > OTL Extras logfile created on: 18/12/2009 10:17:34 AM - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Daniel\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 23.38% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 291.68 Gb Total Space | 199.00 Gb Free Space | 68.22% Space Free | Partition Type: NTFS Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC Current User Name: Daniel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 89 FF 06 29 09 35 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1067394268-2681360301-3327359440-1000] "EnableNotificationsRef" = 2 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02D44CEC-02B2-4D65-8663-EFB9CB37D08A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{0F995E31-4388-41AC-880A-97008487A81F}" = lport=137 | protocol=17 | dir=in | app=system | "{21D5788B-22DB-4996-9BB4-C51B0512333B}" = lport=2869 | protocol=6 | dir=in | app=system | "{24478225-28A0-441C-92DC-3FAEAE08DDF2}" = lport=2869 | protocol=6 | dir=in | app=system | "{3327E486-F97A-4981-8334-35DA823B5A6F}" = rport=138 | protocol=17 | dir=out | app=system | "{3B65546A-0C55-46C9-8154-783DD7244D31}" = lport=445 | protocol=6 | dir=in | app=system | "{4FBBE82A-7D26-45DF-B461-701719B427DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5B8F156F-06FD-40FD-A222-4E7E84D568B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{992E814C-9BBF-4ED2-84E7-481B9F9351D1}" = rport=445 | protocol=6 | dir=out | app=system | "{A1716E1C-8F1F-434A-A561-50223F7761C6}" = lport=139 | protocol=6 | dir=in | app=system | "{BC650E5C-2C89-4830-A693-4D61C27F980A}" = rport=137 | protocol=17 | dir=out | app=system | "{C05A6BC2-36AF-4FB8-B2FD-1391D315FB9A}" = lport=138 | protocol=17 | dir=in | app=system | "{D4AA7685-AB14-4CAF-B3C8-66D32517B037}" = rport=139 | protocol=6 | dir=out | app=system | "{FC389C46-918B-46AA-B5C8-C91F7F5112D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00219235-3BBA-4A2A-BBFA-1513E69AF589}" = protocol=17 | dir=in | app=c:\program files (x86)\nakido\nakido.exe | "{05FFAB45-AA76-4089-97AF-7CBF841ED9A5}" = protocol=58 | dir=in | [email protected],-28545 | "{1521B4B1-7092-4DB7-88BB-64D4883CBCE1}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\playmovie.exe | "{1C94DE51-C696-4905-B749-0F495F30FADA}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{233F0EAC-2D64-432E-8E54-A41F65DB2216}" = protocol=58 | dir=out | [email protected],-28546 | "{278EB41A-FB5B-4BBC-8749-924A19CB41C4}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{2AABE72B-2723-48AC-B9A1-9503755B0A76}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{304C33B9-1C41-47E9-A612-89BBAD747F55}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{4DE2FCE6-EB71-4BF3-B0AC-1631B378108F}" = protocol=6 | dir=in | app=c:\program files (x86)\nakido\nakido.exe | "{4EB79052-4411-4368-9EB3-286219A79D9F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{4F126944-E2D0-4538-9B14-D0634CB08E5D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{51EBC6AF-55C8-4859-A83D-C927299C0B29}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | "{5F6733F4-3E7E-43D1-BCED-2D1CC5866489}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{630BF419-59CD-4445-A14A-3FD7C3FB9736}" = protocol=1 | dir=in | [email protected],-28543 | "{68A7170D-A52A-48DC-8005-6F454FBF5A0D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{6AEDED5B-3A66-4510-B834-7103AE584032}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\locallow\dyyno receiver\dppm.exe | "{8621B396-6D78-4E0D-9EB1-770B83E02FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{87B8969F-F582-481C-9841-E2871B01D736}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{8CA6B9F2-5E6B-48DC-A85F-311582768B6C}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe | "{927C78CA-7117-4960-94F1-9A603E77F02E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{93EF07F5-E864-421E-8718-3A2E9BC955B3}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\locallow\dyyno receiver\dppm.exe | "{9FBCCC55-86BD-4709-BBB6-C07D54455692}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{A7241609-C5B2-4CAB-B5A2-75EB760E6AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{ABB4D55D-6DF4-483C-822E-425CFA60B3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{AFA66603-176C-4AF6-AD91-F2FD064FC2F0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{B17CB27D-80C5-4706-BAC0-17F149B11968}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{B1935623-BADE-47B6-8762-74C6208D19D8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{C117D882-3DA4-4EDD-85E9-EC998CB63EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{C21790FA-DF63-455B-A72E-22B6AEBEBB78}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{C9C2378A-4021-45DD-BD13-FF2D5767DD04}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{E3A5AEA1-AE5B-4B51-9DBE-183EF70318F7}" = protocol=1 | dir=out | [email protected],-28544 | "{E6B11E63-232A-402E-8ECF-3185098AADC2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\pmvservice.exe | "{F3CB28B7-BE9F-47A2-9F89-4E0D63337ED0}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{F53BAE5D-716F-4C3E-A29B-04234C3ACA82}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{F84004BA-2DF5-451E-BF06-738C4341E315}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{094D498F-466E-4822-97BF-FB43A961B669}" = ProxyCap "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{59427B1F-852F-4AF1-8215-E5B12F966D89}" = Logitech G11 Keyboard Software 1.03 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{41CE9D26-2DF7-498D-8E16-314507EDEE21}" = Samsung PC Studio 3 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8 "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "Acer Assist" = Acer Assist "Acer Registration" = Acer Registration "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AIM_6" = AIM 6 "ALchemy SB MB" = Creative ALchemy (SB MB Edition) "Fraps" = Fraps (remove only) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "GOM Player" = GOM Player "HandBrake" = HandBrake 0.9.3 "HijackThis" = HijackThis 2.0.2 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0 "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "LimeWire" = LimeWire 4.18.8 "Messenger Plus! Live" = Messenger Plus! Live "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "Nakido" = Nakido "NIS" = Norton Internet Security "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0 "Uninstall_is1" = Uninstall 1.0.0.1 "ViewpointMediaPlayer" = Viewpoint Media Player "VST Bridge_is1" = VST Bridge 1.1 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "World of Warcraft" = World of Warcraft "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape Streaming Services" = Octoshape Streaming Services "Wow Web Stats Client v3.0" = Wow Web Stats Client v3.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28/11/2009 12:20:26 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 4/12/2009 7:03:06 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000 Description = Faulting application Wow.exe, version 3.2.2.10505, time stamp 0x4aba8ccc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x77e39400, process id 0xdd0, application start time 0x01ca7535ed75cfb0. Error - 6/12/2009 1:01:50 AM | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: dc8 Start Time: 01ca6fe218dc807f Termination Time: 32 Error - 6/12/2009 2:09:32 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000 Description = Faulting application Wow.exe, version 3.2.2.10505, time stamp 0x4aba8ccc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x77e39400, process id 0x1580, application start time 0x01ca763aaaec6400. Error - 7/12/2009 12:48:46 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 8/12/2009 12:38:05 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 9/12/2009 12:32:38 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 9/12/2009 12:34:55 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000 Description = Faulting application Wow.exe, version 3.3.0.10958, time stamp 0x4b157b80, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x77e39400, process id 0x122c, application start time 0x01ca7888f1d0d36f. Error - 9/12/2009 12:22:47 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = Error - 10/12/2009 12:44:28 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 17/12/2009 1:07:33 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 1:11:18 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 1:24:31 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 1:48:36 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 2:12:40 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 2:24:37 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 2:36:37 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 2:48:35 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 3:00:37 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = Error - 17/12/2009 3:12:39 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003 Description = < End of report >
  10. Hi, thanks for the ongoing help. Here is the log: GooredFix by jpshortstuff (06.12.09.1) Log created at 16:27 on 17/12/2009 (Daniel) Firefox version 3.5.5 (en-US) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [07:58 01/10/2008] {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [09:14 09/10/2008] C:\Users\Daniel\Application Data\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions\ [email protected] [02:50 23/07/2009] {20a82645-c095-46ed-80e3-08825760534b} [07:05 29/07/2009] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:55 13/05/2009] -=E.O.F=-
  11. Hi again, The scan did not find any files that we're recommended for removal. Here is the log: Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc Started logging on 14/12/2009 at 18:08:00 PM User "Daniel" on computer "DANIEL-PC" Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64 Info: Starting registry scan. Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409 Info: Starting disk scan of C: (NTFS). Hidden: file C:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTCNXT6.SYS Hidden: file C:\ACER\Preload\Autorun\DRV\Creative Audio XFI Hendrix\Audio\Drivers\wdm\win2k_xp\i386\ctdvda2k.sys Hidden: file C:\Program Files (x86)\BitTorrent\bittorrent.exe Hidden: file C:\Program Files (x86)\DNA\btdna.exe Hidden: file C:\ProgramData\Norton\00000082\000000fb\000002bf\cltLMS1.dat Hidden: file C:\ProgramData\Norton\00000082\000000fb\000002bf\cltLMS2.dat Info: Starting disk scan of D: (NTFS). Info: Starting disk scan of K: (NTFS). Stopped logging on 14/12/2009 at 18:53:00 PM Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc Started logging on 15/12/2009 at 15:44:42 PM User "Daniel" on computer "DANIEL-PC" Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64 Info: Starting registry scan. Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SharedDefs\APP_ID_SCANNER5 Stopped logging on 15/12/2009 at 15:46:21 PM Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc Started logging on 15/12/2009 at 15:47:48 PM User "Daniel" on computer "DANIEL-PC" Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64 Info: Starting registry scan. Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SharedDefs\APP_ID_SCANNER7 Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409 Info: Starting disk scan of C: (NTFS). Hidden: file C:\Windows\SysWOW64\KBDGR1.DLL Hidden: file C:\ACER\Preload\Autorun\DRV\Creative Audio XFI Hendrix\Audio\Drivers\wdm\win2k_xp\i386\ctdvda2k.sys Hidden: file C:\Program Files (x86)\BitTorrent\bittorrent.exe Hidden: file C:\Program Files (x86)\DNA\btdna.exe Hidden: file C:\ProgramData\Norton\00000082\000000fb\000002bf\cltLMS1.dat Hidden: file C:\ProgramData\Norton\00000082\000000fb\000002bf\cltLMS2.dat Info: Starting disk scan of D: (NTFS). Info: Starting disk scan of K: (NTFS). Stopped logging on 15/12/2009 at 16:36:40 PM
  12. Hi again, There is no option to save the log file. RootPeel does not support 64 bit Systems. I am unable to run that. As for RSIT here are the logs. info.txt logfile of random's system information tool 1.06 2009-12-14 08:50:36 ======Uninstall list====== -->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7AF9359B-EBB1-4CEB-830E-857F22B656FF}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall Acer Assist-->C:\Program Files (x86)\Acer\Acer Assist\uninstall.exe Acer DV Magician-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\setup.exe" -uninstall Acer DVDivine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall Acer Empowering Technology-->"C:\Program Files (x86)\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly Acer eRecovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly Acer HomeMedia Connect-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\setup.exe" -uninstall Acer HomeMedia Trial Creator-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\setup.exe" -uninstall Acer HomeMedia-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall Acer PlayMovie-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall Acer Registration-->C:\Program Files (x86)\Acer\Acer Registration\uninstall.exe Acer ScreenSaver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acer SlideShow DVD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\setup.exe" -uninstall Acer VideoMagician-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log AIM 6-->C:\Program Files (x86)\AIM6\uninst.exe AIM Toolbar 5.0-->"C:\Program Files (x86)\AOL\AIM Toolbar 5.0\uninstall.exe" Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Creative ALchemy (SB MB Edition)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7AF9359B-EBB1-4CEB-830E-857F22B656FF}\setup.exe" -l0x9 /remove Creative Sound Blaster MB-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{143C7D3A-02DD-4163-9880-11B202B7E3E6}\setup.exe" -l0x9 /remove DivX Plus Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN eSobi v2-->C:\Program Files (x86)\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409 Fraps (remove only)-->"C:\Fraps\uninstall.exe" GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe" Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} HandBrake 0.9.3-->C:\Program Files (x86)\HandBrake\uninst.exe HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT="" Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly K-Lite Mega Codec Pack 5.3.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" LimeWire 4.18.8-->"C:\Program Files (x86)\LimeWire\uninstall.exe" Logitech SetPoint-->"C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly Marvell Network Configuration Utility-->MsiExec.exe /X{7A351AAA-E651-41B1-89B6-972A676FF78B} Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7} Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe" Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (3.5.5)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nakido-->C:\Program Files (x86)\Nakido\Uninstall.exe Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.7.2.11\InstStub.exe /X NTI Backup Now 5-->C:\Program Files (x86)\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409 NTI Media Maker 8-->C:\Program Files (x86)\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409 NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m Samsung PC Studio 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly Tortun 0.8-->"C:\Program Files (x86)\Tortun\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Viewpoint Media Player-->C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\unyt.exe ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Daniel-PC Event Code: 31004 Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Record Number: 79161 Source Name: Microsoft-Windows-SharedAccess_NAT Time Written: 20090529101525.000000-000 Event Type: Error User: Computer Name: Daniel-PC Event Code: 31004 Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Record Number: 79143 Source Name: Microsoft-Windows-SharedAccess_NAT Time Written: 20090529101025.000000-000 Event Type: Error User: Computer Name: Daniel-PC Event Code: 4321 Message: The name "WORKGROUP :1d" could not be registered on the interface with IP address 169.254.120.235. The computer with the IP address 169.254.246.42 did not allow the name to be claimed by this computer. Record Number: 79126 Source Name: netbt Time Written: 20090529100653.944827-000 Event Type: Error User: Computer Name: Daniel-PC Event Code: 4321 Message: The name "WORKGROUP :1d" could not be registered on the interface with IP address 169.254.120.235. The computer with the IP address 169.254.246.42 did not allow the name to be claimed by this computer. Record Number: 79093 Source Name: netbt Time Written: 20090529100427.226827-000 Event Type: Error User: Computer Name: Daniel-PC Event Code: 31004 Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Record Number: 78896 Source Name: Microsoft-Windows-SharedAccess_NAT Time Written: 20090529095021.000000-000 Event Type: Error User: =====Application event log===== Computer Name: Daniel-PC Event Code: 11935 Message: Product: MSXML 4.0 SP2 (KB936181) -- Error 1935. An error occured during the installation of assembly component {7B298060-1128-B7E8-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9848.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86" Record Number: 419 Source Name: MsiInstaller Time Written: 20081001071956.000000-000 Event Type: Error User: NT AUTHORITY\SYSTEM Computer Name: Daniel-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 390 Source Name: Microsoft-Windows-WMI Time Written: 20081001070819.000000-000 Event Type: Error User: Computer Name: Daniel-PC Event Code: 3086 Message: The system locale has changed. Existing data will be deleted and the index must be recreated. Context: Windows Application, SystemIndex Catalog Record Number: 369 Source Name: Microsoft-Windows-Search Time Written: 20081001070714.000000-000 Event Type: Warning User: Computer Name: Daniel-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 349 Source Name: Microsoft-Windows-WMI Time Written: 20081001070231.000000-000 Event Type: Error User: Computer Name: Daniel-PC Event Code: 1008 Message: The Windows Search Service is attempting to remove the old catalog. Record Number: 345 Source Name: Microsoft-Windows-Search Time Written: 20081001070228.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: Daniel-PC Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANIEL-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 35790 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090314001528.091000-000 Event Type: Audit Success User: Computer Name: Daniel-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 35789 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090313143211.771000-000 Event Type: Audit Success User: Computer Name: Daniel-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANIEL-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 35788 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090313143211.771000-000 Event Type: Audit Success User: Computer Name: Daniel-PC Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANIEL-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 35787 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090313143211.771000-000 Event Type: Audit Success User: Computer Name: Daniel-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 35786 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090313143211.594000-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Samsung\Samsung PC Studio 3\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=1707 "NUMBER_OF_PROCESSORS"=4 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat "DFSTRACINGON"=FALSE "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\; -----------------EOF----------------- LOG: Logfile of random's system information tool 1.06 (written by random/random) Run by Daniel at 2009-12-14 08:50:21 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 203 GB (68%) free of 299 GB Total RAM: 4094 MB (27% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:50:32 AM, on 14/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files (x86)\DNA\btdna.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Daniel\Desktop\Freecap\freecap.exe C:\Users\Daniel\Desktop\Freecap\putty.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Daniel\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Daniel.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: &AIM Search - c:\program files (x86)\aol\aim toolbar 5.0\resources\en-us\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll O10 - Unknown file in Winsock LSP: w2pxdrv.dll O10 - Unknown file in Winsock LSP: w2pxdrv.dll O10 - Unknown file in Winsock LSP: w2pxdrv.dll O10 - Unknown file in Winsock LSP: w2pxdrv.dll O10 - Unknown file in Winsock LSP: w2pxdrv.dll O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nakido - Nakido - C:\Program Files (x86)\Nakido\nakido.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sound Blaster MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11338 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar Launcher - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-08 1090912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-05 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-28 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-05 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-08 1090912] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-05 256112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864] "PCMMediaSharing"=C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-26 204908] "BkupTray"=C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-02-26 34040] "UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112] "eRecoveryService"= [] "PlayMovie"=C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe [2008-06-19 172032] "Acer Product Registration"=C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe [2007-11-27 3387392] "Acer Assist Launcher"=C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [2007-11-20 1261568] "SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-11 39408] "MsnMsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "Aim6"= [] "Octoshape Streaming Services"=C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2008-05-23 156944] "BitTorrent DNA"=C:\Program Files (x86)\DNA\btdna.exe [2009-10-07 323392] "WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"= "NoActiveDesktopChanges"= "ForceActiveDesktopOn"= "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\BitTorrent\bittorrent.exe"="C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-12-14 08:50:22 ----D---- C:\Program Files (x86)\trend micro 2009-12-14 08:50:21 ----D---- C:\rsit 2009-12-11 18:58:01 ----D---- C:\Program Files (x86)\TrendMicro 2009-12-10 03:00:37 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-10 03:00:27 ----A---- C:\Windows\system32\httpapi.dll 2009-12-09 15:44:12 ----A---- C:\Windows\system32\winhttp.dll 2009-12-09 15:43:37 ----A---- C:\Windows\system32\wininet.dll 2009-12-09 15:43:37 ----A---- C:\Windows\system32\urlmon.dll 2009-12-09 15:43:37 ----A---- C:\Windows\system32\mshtml.dll 2009-12-09 15:43:35 ----A---- C:\Windows\system32\ieframe.dll 2009-12-09 15:43:32 ----A---- C:\Windows\system32\ieui.dll 2009-12-09 15:43:31 ----A---- C:\Windows\system32\ieencode.dll 2009-12-09 15:43:25 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-09 15:43:16 ----A---- C:\Windows\system32\rastls.dll 2009-12-08 19:06:27 ----D---- C:\Program Files (x86)\Nakido 2009-12-05 11:14:45 ----D---- C:\Program Files (x86)\Common Files\DivX Shared 2009-11-26 03:01:17 ----A---- C:\Windows\system32\tzres.dll 2009-11-25 15:46:36 ----A---- C:\Windows\system32\msxml6.dll 2009-11-25 15:46:35 ----A---- C:\Windows\system32\msxml3.dll 2009-11-18 03:29:16 ----D---- C:\Windows\system32\spool 2009-11-18 03:29:16 ----D---- C:\Program Files (x86)\Windows Portable Devices 2009-11-18 03:02:38 ----A---- C:\Windows\system32\WMPhoto.dll 2009-11-18 03:02:36 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2009-11-18 03:02:36 ----A---- C:\Windows\system32\WindowsCodecs.dll 2009-11-18 03:02:36 ----A---- C:\Windows\system32\d3d10warp.dll 2009-11-18 03:02:36 ----A---- C:\Windows\system32\d2d1.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\xpsservices.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\XpsRasterService.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\XpsPrint.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\XpsGdiConverter.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\OpcServices.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\dxgi.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\dxdiagn.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\dxdiag.exe 2009-11-18 03:02:35 ----A---- C:\Windows\system32\d3d11.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\d3d10level9.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\d3d10core.dll 2009-11-18 03:02:35 ----A---- C:\Windows\system32\d3d10_1core.dll 2009-11-18 03:02:34 ----A---- C:\Windows\system32\DWrite.dll 2009-11-18 03:02:34 ----A---- C:\Windows\system32\d3d10_1.dll 2009-11-18 03:02:34 ----A---- C:\Windows\system32\d3d10.dll 2009-11-18 03:01:38 ----A---- C:\Windows\system32\WPDShextAutoplay.exe 2009-11-18 03:01:31 ----A---- C:\Windows\system32\WPDSp.dll 2009-11-18 03:01:31 ----A---- C:\Windows\system32\WPDShServiceObj.dll 2009-11-18 03:01:31 ----A---- C:\Windows\system32\wpdshext.dll 2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll 2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll 2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2009-11-18 03:00:21 ----A---- C:\Windows\system32\oleaccrc.dll 2009-11-18 03:00:19 ----A---- C:\Windows\system32\UIAutomationCore.dll 2009-11-18 03:00:19 ----A---- C:\Windows\system32\oleacc.dll ======List of files/folders modified in the last 1 months====== 2009-12-14 08:50:32 ----D---- C:\Windows\Prefetch 2009-12-14 08:50:27 ----D---- C:\Windows\Temp 2009-12-14 08:50:22 ----RD---- C:\Program Files (x86) 2009-12-14 08:46:06 ----D---- C:\Program Files (x86)\Mozilla Firefox 2009-12-14 08:44:53 ----D---- C:\Users\Daniel\AppData\Roaming\DNA 2009-12-14 01:10:38 ----SHD---- C:\System Volume Information 2009-12-13 12:22:55 ----D---- C:\Windows\System32 2009-12-13 12:22:55 ----D---- C:\Windows\inf 2009-12-11 18:58:03 ----SHD---- C:\Windows\Installer 2009-12-11 15:38:20 ----D---- C:\Program Files (x86)\DNA 2009-12-11 15:38:08 ----D---- C:\ProgramData\NVIDIA 2009-12-10 03:38:41 ----D---- C:\Windows\rescache 2009-12-10 03:32:35 ----D---- C:\Windows\winsxs 2009-12-10 03:19:55 ----D---- C:\Windows\SysWOW64 2009-12-10 03:19:55 ----D---- C:\Windows\system32\en-US 2009-12-10 03:19:55 ----D---- C:\Program Files (x86)\Windows Mail 2009-12-05 11:14:54 ----D---- C:\Program Files (x86)\DivX 2009-12-05 11:14:45 ----D---- C:\Program Files (x86)\Common Files 2009-11-26 03:01:02 ----D---- C:\Windows 2009-11-18 03:29:16 ----RD---- C:\Program Files 2009-11-18 03:29:16 ----D---- C:\Windows\system32\wbem 2009-11-18 03:29:14 ----D---- C:\Windows\system32\zh-TW 2009-11-18 03:29:14 ----D---- C:\Windows\system32\zh-HK 2009-11-18 03:29:14 ----D---- C:\Windows\system32\uk-UA 2009-11-18 03:29:14 ----D---- C:\Windows\system32\tr-TR 2009-11-18 03:29:14 ----D---- C:\Windows\system32\th-TH 2009-11-18 03:29:14 ----D---- C:\Windows\system32\sv-SE 2009-11-18 03:29:14 ----D---- C:\Windows\system32\sr-Latn-CS 2009-11-18 03:29:14 ----D---- C:\Windows\system32\sl-SI 2009-11-18 03:29:14 ----D---- C:\Windows\system32\sk-SK 2009-11-18 03:29:14 ----D---- C:\Windows\system32\pt-PT 2009-11-18 03:29:14 ----D---- C:\Windows\system32\pt-BR 2009-11-18 03:29:14 ----D---- C:\Windows\system32\pl-PL 2009-11-18 03:29:14 ----D---- C:\Windows\system32\nl-NL 2009-11-18 03:29:14 ----D---- C:\Windows\system32\lv-LV 2009-11-18 03:29:14 ----D---- C:\Windows\system32\lt-LT 2009-11-18 03:29:14 ----D---- C:\Windows\system32\ko-KR 2009-11-18 03:29:14 ----D---- C:\Windows\system32\it-IT 2009-11-18 03:29:14 ----D---- C:\Windows\system32\hu-HU 2009-11-18 03:29:14 ----D---- C:\Windows\system32\hr-HR 2009-11-18 03:29:14 ----D---- C:\Windows\system32\he-IL 2009-11-18 03:29:14 ----D---- C:\Windows\system32\fr-FR 2009-11-18 03:29:14 ----D---- C:\Windows\system32\fi-FI 2009-11-18 03:29:14 ----D---- C:\Windows\system32\es-ES 2009-11-18 03:29:14 ----D---- C:\Windows\system32\el-GR 2009-11-18 03:29:14 ----D---- C:\Windows\system32\bg-BG 2009-11-18 03:29:13 ----D---- C:\Windows\system32\zh-CN 2009-11-18 03:29:13 ----D---- C:\Windows\system32\ru-RU 2009-11-18 03:29:13 ----D---- C:\Windows\system32\ro-RO 2009-11-18 03:29:13 ----D---- C:\Windows\system32\nb-NO 2009-11-18 03:29:13 ----D---- C:\Windows\system32\ja-JP 2009-11-18 03:29:13 ----D---- C:\Windows\system32\et-EE 2009-11-18 03:29:13 ----D---- C:\Windows\system32\de-DE 2009-11-18 03:29:13 ----D---- C:\Windows\system32\da-DK 2009-11-18 03:29:13 ----D---- C:\Windows\system32\cs-CZ 2009-11-18 03:29:13 ----D---- C:\Windows\system32\ar-SA ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx64;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NISx64\1007020.00B\BHDrvx64.sys [] R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NISx64\1007020.00B\ccHPx64.sys [] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-08-26 475696] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091111.001\IDSvia64.sys [2009-10-29 466992] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1007020.00B\SRTSPX64.SYS [] R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [] R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NISx64\1007020.00B\SYMTDI.SYS [] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl [2008-06-19 32240] R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-04-26 17952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 132656] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.008\ENG64.SYS [2009-08-25 116272] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.008\EX64.SYS [2009-08-25 1742896] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [] R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1007020.00B\SRTSP64.SYS [] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [] R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NISx64\1007020.00B\SYMFW.SYS [] R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NISx64\1007020.00B\SYMNDISV.SYS [] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [] S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [] S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [] S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [] S3 SkLaggProtocol;Marvell Link Aggregation Protocol; C:\Windows\system32\DRIVERS\yk60x64l.sys [] S3 SkVlanProtocol;Marvell VLAN Protocol; C:\Windows\system32\DRIVERS\yk60x64v.sys [] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [] S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-26 21752] R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-26 24576] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-18 61440] R2 Nakido;Nakido; C:\Program Files (x86)\Nakido\nakido.e [2009-12-11 65536] R2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-26 131072] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-07-20 160784] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968] S3 Sound Blaster MB Licensing Service;Sound Blaster MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe [2008-09-09 79360] -----------------EOF----------------- Thanks.
  13. Hi Thomas, Thank you for the reply! I did everything as you said but I don't see any results showing up after the scan is complete. A box pops up saying the scan is complete and no changes have been found. But I do not see any results once I hit "Ok". I save/copy after I've done this and it does not copy anything at all. Would you happen to know why it's doing this? Thanks.
  14. Hi.

    Welcome to the forum.