Mozilla Hijacked Frequently


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 7:00:41 PM, on 11/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\DNA\btdna.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Daniel\Desktop\Freecap\freecap.exe

C:\Users\Daniel\Desktop\Freecap\putty.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: &AIM Search - c:\program files (x86)\aol\aim toolbar 5.0\resources\en-us\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nakido - Nakido - C:\Program Files (x86)\Nakido\nakido.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Sound Blaster MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11463 bytes

HI All,

This only started recently.

Any help with this would be much appreciated :)

Link to post
Share on other sites

Hello, Sup3rior

Welcome to the BestTechie Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

Link to post
Share on other sites

Hi Thomas,

Thank you for the reply!

I did everything as you said but I don't see any results showing up after the scan is complete. A box pops up saying the scan is complete and no changes have been found. But I do not see any results once I hit "Ok". I save/copy after I've done this and it does not copy anything at all.

Would you happen to know why it's doing this?

Thanks.

Edited by Sup3rior
Link to post
Share on other sites

Hi,

When you click on save there is no chance to save the logfile?

If not, please try this one:

RootRepeal - Rootkit Detector

Download RootRepeal.zip and unzip it to your Desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Clickthe Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services

    [*]Click the OK button

    [*]In the next dialog, select all drives showing

    [*]Click OK to start the scan

    The scan can take some time. DO NOT run any other programs while the scan is running

    [*]When the scan is complete, the Save Report button will become available

    [*]Click this and save the report to your Desktop as RootRepeal.txt

    [*]Go to File, then Exit to close the program

Also please do this:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites

Hi again,

There is no option to save the log file.

RootPeel does not support 64 bit Systems. I am unable to run that.

As for RSIT here are the logs.

info.txt logfile of random's system information tool 1.06 2009-12-14 08:50:36

======Uninstall list======

-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7AF9359B-EBB1-4CEB-830E-857F22B656FF}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove

Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall

Acer Assist-->C:\Program Files (x86)\Acer\Acer Assist\uninstall.exe

Acer DV Magician-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\setup.exe" -uninstall

Acer DVDivine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall

Acer Empowering Technology-->"C:\Program Files (x86)\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly

Acer eRecovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly

Acer HomeMedia Connect-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\setup.exe" -uninstall

Acer HomeMedia Trial Creator-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\setup.exe" -uninstall

Acer HomeMedia-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall

Acer PlayMovie-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall

Acer Registration-->C:\Program Files (x86)\Acer\Acer Registration\uninstall.exe

Acer ScreenSaver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly

Acer SlideShow DVD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\setup.exe" -uninstall

Acer VideoMagician-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}

Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log

AIM 6-->C:\Program Files (x86)\AIM6\uninst.exe

AIM Toolbar 5.0-->"C:\Program Files (x86)\AOL\AIM Toolbar 5.0\uninstall.exe"

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Creative ALchemy (SB MB Edition)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7AF9359B-EBB1-4CEB-830E-857F22B656FF}\setup.exe" -l0x9 /remove

Creative Sound Blaster MB-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{143C7D3A-02DD-4163-9880-11B202B7E3E6}\setup.exe" -l0x9 /remove

DivX Plus Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN

eSobi v2-->C:\Program Files (x86)\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409

Fraps (remove only)-->"C:\Fraps\uninstall.exe"

GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

HandBrake 0.9.3-->C:\Program Files (x86)\HandBrake\uninst.exe

HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall

HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly

K-Lite Mega Codec Pack 5.3.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"

LimeWire 4.18.8-->"C:\Program Files (x86)\LimeWire\uninstall.exe"

Logitech SetPoint-->"C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly

Marvell Network Configuration Utility-->MsiExec.exe /X{7A351AAA-E651-41B1-89B6-972A676FF78B}

Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7}

Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mozilla Firefox (3.5.5)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nakido-->C:\Program Files (x86)\Nakido\Uninstall.exe

Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.7.2.11\InstStub.exe /X

NTI Backup Now 5-->C:\Program Files (x86)\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409

NTI Media Maker 8-->C:\Program Files (x86)\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409

NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}

NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask

Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m

Samsung PC Studio 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly

Tortun 0.8-->"C:\Program Files (x86)\Tortun\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Viewpoint Media Player-->C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}

Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\unyt.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Daniel-PC

Event Code: 31004

Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Record Number: 79161

Source Name: Microsoft-Windows-SharedAccess_NAT

Time Written: 20090529101525.000000-000

Event Type: Error

User:

Computer Name: Daniel-PC

Event Code: 31004

Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Record Number: 79143

Source Name: Microsoft-Windows-SharedAccess_NAT

Time Written: 20090529101025.000000-000

Event Type: Error

User:

Computer Name: Daniel-PC

Event Code: 4321

Message: The name "WORKGROUP :1d" could not be registered on the interface with IP address 169.254.120.235. The computer with the IP address 169.254.246.42 did not allow the name to be claimed by this computer.

Record Number: 79126

Source Name: netbt

Time Written: 20090529100653.944827-000

Event Type: Error

User:

Computer Name: Daniel-PC

Event Code: 4321

Message: The name "WORKGROUP :1d" could not be registered on the interface with IP address 169.254.120.235. The computer with the IP address 169.254.246.42 did not allow the name to be claimed by this computer.

Record Number: 79093

Source Name: netbt

Time Written: 20090529100427.226827-000

Event Type: Error

User:

Computer Name: Daniel-PC

Event Code: 31004

Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Record Number: 78896

Source Name: Microsoft-Windows-SharedAccess_NAT

Time Written: 20090529095021.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: Daniel-PC

Event Code: 11935

Message: Product: MSXML 4.0 SP2 (KB936181) -- Error 1935. An error occured during the installation of assembly component {7B298060-1128-B7E8-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9848.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"

Record Number: 419

Source Name: MsiInstaller

Time Written: 20081001071956.000000-000

Event Type: Error

User: NT AUTHORITY\SYSTEM

Computer Name: Daniel-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 390

Source Name: Microsoft-Windows-WMI

Time Written: 20081001070819.000000-000

Event Type: Error

User:

Computer Name: Daniel-PC

Event Code: 3086

Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Windows Application, SystemIndex Catalog

Record Number: 369

Source Name: Microsoft-Windows-Search

Time Written: 20081001070714.000000-000

Event Type: Warning

User:

Computer Name: Daniel-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 349

Source Name: Microsoft-Windows-WMI

Time Written: 20081001070231.000000-000

Event Type: Error

User:

Computer Name: Daniel-PC

Event Code: 1008

Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 345

Source Name: Microsoft-Windows-Search

Time Written: 20081001070228.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: Daniel-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: DANIEL-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x26c

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 35790

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090314001528.091000-000

Event Type: Audit Success

User:

Computer Name: Daniel-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 35789

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090313143211.771000-000

Event Type: Audit Success

User:

Computer Name: Daniel-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: DANIEL-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x26c

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 35788

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090313143211.771000-000

Event Type: Audit Success

User:

Computer Name: Daniel-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: DANIEL-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x26c

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 35787

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090313143211.771000-000

Event Type: Audit Success

User:

Computer Name: Daniel-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 35786

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090313143211.594000-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Samsung\Samsung PC Studio 3\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=1707

"NUMBER_OF_PROCESSORS"=4

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat

"DFSTRACINGON"=FALSE

"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\;

-----------------EOF-----------------

LOG:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Daniel at 2009-12-14 08:50:21

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 203 GB (68%) free of 299 GB

Total RAM: 4094 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:50:32 AM, on 14/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\DNA\btdna.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Daniel\Desktop\Freecap\freecap.exe

C:\Users\Daniel\Desktop\Freecap\putty.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Daniel\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\Daniel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: &AIM Search - c:\program files (x86)\aol\aim toolbar 5.0\resources\en-us\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nakido - Nakido - C:\Program Files (x86)\Nakido\nakido.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Sound Blaster MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11338 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

AOL Toolbar Launcher - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-08 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-05 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-28 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-05 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]

{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-08 1090912]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-05 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]

"PCMMediaSharing"=C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-26 204908]

"BkupTray"=C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-02-26 34040]

"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]

"eRecoveryService"= []

"PlayMovie"=C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe [2008-06-19 172032]

"Acer Product Registration"=C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe [2007-11-27 3387392]

"Acer Assist Launcher"=C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [2007-11-20 1261568]

"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-11 39408]

"MsnMsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"Aim6"= []

"Octoshape Streaming Services"=C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2008-05-23 156944]

"BitTorrent DNA"=C:\Program Files (x86)\DNA\btdna.exe [2009-10-07 323392]

"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"NoActiveDesktopChanges"=

"ForceActiveDesktopOn"=

"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files (x86)\BitTorrent\bittorrent.exe"="C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-14 08:50:22 ----D---- C:\Program Files (x86)\trend micro

2009-12-14 08:50:21 ----D---- C:\rsit

2009-12-11 18:58:01 ----D---- C:\Program Files (x86)\TrendMicro

2009-12-10 03:00:37 ----A---- C:\Windows\system32\nshhttp.dll

2009-12-10 03:00:27 ----A---- C:\Windows\system32\httpapi.dll

2009-12-09 15:44:12 ----A---- C:\Windows\system32\winhttp.dll

2009-12-09 15:43:37 ----A---- C:\Windows\system32\wininet.dll

2009-12-09 15:43:37 ----A---- C:\Windows\system32\urlmon.dll

2009-12-09 15:43:37 ----A---- C:\Windows\system32\mshtml.dll

2009-12-09 15:43:35 ----A---- C:\Windows\system32\ieframe.dll

2009-12-09 15:43:32 ----A---- C:\Windows\system32\ieui.dll

2009-12-09 15:43:31 ----A---- C:\Windows\system32\ieencode.dll

2009-12-09 15:43:25 ----A---- C:\Windows\system32\ieapfltr.dll

2009-12-09 15:43:16 ----A---- C:\Windows\system32\rastls.dll

2009-12-08 19:06:27 ----D---- C:\Program Files (x86)\Nakido

2009-12-05 11:14:45 ----D---- C:\Program Files (x86)\Common Files\DivX Shared

2009-11-26 03:01:17 ----A---- C:\Windows\system32\tzres.dll

2009-11-25 15:46:36 ----A---- C:\Windows\system32\msxml6.dll

2009-11-25 15:46:35 ----A---- C:\Windows\system32\msxml3.dll

2009-11-18 03:29:16 ----D---- C:\Windows\system32\spool

2009-11-18 03:29:16 ----D---- C:\Program Files (x86)\Windows Portable Devices

2009-11-18 03:02:38 ----A---- C:\Windows\system32\WMPhoto.dll

2009-11-18 03:02:36 ----A---- C:\Windows\system32\WindowsCodecsExt.dll

2009-11-18 03:02:36 ----A---- C:\Windows\system32\WindowsCodecs.dll

2009-11-18 03:02:36 ----A---- C:\Windows\system32\d3d10warp.dll

2009-11-18 03:02:36 ----A---- C:\Windows\system32\d2d1.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\xpsservices.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\XpsRasterService.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\XpsPrint.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\XpsGdiConverter.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\OpcServices.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\dxgi.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\dxdiagn.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\dxdiag.exe

2009-11-18 03:02:35 ----A---- C:\Windows\system32\d3d11.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\d3d10level9.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\d3d10core.dll

2009-11-18 03:02:35 ----A---- C:\Windows\system32\d3d10_1core.dll

2009-11-18 03:02:34 ----A---- C:\Windows\system32\DWrite.dll

2009-11-18 03:02:34 ----A---- C:\Windows\system32\d3d10_1.dll

2009-11-18 03:02:34 ----A---- C:\Windows\system32\d3d10.dll

2009-11-18 03:01:38 ----A---- C:\Windows\system32\WPDShextAutoplay.exe

2009-11-18 03:01:31 ----A---- C:\Windows\system32\WPDSp.dll

2009-11-18 03:01:31 ----A---- C:\Windows\system32\WPDShServiceObj.dll

2009-11-18 03:01:31 ----A---- C:\Windows\system32\wpdshext.dll

2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll

2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceTypes.dll

2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll

2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll

2009-11-18 03:01:31 ----A---- C:\Windows\system32\PortableDeviceApi.dll

2009-11-18 03:00:21 ----A---- C:\Windows\system32\oleaccrc.dll

2009-11-18 03:00:19 ----A---- C:\Windows\system32\UIAutomationCore.dll

2009-11-18 03:00:19 ----A---- C:\Windows\system32\oleacc.dll

======List of files/folders modified in the last 1 months======

2009-12-14 08:50:32 ----D---- C:\Windows\Prefetch

2009-12-14 08:50:27 ----D---- C:\Windows\Temp

2009-12-14 08:50:22 ----RD---- C:\Program Files (x86)

2009-12-14 08:46:06 ----D---- C:\Program Files (x86)\Mozilla Firefox

2009-12-14 08:44:53 ----D---- C:\Users\Daniel\AppData\Roaming\DNA

2009-12-14 01:10:38 ----SHD---- C:\System Volume Information

2009-12-13 12:22:55 ----D---- C:\Windows\System32

2009-12-13 12:22:55 ----D---- C:\Windows\inf

2009-12-11 18:58:03 ----SHD---- C:\Windows\Installer

2009-12-11 15:38:20 ----D---- C:\Program Files (x86)\DNA

2009-12-11 15:38:08 ----D---- C:\ProgramData\NVIDIA

2009-12-10 03:38:41 ----D---- C:\Windows\rescache

2009-12-10 03:32:35 ----D---- C:\Windows\winsxs

2009-12-10 03:19:55 ----D---- C:\Windows\SysWOW64

2009-12-10 03:19:55 ----D---- C:\Windows\system32\en-US

2009-12-10 03:19:55 ----D---- C:\Program Files (x86)\Windows Mail

2009-12-05 11:14:54 ----D---- C:\Program Files (x86)\DivX

2009-12-05 11:14:45 ----D---- C:\Program Files (x86)\Common Files

2009-11-26 03:01:02 ----D---- C:\Windows

2009-11-18 03:29:16 ----RD---- C:\Program Files

2009-11-18 03:29:16 ----D---- C:\Windows\system32\wbem

2009-11-18 03:29:14 ----D---- C:\Windows\system32\zh-TW

2009-11-18 03:29:14 ----D---- C:\Windows\system32\zh-HK

2009-11-18 03:29:14 ----D---- C:\Windows\system32\uk-UA

2009-11-18 03:29:14 ----D---- C:\Windows\system32\tr-TR

2009-11-18 03:29:14 ----D---- C:\Windows\system32\th-TH

2009-11-18 03:29:14 ----D---- C:\Windows\system32\sv-SE

2009-11-18 03:29:14 ----D---- C:\Windows\system32\sr-Latn-CS

2009-11-18 03:29:14 ----D---- C:\Windows\system32\sl-SI

2009-11-18 03:29:14 ----D---- C:\Windows\system32\sk-SK

2009-11-18 03:29:14 ----D---- C:\Windows\system32\pt-PT

2009-11-18 03:29:14 ----D---- C:\Windows\system32\pt-BR

2009-11-18 03:29:14 ----D---- C:\Windows\system32\pl-PL

2009-11-18 03:29:14 ----D---- C:\Windows\system32\nl-NL

2009-11-18 03:29:14 ----D---- C:\Windows\system32\lv-LV

2009-11-18 03:29:14 ----D---- C:\Windows\system32\lt-LT

2009-11-18 03:29:14 ----D---- C:\Windows\system32\ko-KR

2009-11-18 03:29:14 ----D---- C:\Windows\system32\it-IT

2009-11-18 03:29:14 ----D---- C:\Windows\system32\hu-HU

2009-11-18 03:29:14 ----D---- C:\Windows\system32\hr-HR

2009-11-18 03:29:14 ----D---- C:\Windows\system32\he-IL

2009-11-18 03:29:14 ----D---- C:\Windows\system32\fr-FR

2009-11-18 03:29:14 ----D---- C:\Windows\system32\fi-FI

2009-11-18 03:29:14 ----D---- C:\Windows\system32\es-ES

2009-11-18 03:29:14 ----D---- C:\Windows\system32\el-GR

2009-11-18 03:29:14 ----D---- C:\Windows\system32\bg-BG

2009-11-18 03:29:13 ----D---- C:\Windows\system32\zh-CN

2009-11-18 03:29:13 ----D---- C:\Windows\system32\ru-RU

2009-11-18 03:29:13 ----D---- C:\Windows\system32\ro-RO

2009-11-18 03:29:13 ----D---- C:\Windows\system32\nb-NO

2009-11-18 03:29:13 ----D---- C:\Windows\system32\ja-JP

2009-11-18 03:29:13 ----D---- C:\Windows\system32\et-EE

2009-11-18 03:29:13 ----D---- C:\Windows\system32\de-DE

2009-11-18 03:29:13 ----D---- C:\Windows\system32\da-DK

2009-11-18 03:29:13 ----D---- C:\Windows\system32\cs-CZ

2009-11-18 03:29:13 ----D---- C:\Windows\system32\ar-SA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx64;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NISx64\1007020.00B\BHDrvx64.sys []

R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NISx64\1007020.00B\ccHPx64.sys []

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-08-26 475696]

R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091111.001\IDSvia64.sys [2009-10-29 466992]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1007020.00B\SRTSPX64.SYS []

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []

R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NISx64\1007020.00B\SYMTDI.SYS []

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl [2008-06-19 32240]

R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-04-26 17952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 132656]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.008\ENG64.SYS [2009-08-25 116272]

R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.008\EX64.SYS [2009-08-25 1742896]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys []

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []

R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1007020.00B\SRTSP64.SYS []

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []

R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NISx64\1007020.00B\SYMFW.SYS []

R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NISx64\1007020.00B\SYMNDISV.SYS []

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []

S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []

S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []

S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []

S3 SkLaggProtocol;Marvell Link Aggregation Protocol; C:\Windows\system32\DRIVERS\yk60x64l.sys []

S3 SkVlanProtocol;Marvell VLAN Protocol; C:\Windows\system32\DRIVERS\yk60x64v.sys []

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys []

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys []

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys []

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []

S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-26 21752]

R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-26 24576]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-18 61440]

R2 Nakido;Nakido; C:\Program Files (x86)\Nakido\nakido.e [2009-12-11 65536]

R2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-26 131072]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]

R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-07-20 160784]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

S3 Sound Blaster MB Licensing Service;Sound Blaster MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe [2008-09-09 79360]

-----------------EOF-----------------

Thanks.

Link to post
Share on other sites

Hi,

Try this one, it will run on 64Bit systems:

Please download Sophos Anti-rootkit & save it to your desktop.

alternate download link

Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.

  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:

  • Running processes
  • Windows Registry
  • Local Hard Drives

[*]Click Start scan.

[*]Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.

[*]When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.

[*]Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.

  • Files tagged as Removable: No are not marked for removal and cannot be removed.
  • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
  • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.

[*]Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.

[*]A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.

[*]After reboot, a dialog box displays the files you selected for removal and the action taken.

[*]Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.

[*]When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log

[*]This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.

Link to post
Share on other sites

Hi again,

The scan did not find any files that we're recommended for removal. Here is the log:

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc

Started logging on 14/12/2009 at 18:08:00 PM

User "Daniel" on computer "DANIEL-PC"

Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64

Info: Starting registry scan.

Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409

Info: Starting disk scan of C: (NTFS).

Hidden: file C:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTCNXT6.SYS

Hidden: file C:\ACER\Preload\Autorun\DRV\Creative Audio XFI Hendrix\Audio\Drivers\wdm\win2k_xp\i386\ctdvda2k.sys

Hidden: file C:\Program Files (x86)\BitTorrent\bittorrent.exe

Hidden: file C:\Program Files (x86)\DNA\btdna.exe

Hidden: file C:\ProgramData\Norton\00000082\000000fb\000002bf\cltLMS1.dat

Hidden: file C:\ProgramData\Norton\00000082\000000fb\000002bf\cltLMS2.dat

Info: Starting disk scan of D: (NTFS).

Info: Starting disk scan of K: (NTFS).

Stopped logging on 14/12/2009 at 18:53:00 PM

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc

Started logging on 15/12/2009 at 15:44:42 PM

User "Daniel" on computer "DANIEL-PC"

Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64

Info: Starting registry scan.

Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SharedDefs\APP_ID_SCANNER5

Stopped logging on 15/12/2009 at 15:46:21 PM

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc

Started logging on 15/12/2009 at 15:47:48 PM

User "Daniel" on computer "DANIEL-PC"

Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64

Info: Starting registry scan.

Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SharedDefs\APP_ID_SCANNER7

Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409

Info: Starting disk scan of C: (NTFS).

Hidden: file C:\Windows\SysWOW64\KBDGR1.DLL

Hidden: file C:\ACER\Preload\Autorun\DRV\Creative Audio XFI Hendrix\Audio\Drivers\wdm\win2k_xp\i386\ctdvda2k.sys

Hidden: file C:\Program Files (x86)\BitTorrent\bittorrent.exe

Hidden: file C:\Program Files (x86)\DNA\btdna.exe

Hidden: file C:\ProgramData\Norton\00000082\000000fb\000002bf\cltLMS1.dat

Hidden: file C:\ProgramData\Norton\00000082\000000fb\000002bf\cltLMS2.dat

Info: Starting disk scan of D: (NTFS).

Info: Starting disk scan of K: (NTFS).

Stopped logging on 15/12/2009 at 16:36:40 PM

Link to post
Share on other sites

Hi,

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Link to post
Share on other sites

Hi, thanks for the ongoing help.

Here is the log:

GooredFix by jpshortstuff (06.12.09.1)

Log created at 16:27 on 17/12/2009 (Daniel)

Firefox version 3.5.5 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [07:58 01/10/2008]

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [09:14 09/10/2008]

C:\Users\Daniel\Application Data\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions\

[email protected] [02:50 23/07/2009]

{20a82645-c095-46ed-80e3-08825760534b} [07:05 29/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:55 13/05/2009]

-=E.O.F=-

Link to post
Share on other sites

Hi,

How is it running?

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Hi, Still having the same problems.

Here are the logs:

OTL logfile created on: 18/12/2009 10:17:34 AM - Run 1

OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Daniel\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 23.38% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 291.68 Gb Total Space | 199.00 Gb Free Space | 68.22% Space Free | Partition Type: NTFS

Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.62% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC

Current User Name: Daniel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/18 10:16:54 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

PRC - [2009/12/17 16:49:36 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/12/15 20:04:41 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

PRC - [2009/12/15 15:47:18 | 11,196,560 | ---- | M] (Blizzard Entertainment) -- D:\World of Warcraft\Wow.exe

PRC - [2009/12/03 04:53:34 | 00,328,704 | ---- | M] (Nakido) -- C:\Program Files (x86)\Nakido\nakido.exe

PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe

PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe

PRC - [2009/09/11 01:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2009/08/22 18:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

PRC - [2009/07/26 17:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/07/20 05:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2009/07/14 13:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2009/06/25 19:53:58 | 00,669,184 | ---- | M] () -- C:\Users\Daniel\Desktop\Freecap\freecap.exe

PRC - [2009/06/25 19:53:58 | 00,454,656 | ---- | M] (Simon Tatham) -- C:\Users\Daniel\Desktop\Freecap\putty.exe

PRC - [2009/03/11 16:25:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

PRC - [2008/06/19 07:54:20 | 00,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe

PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2008/05/23 00:59:46 | 00,156,944 | ---- | M] (Octoshape ApS) -- C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2008/02/26 12:57:48 | 00,034,040 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

PRC - [2008/02/26 12:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

PRC - [2008/02/26 12:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

PRC - [2008/02/25 20:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

PRC - [2008/01/26 12:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

PRC - [2007/11/17 15:58:48 | 01,388,544 | ---- | M] () -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe

PRC - [2007/01/18 05:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

PRC - [2007/01/05 08:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

PRC - [2006/07/20 05:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

========== Modules (SafeList) ==========

MOD - [2009/12/18 10:16:54 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

MOD - [2009/12/05 11:14:52 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll

MOD - [2009/07/20 05:00:00 | 00,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll

MOD - [2009/07/20 05:00:00 | 00,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/25 12:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)

SRV:64bit: - [2009/07/20 13:36:14 | 00,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2008/04/26 07:30:26 | 00,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV:64bit: - [2008/01/21 13:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/12/15 20:04:41 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)

SRV - [2009/12/03 04:53:34 | 00,328,704 | ---- | M] (Nakido) [Auto | Running] -- C:\Program Files (x86)\Nakido\nakido.exe -- (Nakido)

SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)

SRV - [2009/08/22 18:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2009/07/14 13:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2009/04/28 08:23:56 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/03/30 15:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2008/09/09 08:07:57 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service)

SRV - [2008/02/26 12:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)

SRV - [2008/02/26 12:53:16 | 00,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)

SRV - [2008/02/25 20:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)

SRV - [2008/01/26 12:49:04 | 00,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)

SRV - [2007/01/18 05:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2007/01/05 08:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/11/03 00:34:14 | 00,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2006/11/02 17:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2006/11/02 17:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

SRV - [2006/07/20 05:36:58 | 00,262,247 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.26

FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 16:49:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/17 16:49:48 | 00,000,000 | ---D | M]

[2008/10/01 19:01:47 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions

[2009/12/17 22:42:57 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions

[2009/07/23 13:50:19 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions\[email protected]

[2008/11/30 11:13:35 | 00,000,682 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\searchplugins\ask.xml

[2009/12/17 22:42:57 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2007/04/17 04:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe File not found

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [bkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/21 14:06:38 | 00,000,000 | ---D | M]

NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)

NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)

NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 14:08:35 | 00,000,000 | ---D | M]

NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/18 10:16:50 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2009/12/17 16:27:01 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\GooredFix Backups

[2009/12/16 22:29:52 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DVDVideoSoft

[2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2009/12/16 22:15:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity

[2009/12/16 21:47:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP

[2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2009/12/15 20:04:10 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Webroot

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot

[2009/12/14 18:07:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2009/12/14 08:50:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro

[2009/12/14 08:50:21 | 00,000,000 | ---D | C] -- C:\rsit

[2009/12/11 23:51:30 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Takeoverseason_99

[2009/12/11 19:44:09 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Portrait_Of_A_King

[2009/12/11 18:58:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2009/12/08 19:06:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nakido

[2009/12/05 11:14:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2008/08/25 20:40:00 | 00,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll

[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/18 10:22:08 | 02,621,440 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT

[2009/12/18 10:16:54 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2009/12/18 10:04:51 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/18 10:04:51 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

[2009/12/17 16:28:37 | 00,002,463 | ---- | M] () -- C:\Users\Daniel\Desktop\ProxyCap.lnk

[2009/12/17 16:11:07 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2009/12/17 16:11:07 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2009/12/17 16:11:07 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2009/12/17 16:05:19 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/12/17 16:05:18 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/12/17 16:04:52 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2009/12/17 16:04:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/17 16:04:41 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2009/12/17 16:04:38 | 42,942,05440 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/17 06:18:24 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2009/12/17 06:18:24 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2009/12/17 06:18:19 | 02,754,265 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db

[2009/12/16 22:51:41 | 00,000,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND

[2009/12/15 20:10:25 | 00,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS

[2009/12/15 20:04:40 | 00,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk

[2009/12/15 20:04:30 | 00,012,288 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/15 20:04:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe

[2009/12/15 20:04:00 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat

[2009/12/09 15:32:05 | 00,000,680 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2009/12/06 16:01:10 | 00,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/15 20:10:22 | 00,001,730 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

[2009/12/15 20:04:40 | 00,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk

[2009/12/15 20:04:13 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe

[2009/12/15 20:03:56 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat

[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll

[2009/11/05 11:35:18 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009/11/05 11:35:17 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/11/05 11:35:16 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2009/11/05 11:35:15 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2009/11/05 11:35:15 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/11/05 11:35:15 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/11/05 11:35:13 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/11/05 11:35:13 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009/09/17 00:09:40 | 00,540,272 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI4740.txt

[2009/09/17 00:09:39 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI4740.txt

[2009/09/17 00:09:17 | 00,536,708 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI46F4.txt

[2009/09/17 00:09:16 | 00,012,544 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI46F4.txt

[2009/09/11 16:25:56 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/11 16:25:04 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/22 16:38:50 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/06/20 18:43:37 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/06/15 13:29:58 | 00,000,180 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup.log

[2009/06/15 13:29:54 | 00,000,760 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup_ldm.iss

[2008/10/22 15:36:23 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/10/01 22:01:03 | 00,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND

[2008/10/01 19:13:24 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2008/10/01 19:10:04 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2008/10/01 18:53:11 | 00,012,288 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/09 08:13:17 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008/09/09 08:13:17 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll

[2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll

[2008/04/29 04:18:00 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/01/21 13:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2002/05/16 11:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll

[2002/05/05 01:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll

[2001/12/27 10:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll

[2001/09/04 17:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll

[2001/07/31 10:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll

[2001/07/24 16:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/10/05 12:20:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\acccore

[2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer

[2009/08/20 16:52:11 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acreon

[2008/10/01 18:35:06 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi

[2009/03/30 22:25:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeCap

[2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech

[2009/08/26 20:00:39 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire

[2008/10/01 22:21:19 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProxyCap

[2008/10/25 18:21:08 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung

[2009/12/17 06:18:26 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/01/21 13:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008/01/21 13:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >

[2008/01/21 13:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009/04/11 18:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 22:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/21 13:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2008/01/21 13:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009/04/11 18:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008/01/21 13:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2008/01/21 13:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/21 13:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008/01/21 13:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009/04/11 18:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

OTL Extras logfile created on: 18/12/2009 10:17:34 AM - Run 1

OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Daniel\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 23.38% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 291.68 Gb Total Space | 199.00 Gb Free Space | 68.22% Space Free | Partition Type: NTFS

Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.62% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC

Current User Name: Daniel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- "%SystemRoot%\hh.exe" %1

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 89 FF 06 29 09 35 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1067394268-2681360301-3327359440-1000]

"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02D44CEC-02B2-4D65-8663-EFB9CB37D08A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{0F995E31-4388-41AC-880A-97008487A81F}" = lport=137 | protocol=17 | dir=in | app=system |

"{21D5788B-22DB-4996-9BB4-C51B0512333B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{24478225-28A0-441C-92DC-3FAEAE08DDF2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3327E486-F97A-4981-8334-35DA823B5A6F}" = rport=138 | protocol=17 | dir=out | app=system |

"{3B65546A-0C55-46C9-8154-783DD7244D31}" = lport=445 | protocol=6 | dir=in | app=system |

"{4FBBE82A-7D26-45DF-B461-701719B427DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5B8F156F-06FD-40FD-A222-4E7E84D568B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{992E814C-9BBF-4ED2-84E7-481B9F9351D1}" = rport=445 | protocol=6 | dir=out | app=system |

"{A1716E1C-8F1F-434A-A561-50223F7761C6}" = lport=139 | protocol=6 | dir=in | app=system |

"{BC650E5C-2C89-4830-A693-4D61C27F980A}" = rport=137 | protocol=17 | dir=out | app=system |

"{C05A6BC2-36AF-4FB8-B2FD-1391D315FB9A}" = lport=138 | protocol=17 | dir=in | app=system |

"{D4AA7685-AB14-4CAF-B3C8-66D32517B037}" = rport=139 | protocol=6 | dir=out | app=system |

"{FC389C46-918B-46AA-B5C8-C91F7F5112D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00219235-3BBA-4A2A-BBFA-1513E69AF589}" = protocol=17 | dir=in | app=c:\program files (x86)\nakido\nakido.exe |

"{05FFAB45-AA76-4089-97AF-7CBF841ED9A5}" = protocol=58 | dir=in | [email protected],-28545 |

"{1521B4B1-7092-4DB7-88BB-64D4883CBCE1}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\playmovie.exe |

"{1C94DE51-C696-4905-B749-0F495F30FADA}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{233F0EAC-2D64-432E-8E54-A41F65DB2216}" = protocol=58 | dir=out | [email protected],-28546 |

"{278EB41A-FB5B-4BBC-8749-924A19CB41C4}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{2AABE72B-2723-48AC-B9A1-9503755B0A76}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |

"{304C33B9-1C41-47E9-A612-89BBAD747F55}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |

"{4DE2FCE6-EB71-4BF3-B0AC-1631B378108F}" = protocol=6 | dir=in | app=c:\program files (x86)\nakido\nakido.exe |

"{4EB79052-4411-4368-9EB3-286219A79D9F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |

"{4F126944-E2D0-4538-9B14-D0634CB08E5D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{51EBC6AF-55C8-4859-A83D-C927299C0B29}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |

"{5F6733F4-3E7E-43D1-BCED-2D1CC5866489}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{630BF419-59CD-4445-A14A-3FD7C3FB9736}" = protocol=1 | dir=in | [email protected],-28543 |

"{68A7170D-A52A-48DC-8005-6F454FBF5A0D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |

"{6AEDED5B-3A66-4510-B834-7103AE584032}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\locallow\dyyno receiver\dppm.exe |

"{8621B396-6D78-4E0D-9EB1-770B83E02FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{87B8969F-F582-481C-9841-E2871B01D736}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |

"{8CA6B9F2-5E6B-48DC-A85F-311582768B6C}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |

"{927C78CA-7117-4960-94F1-9A603E77F02E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |

"{93EF07F5-E864-421E-8718-3A2E9BC955B3}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\locallow\dyyno receiver\dppm.exe |

"{9FBCCC55-86BD-4709-BBB6-C07D54455692}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{A7241609-C5B2-4CAB-B5A2-75EB760E6AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{ABB4D55D-6DF4-483C-822E-425CFA60B3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{AFA66603-176C-4AF6-AD91-F2FD064FC2F0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |

"{B17CB27D-80C5-4706-BAC0-17F149B11968}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |

"{B1935623-BADE-47B6-8762-74C6208D19D8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{C117D882-3DA4-4EDD-85E9-EC998CB63EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{C21790FA-DF63-455B-A72E-22B6AEBEBB78}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |

"{C9C2378A-4021-45DD-BD13-FF2D5767DD04}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |

"{E3A5AEA1-AE5B-4B51-9DBE-183EF70318F7}" = protocol=1 | dir=out | [email protected],-28544 |

"{E6B11E63-232A-402E-8ECF-3185098AADC2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\pmvservice.exe |

"{F3CB28B7-BE9F-47A2-9F89-4E0D63337ED0}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{F53BAE5D-716F-4C3E-A29B-04234C3ACA82}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{F84004BA-2DF5-451E-BF06-738C4341E315}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{094D498F-466E-4822-97BF-FB43A961B669}" = ProxyCap

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{59427B1F-852F-4AF1-8215-E5B12F966D89}" = Logitech G11 Keyboard Software 1.03

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{41CE9D26-2DF7-498D-8E16-314507EDEE21}" = Samsung PC Studio 3

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology

"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"AIM_6" = AIM 6

"ALchemy SB MB" = Creative ALchemy (SB MB Edition)

"Fraps" = Fraps (remove only)

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"GOM Player" = GOM Player

"HandBrake" = HandBrake 0.9.3

"HijackThis" = HijackThis 2.0.2

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"LimeWire" = LimeWire 4.18.8

"Messenger Plus! Live" = Messenger Plus! Live

"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)

"Nakido" = Nakido

"NIS" = Norton Internet Security

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0

"Uninstall_is1" = Uninstall 1.0.0.1

"ViewpointMediaPlayer" = Viewpoint Media Player

"VST Bridge_is1" = VST Bridge 1.1

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"World of Warcraft" = World of Warcraft

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape Streaming Services" = Octoshape Streaming Services

"Wow Web Stats Client v3.0" = Wow Web Stats Client v3.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 28/11/2009 12:20:26 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 4/12/2009 7:03:06 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000

Description = Faulting application Wow.exe, version 3.2.2.10505, time stamp 0x4aba8ccc,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x77e39400, process id 0xdd0, application start time 0x01ca7535ed75cfb0.

Error - 6/12/2009 1:01:50 AM | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: dc8 Start Time: 01ca6fe218dc807f Termination Time: 32

Error - 6/12/2009 2:09:32 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000

Description = Faulting application Wow.exe, version 3.2.2.10505, time stamp 0x4aba8ccc,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x77e39400, process id 0x1580, application start time 0x01ca763aaaec6400.

Error - 7/12/2009 12:48:46 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 8/12/2009 12:38:05 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 9/12/2009 12:32:38 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 9/12/2009 12:34:55 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000

Description = Faulting application Wow.exe, version 3.3.0.10958, time stamp 0x4b157b80,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x77e39400, process id 0x122c, application start time 0x01ca7888f1d0d36f.

Error - 9/12/2009 12:22:47 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 10/12/2009 12:44:28 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 17/12/2009 1:07:33 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 1:11:18 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 1:24:31 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 1:48:36 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 2:12:40 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 2:24:37 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 2:36:37 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 2:48:35 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 3:00:37 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 17/12/2009 3:12:39 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

< End of report >

Link to post
Share on other sites

I am still having the same problem. Firefox keeps giving me a "Not responding" message on the top bar. And shortly after it redirects me to ask.com.

Here's the new OTL log file.

OTL logfile created on: 19/12/2009 11:56:58 AM - Run 2

OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Daniel\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 63.96% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 291.68 Gb Total Space | 200.95 Gb Free Space | 68.89% Space Free | Partition Type: NTFS

Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.61% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC

Current User Name: Daniel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

PRC - [2009/12/17 16:49:36 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/12/15 20:04:41 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

PRC - [2009/12/03 04:53:34 | 00,328,704 | ---- | M] (Nakido) -- C:\Program Files (x86)\Nakido\nakido.exe

PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe

PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe

PRC - [2009/10/03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

PRC - [2009/08/22 18:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

PRC - [2009/07/26 17:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/07/20 05:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2009/07/14 13:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2009/03/11 16:25:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

PRC - [2008/06/19 07:54:20 | 00,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe

PRC - [2008/05/23 00:59:46 | 00,156,944 | ---- | M] (Octoshape ApS) -- C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2008/02/26 12:57:48 | 00,034,040 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

PRC - [2008/02/26 12:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

PRC - [2008/02/26 12:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

PRC - [2008/02/25 20:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

PRC - [2008/01/26 12:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

PRC - [2007/01/18 05:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

PRC - [2007/01/05 08:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

PRC - [2006/07/20 05:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

========== Modules (SafeList) ==========

MOD - [2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

MOD - [2009/12/05 11:14:52 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll

MOD - [2009/07/20 05:00:00 | 00,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll

MOD - [2009/07/20 05:00:00 | 00,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/25 12:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)

SRV:64bit: - [2009/07/20 13:36:14 | 00,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2008/04/26 07:30:26 | 00,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV:64bit: - [2008/01/21 13:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/12/15 20:04:41 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)

SRV - [2009/12/03 04:53:34 | 00,328,704 | ---- | M] (Nakido) [Auto | Running] -- C:\Program Files (x86)\Nakido\nakido.exe -- (Nakido)

SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)

SRV - [2009/08/22 18:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2009/07/14 13:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2009/04/28 08:23:56 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/03/30 15:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2008/09/09 08:07:57 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service)

SRV - [2008/02/26 12:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)

SRV - [2008/02/26 12:53:16 | 00,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)

SRV - [2008/02/25 20:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)

SRV - [2008/01/26 12:49:04 | 00,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)

SRV - [2007/01/18 05:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2007/01/05 08:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/11/03 00:34:14 | 00,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2006/11/02 17:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2006/11/02 17:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

SRV - [2006/07/20 05:36:58 | 00,262,247 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 16:49:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/17 16:49:48 | 00,000,000 | ---D | M]

[2008/10/01 19:01:47 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions

[2009/12/19 11:49:51 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions

[2008/11/30 11:13:35 | 00,000,682 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\searchplugins\ask.xml

[2009/12/19 11:52:24 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2007/04/17 04:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe File not found

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [bkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)

O4 - HKLM..\Run: [updReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/21 14:06:38 | 00,000,000 | ---D | M]

NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)

NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)

NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 14:08:35 | 00,000,000 | ---D | M]

NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/19 11:56:32 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2009/12/16 22:29:52 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DVDVideoSoft

[2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2009/12/16 22:15:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity

[2009/12/16 21:47:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP

[2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2009/12/15 20:04:10 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Webroot

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot

[2009/12/14 18:07:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2009/12/14 08:50:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro

[2009/12/14 08:50:21 | 00,000,000 | ---D | C] -- C:\rsit

[2009/12/11 23:51:30 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Takeoverseason_99

[2009/12/11 19:44:09 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Portrait_Of_A_King

[2009/12/11 18:58:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2009/12/08 19:06:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nakido

[2008/08/25 20:40:00 | 00,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll

[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/19 11:58:23 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2009/12/19 11:58:22 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2009/12/19 11:58:22 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2009/12/19 11:58:05 | 02,621,440 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT

[2009/12/19 11:57:22 | 00,002,463 | ---- | M] () -- C:\Users\Daniel\Desktop\ProxyCap.lnk

[2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2009/12/19 11:53:06 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/12/19 11:53:05 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/12/19 11:52:23 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2009/12/19 11:52:16 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/19 11:52:15 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/19 11:52:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/19 11:52:12 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2009/12/19 11:52:08 | 42,942,05440 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/19 11:51:05 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2009/12/19 11:51:05 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2009/12/19 11:50:44 | 03,075,897 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db

[2009/12/19 11:50:40 | 00,000,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND

[2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

[2009/12/15 20:10:25 | 00,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS

[2009/12/15 20:04:40 | 00,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk

[2009/12/15 20:04:30 | 00,012,288 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/15 20:04:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe

[2009/12/15 20:04:00 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat

[2009/12/09 15:32:05 | 00,000,680 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2009/12/06 16:01:10 | 00,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/15 20:10:22 | 00,001,730 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

[2009/12/15 20:04:40 | 00,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk

[2009/12/15 20:04:13 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe

[2009/12/15 20:03:56 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat

[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll

[2009/11/05 11:35:18 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009/11/05 11:35:17 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/11/05 11:35:16 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2009/11/05 11:35:15 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2009/11/05 11:35:15 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/11/05 11:35:15 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/11/05 11:35:13 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/11/05 11:35:13 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009/09/17 00:09:40 | 00,540,272 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI4740.txt

[2009/09/17 00:09:39 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI4740.txt

[2009/09/17 00:09:17 | 00,536,708 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI46F4.txt

[2009/09/17 00:09:16 | 00,012,544 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI46F4.txt

[2009/09/11 16:25:56 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/11 16:25:04 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/22 16:38:50 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/06/20 18:43:37 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/06/15 13:29:58 | 00,000,180 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup.log

[2009/06/15 13:29:54 | 00,000,760 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup_ldm.iss

[2008/10/22 15:36:23 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/10/01 22:01:03 | 00,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND

[2008/10/01 19:13:24 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2008/10/01 19:10:04 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2008/10/01 18:53:11 | 00,012,288 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/09 08:13:17 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008/09/09 08:13:17 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll

[2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll

[2008/04/29 04:18:00 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/01/21 13:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2002/05/16 11:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll

[2002/05/05 01:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll

[2001/12/27 10:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll

[2001/09/04 17:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll

[2001/07/31 10:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll

[2001/07/24 16:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/10/05 12:20:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\acccore

[2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer

[2009/08/20 16:52:11 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acreon

[2008/10/01 18:35:06 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi

[2009/03/30 22:25:31 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeCap

[2008/10/01 18:08:09 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech

[2009/08/26 20:00:39 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire

[2008/10/01 22:21:19 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProxyCap

[2008/10/25 18:21:08 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung

[2009/12/19 11:51:14 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/01/21 13:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008/01/21 13:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >

[2008/01/21 13:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009/04/11 18:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 22:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/21 13:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2008/01/21 13:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009/04/11 18:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008/01/21 13:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2008/01/21 13:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/21 13:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008/01/21 13:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009/04/11 18:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

Link to post
Share on other sites

Hi,

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis
    FF - prefs.js..browser.search.defaultenginename: "Ask"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q="
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

Here's the Run Fix scan:

========== OTL ==========

Unable to set value : HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!

Prefs.js: "Ask" removed from browser.search.defaultenginename

Prefs.js: "Ask" removed from browser.search.order.1

Prefs.js: "http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

OTL by OldTimer - Version 3.1.18.0 log created on 12202009_091152

And the other scan:

OTL logfile created on: 20/12/2009 9:16:08 AM - Run 3

OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Daniel\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 27.41% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 291.68 Gb Total Space | 201.47 Gb Free Space | 69.07% Space Free | Partition Type: NTFS

Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.62% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC

Current User Name: Daniel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

PRC - D:\World of Warcraft\Wow.exe (Blizzard Entertainment)

PRC - C:\Program Files (x86)\Nakido\nakido.exe (Nakido)

PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)

PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))

PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Users\Daniel\Desktop\Freecap\freecap.exe ()

PRC - C:\Users\Daniel\Desktop\Freecap\putty.exe (Simon Tatham)

PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()

PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)

PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()

PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)

PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)

MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

SRV - (Nakido) -- C:\Program Files (x86)\Nakido\nakido.exe (Nakido)

SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))

SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Sound Blaster MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe (Creative Labs)

SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)

SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()

SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/03 00:34:14 | 00,000,000 | ---D | M]

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (ssidrv) -- C:\Windows\SysNative\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))

DRV:64bit: - (ssfs0bbc) -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\ccHPx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SRTSP64.SYS (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1007020.00B\SYMEFA64.SYS (Symantec Corporation)

DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\BHDrvx64.sys (Symantec Corporation)

DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMTDI.SYS (Symantec Corporation)

DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMFW.SYS (Symantec Corporation)

DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMNDISV.SYS (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1007020.00B\SRTSPX64.SYS (Symantec Corporation)

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)

DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\C7D1.tmp (Sophos Plc)

DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV:64bit: - (WSVD) -- C:\Windows\SysNative\drivers\WSVD.sys (Wasay)

DRV:64bit: - (SkLaggProtocol) -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys (Marvell)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (SkVlanProtocol) -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys (Marvell)

DRV:64bit: - (ssm_mdm) -- C:\Windows\SysNative\DRIVERS\ssm_mdm.sys (MCCI Corporation)

DRV:64bit: - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\SysNative\DRIVERS\ssm_bus.sys (MCCI Corporation)

DRV:64bit: - (ssm_mdfl) -- C:\Windows\SysNative\DRIVERS\ssm_mdfl.sys (MCCI Corporation)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091219.003\EX64.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091219.003\ENG64.SYS (Symantec Corporation)

DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)

DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101852&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 16:49:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/17 16:49:48 | 00,000,000 | ---D | M]

[2008/10/01 19:01:47 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions

[2009/12/19 11:49:51 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\extensions

[2008/11/30 11:13:35 | 00,000,682 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\s6gfcl08.default\searchplugins\ask.xml

[2009/12/19 11:52:24 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2007/04/17 04:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe File not found

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [bkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)

O4 - HKLM..\Run: [updReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Daniel\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/20 09:11:52 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/12/19 11:56:32 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2009/12/16 22:29:52 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DVDVideoSoft

[2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2009/12/16 22:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2009/12/16 22:15:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity

[2009/12/16 21:47:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2009/12/15 20:04:39 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll

[2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP

[2009/12/15 20:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2009/12/15 20:04:10 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Webroot

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot

[2009/12/15 20:04:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot

[2009/12/14 18:07:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2009/12/14 08:50:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro

[2009/12/14 08:50:21 | 00,000,000 | ---D | C] -- C:\rsit

[2009/12/11 23:51:30 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Takeoverseason_99

[2009/12/11 19:44:09 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Portrait_Of_A_King

[2009/12/11 18:58:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2009/12/10 03:00:38 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll

[2009/12/10 03:00:37 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll

[2009/12/10 03:00:28 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll

[2009/12/10 03:00:27 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll

[2009/12/09 15:43:40 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll

[2009/12/09 15:43:37 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll

[2009/12/09 15:43:32 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2009/12/09 15:43:31 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll

[2009/12/09 15:43:31 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll

[2009/12/09 15:43:25 | 00,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2009/12/09 15:43:25 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2009/12/09 15:43:16 | 00,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll

[2009/12/09 15:43:16 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll

[2009/12/08 19:06:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nakido

[2009/12/05 11:14:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2009/11/25 15:46:31 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2009/11/25 15:46:31 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2009/11/21 15:15:42 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Microsoft Games

[2008/08/25 20:40:00 | 00,122,880 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll

[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/20 09:18:51 | 02,621,440 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT

[2009/12/20 07:52:08 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/20 07:52:08 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/19 11:58:23 | 00,599,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2009/12/19 11:58:22 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2009/12/19 11:58:22 | 00,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2009/12/19 11:57:22 | 00,002,463 | ---- | M] () -- C:\Users\Daniel\Desktop\ProxyCap.lnk

[2009/12/19 11:56:35 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2009/12/19 11:53:06 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/12/19 11:53:05 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/12/19 11:52:23 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2009/12/19 11:52:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/19 11:52:12 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2009/12/19 11:52:08 | 42,942,05440 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/19 11:51:05 | 00,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2009/12/19 11:51:05 | 00,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2009/12/19 11:50:44 | 03,075,897 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db

[2009/12/19 11:50:40 | 00,000,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND

[2009/12/18 06:00:05 | 00,001,730 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

[2009/12/15 20:10:25 | 00,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS

[2009/12/15 20:04:40 | 00,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk

[2009/12/15 20:04:30 | 00,012,288 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/15 20:04:12 | 00,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe

[2009/12/15 20:04:00 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat

[2009/12/09 15:32:05 | 00,000,680 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2009/12/06 16:01:10 | 00,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/15 20:10:22 | 00,001,730 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L186337DDBBB34E1B80D1BC75589E7421.job

[2009/12/15 20:04:40 | 00,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk

[2009/12/15 20:04:13 | 00,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe

[2009/12/15 20:03:56 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat

[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll

[2009/11/05 11:35:18 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009/11/05 11:35:17 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/11/05 11:35:16 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2009/11/05 11:35:15 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2009/11/05 11:35:15 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/11/05 11:35:15 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/11/05 11:35:13 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/11/05 11:35:13 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009/09/17 00:09:40 | 00,540,272 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI4740.txt

[2009/09/17 00:09:39 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI4740.txt

[2009/09/17 00:09:17 | 00,536,708 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923MSI46F4.txt

[2009/09/17 00:09:16 | 00,012,544 | ---- | C] () -- C:\Users\Daniel\AppData\Local\dd_ATL80SP1_KB973923UI46F4.txt

[2009/09/11 16:25:56 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/11 16:25:04 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/22 16:38:50 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/06/20 18:43:37 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/06/15 13:29:58 | 00,000,180 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup.log

[2009/06/15 13:29:54 | 00,000,760 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\setup_ldm.iss

[2008/10/22 15:36:23 | 00,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/10/01 22:01:03 | 00,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND

[2008/10/01 19:13:24 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2008/10/01 19:10:04 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2008/10/01 18:53:11 | 00,012,288 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/09 08:13:17 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008/09/09 08:13:17 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll

[2008/04/29 04:30:52 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll

[2008/04/29 04:18:00 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/01/21 13:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2002/05/16 11:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll

[2002/05/05 01:19:00 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll

[2001/12/27 10:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll

[2001/09/04 17:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll

[2001/07/31 10:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll

[2001/07/24 16:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

< End of report >

OTL Extras logfile created on: 20/12/2009 9:16:08 AM - Run 3

OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Daniel\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 27.41% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 291.68 Gb Total Space | 201.47 Gb Free Space | 69.07% Space Free | Partition Type: NTFS

Drive D: | 291.68 Gb Total Space | 264.31 Gb Free Space | 90.62% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 596.17 Gb Total Space | 584.38 Gb Free Space | 98.02% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC

Current User Name: Daniel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)

.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\ieframe.dll (Microsoft Corporation)

.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\SysWow64\ieframe.dll (Microsoft Corporation)

.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %* File not found

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %* File not found

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 89 FF 06 29 09 35 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1067394268-2681360301-3327359440-1000]

"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02D44CEC-02B2-4D65-8663-EFB9CB37D08A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{0F995E31-4388-41AC-880A-97008487A81F}" = lport=137 | protocol=17 | dir=in | app=system |

"{21D5788B-22DB-4996-9BB4-C51B0512333B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{24478225-28A0-441C-92DC-3FAEAE08DDF2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3327E486-F97A-4981-8334-35DA823B5A6F}" = rport=138 | protocol=17 | dir=out | app=system |

"{3B65546A-0C55-46C9-8154-783DD7244D31}" = lport=445 | protocol=6 | dir=in | app=system |

"{4FBBE82A-7D26-45DF-B461-701719B427DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5B8F156F-06FD-40FD-A222-4E7E84D568B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{992E814C-9BBF-4ED2-84E7-481B9F9351D1}" = rport=445 | protocol=6 | dir=out | app=system |

"{A1716E1C-8F1F-434A-A561-50223F7761C6}" = lport=139 | protocol=6 | dir=in | app=system |

"{BC650E5C-2C89-4830-A693-4D61C27F980A}" = rport=137 | protocol=17 | dir=out | app=system |

"{C05A6BC2-36AF-4FB8-B2FD-1391D315FB9A}" = lport=138 | protocol=17 | dir=in | app=system |

"{D4AA7685-AB14-4CAF-B3C8-66D32517B037}" = rport=139 | protocol=6 | dir=out | app=system |

"{FC389C46-918B-46AA-B5C8-C91F7F5112D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00219235-3BBA-4A2A-BBFA-1513E69AF589}" = protocol=17 | dir=in | app=c:\program files (x86)\nakido\nakido.exe |

"{05FFAB45-AA76-4089-97AF-7CBF841ED9A5}" = protocol=58 | dir=in | [email protected],-28545 |

"{1521B4B1-7092-4DB7-88BB-64D4883CBCE1}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\playmovie.exe |

"{1C94DE51-C696-4905-B749-0F495F30FADA}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{233F0EAC-2D64-432E-8E54-A41F65DB2216}" = protocol=58 | dir=out | [email protected],-28546 |

"{278EB41A-FB5B-4BBC-8749-924A19CB41C4}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{2AABE72B-2723-48AC-B9A1-9503755B0A76}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |

"{304C33B9-1C41-47E9-A612-89BBAD747F55}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |

"{4DE2FCE6-EB71-4BF3-B0AC-1631B378108F}" = protocol=6 | dir=in | app=c:\program files (x86)\nakido\nakido.exe |

"{4EB79052-4411-4368-9EB3-286219A79D9F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |

"{4F126944-E2D0-4538-9B14-D0634CB08E5D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{51EBC6AF-55C8-4859-A83D-C927299C0B29}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |

"{5F6733F4-3E7E-43D1-BCED-2D1CC5866489}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{630BF419-59CD-4445-A14A-3FD7C3FB9736}" = protocol=1 | dir=in | [email protected],-28543 |

"{68A7170D-A52A-48DC-8005-6F454FBF5A0D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |

"{6AEDED5B-3A66-4510-B834-7103AE584032}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\locallow\dyyno receiver\dppm.exe |

"{8621B396-6D78-4E0D-9EB1-770B83E02FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{87B8969F-F582-481C-9841-E2871B01D736}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |

"{8CA6B9F2-5E6B-48DC-A85F-311582768B6C}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |

"{927C78CA-7117-4960-94F1-9A603E77F02E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |

"{93EF07F5-E864-421E-8718-3A2E9BC955B3}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\locallow\dyyno receiver\dppm.exe |

"{9FBCCC55-86BD-4709-BBB6-C07D54455692}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{A7241609-C5B2-4CAB-B5A2-75EB760E6AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{ABB4D55D-6DF4-483C-822E-425CFA60B3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{AFA66603-176C-4AF6-AD91-F2FD064FC2F0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |

"{B17CB27D-80C5-4706-BAC0-17F149B11968}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |

"{B1935623-BADE-47B6-8762-74C6208D19D8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{C117D882-3DA4-4EDD-85E9-EC998CB63EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{C21790FA-DF63-455B-A72E-22B6AEBEBB78}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |

"{C9C2378A-4021-45DD-BD13-FF2D5767DD04}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |

"{E3A5AEA1-AE5B-4B51-9DBE-183EF70318F7}" = protocol=1 | dir=out | [email protected],-28544 |

"{E6B11E63-232A-402E-8ECF-3185098AADC2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\pmvservice.exe |

"{F3CB28B7-BE9F-47A2-9F89-4E0D63337ED0}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{F53BAE5D-716F-4C3E-A29B-04234C3ACA82}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{F84004BA-2DF5-451E-BF06-738C4341E315}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{094D498F-466E-4822-97BF-FB43A961B669}" = ProxyCap

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{59427B1F-852F-4AF1-8215-E5B12F966D89}" = Logitech G11 Keyboard Software 1.03

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{41CE9D26-2DF7-498D-8E16-314507EDEE21}" = Samsung PC Studio 3

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology

"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"AIM_6" = AIM 6

"ALchemy SB MB" = Creative ALchemy (SB MB Edition)

"Fraps" = Fraps (remove only)

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"GOM Player" = GOM Player

"HandBrake" = HandBrake 0.9.3

"HijackThis" = HijackThis 2.0.2

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"LimeWire" = LimeWire 4.18.8

"Messenger Plus! Live" = Messenger Plus! Live

"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)

"Nakido" = Nakido

"NIS" = Norton Internet Security

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0

"Uninstall_is1" = Uninstall 1.0.0.1

"ViewpointMediaPlayer" = Viewpoint Media Player

"VST Bridge_is1" = VST Bridge 1.1

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"World of Warcraft" = World of Warcraft

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/12/2009 7:03:06 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000

Description = Faulting application Wow.exe, version 3.2.2.10505, time stamp 0x4aba8ccc,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x77e39400, process id 0xdd0, application start time 0x01ca7535ed75cfb0.

Error - 6/12/2009 1:01:50 AM | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: dc8 Start Time: 01ca6fe218dc807f Termination Time: 32

Error - 6/12/2009 2:09:32 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000

Description = Faulting application Wow.exe, version 3.2.2.10505, time stamp 0x4aba8ccc,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x77e39400, process id 0x1580, application start time 0x01ca763aaaec6400.

Error - 7/12/2009 12:48:46 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 8/12/2009 12:38:05 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 9/12/2009 12:32:38 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 9/12/2009 12:34:55 AM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000

Description = Faulting application Wow.exe, version 3.3.0.10958, time stamp 0x4b157b80,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x77e39400, process id 0x122c, application start time 0x01ca7888f1d0d36f.

Error - 9/12/2009 12:22:47 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 10/12/2009 12:44:28 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/12/2009 12:38:20 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 18/12/2009 3:52:19 PM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 18/12/2009 8:52:05 PM | Computer Name = Daniel-PC | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 18/12/2009 8:52:30 PM | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 19/12/2009 1:11:32 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 19/12/2009 1:19:31 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 19/12/2009 1:51:35 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 19/12/2009 2:24:43 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 19/12/2009 7:03:26 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 19/12/2009 7:11:29 AM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

Error - 19/12/2009 5:53:28 PM | Computer Name = Daniel-PC | Source = bowser | ID = 8003

Description =

< End of report >

Thanks.

Link to post
Share on other sites

You're welcome :)

Please doubleclick OTL one more time and hit Cleanup. This will remove OTL and all helper tools.

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean :)

Hiding Hidden Files

Please set your system to hide all hidden files.

Click Start, open My Computer, select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.

Check: Hide file extensions for known file types

Check the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Purging System Restore Points

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Make Internet Explorer 7 more secure

  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.

    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

    9. Next press the Apply button and then the OK to exit the Internet Properties page.

Link to post
Share on other sites

Hi,

Sorry to bother you again but something else has come up.

I'm getting the following message when trying to browse:

"Firefox can't find the file at jar:file:///C:/Program Files (x86)/Mozilla Firefox/chrome/en-US.jar!/locale/browser-region/region.properties" followed by the web address.

I'm assuming this is somehow related to the problem I was having before..?

Thanks

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...