Msa.exe, possibly something else, not totally sure

Posted 9/23/2009 1:47 AM
#77644
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
Sorry, posted this in the wrong section. Could a moderator please move it to the appropriate forum? Thank you. <br/> <br/>So, yesterday, the opening of CSI: Miami season 8 was on and the parents were hogging the television, so I went online to watch it, and ended up getting a fake Flash Player installation. <br/> <br/>I stupidly ran it to see just how legit it was, and my installed Comodo Antivirus told me that MSA.EXE, B.EXE, and C.EXE were all trying to do unauthorized actions. I blocked every one of them, and when I went back to the folder to delete the fake Flash Player installer, it was gone. <br/> <br/>I thought nothing of it, and ran a Comodo AV scan last night, which came up with zero threats, so I turned off my computer and went to bed. <br/> <br/>This morning, I went to university and booted up Chrome to log into the wireless, then went to FireFox to start working on my assignment. The FireFox.exe process loaded, but closed almost immediately after. I tried it again, and the same thing happened. At the end of class, I turned off my machine, hoping it might clear it up. Before it shut down, it gave me a notification that "CUccPlatform" was not responding, so I just hit end task. <br/> <br/>Went on break after class and booted up my machine, and FireFox would still not boot. It was at this point that I noticed Windows Live Messenger (which I have enabled to run on startup) was a running process but did not display a window or anything. <br/> <br/>I'm a fair bit computer-savvy so I decided to try a few things with FireFox. I renamed it to ff3.exe instead of firefox.exe, and it ran perfectly. This is when I realized I probably had a virus, and related it back to yesterday when I downloaded that file. <br/> <br/>I quickly went to the internet and to my Firewall log files to find the cause of the problem. I quickly found C:\WINDOWS\msa.exe (which I found on Google was a piece of malware), and deleted it. I also found the C:\Documents and Settings\USER\Local Settings\Temp\b.exe (and c.exe) and deleted them both. <br/> <br/>Thinking I was oh so clever, I started FireFox again (using firefox.exe), but the same problem occurred. <br/> <br/>At this point, I was getting a little fed up, so I just used Chrome for the rest of my school day and ran ClamWin Antivirus in the background. It came across a few viral files which I swiftly deleted. <br/> <br/>The same problem still existed, so I went back to good old Google, and found MalwareByte's Anti-Malware program, and downloaded it. Immediately after starting a Full Scan, the program terminated and I was unable to run it again (something about invalid permissions--as if I'm not the administrator or something). <br/> <br/>Continuing on my witch hunt, I tried HiJackThis! (which I have used with success in the past on my desktop). Same problem--halfway through the scan, it just shuts down and I am unable to run it again. <br/> <br/>Attempting once again to rectify the issue, I used Comodo to block all access to the HiJackThis.exe file, and even renamed it Blablabla.exe to see if that could throw the virus off. <br/> <br/>Nope; didn't work either. <br/> <br/>I've also tried the DDS tool and GMER. They both crash upon completion as well. <br/> <br/>Throughout this process I also ended up looking through all my registry keys. I found a few that were mentioned online, namely one named NordPull, and one named poprock. I didn't find any startup keys starting msa.exe or anything suspicious, nor is there anything odd in my Active Processes list. <br/> <br/>So basically, it's now been almost 12 hours of frustration, I'm at my wit's end here, and I'm hoping someone can steer me in the right direction. This'll sure teach me to watch TV online... :P <br/> <br/>Cheers, and thanks in advance! :sigh:
Posted 9/23/2009 2:54 AM
#77651
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello Stewie and welcome :smile: <br/> <br/> <br/> <br/> <br/>I´ll suggest you two onlinescan, to cleanup som of your infections -> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Please go to [color=#0000ff>http://www.eset.com/onlinescan/</FONT>[/url]<?xml:namespace]<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">to perform an online scan. Please use Internet Explorer as it uses ActiveX.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Check (tick) this box: YES, I accept the Terms of Use.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Click on the Start button next to it.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">When prompted to run ActiveX. click Yes.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">You will be asked to install an ActiveX. Click Install.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Once installed, the scanner will be initialized.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">After the scanner is initialized, click Start.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Check (tick) Remove found threats box.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Check (tick) Scan unwanted applications.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Click on Scan.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">It will start scanning. Please be patient.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click <SPAN style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">here[/color]<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Please run [color=#800080>http://www.superantispyware.com/onlinescan.html[/url]<o:p></o:p> <br/> <br/><SPAN style="mso-spacerun: yes"> Follow the instructions on the site. When downloaded, click on – Check for updates – Button.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Under <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Configuration and Preferences<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">, click the <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Preferences<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> button. <br/>Click the <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Scanning Control<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> tab. <br/>Under <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Scanner Options<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> make sure the following are checked:<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Close browsers before scanning <br/>Scan for tracking cookies <br/>Terminate memory threats before quarantining. <br/>Ignore System Restore/Volume Information on ME and XP <br/>Please leave the others unchecked.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt"><FONT color=#000000>On the main screen, under Scan for Harmful Software click Scan your computer. <br/>On the left check C:\Fixed Drive. <br/>On the right, under Complete Scan, choose Perform Complete Scan. <br/>Click Next to start the scan. Please be patient while it scans your computer. <br/>After the scan is complete a summary box will appear. Click OK. <br/>Make sure everything in the white box has a check next to it, then click Next. <br/>It will quarantine what it found and if it asks if you want to reboot, click <br/>NO. <BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p>[/color] <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt">[color=#000000> <br/>When the scan have finished -><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Click <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Preferences<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> . Click the <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Statistics/Logs tab<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> . <br/>Under <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Scanner Logs<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> , double-click <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">SUPERAntiSpyware Scan Log<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> . <br/>It will open in your default text editor (such as Notepad/Wordpad).<o:p></o:p> <br/> <br/><UL type=disc> <br/><LI class=MsoNormal style="MARGIN: 0cm 0cm 0pt; COLOR: #222222; LINE-HEIGHT: 160%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Save the logfile to desktop<o:p></o:p> <br/><LI class=MsoNormal style="MARGIN: 0cm 0cm 0pt; COLOR: #222222; LINE-HEIGHT: 160%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Click close and close again to exit the program.<o:p></o:p></LI></UL> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt">Reboot, if needed.<o:p></o:p> <br/> <br/>[/color]<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">Post Superantispyware log, <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">along with [color=#000000>C:\Program]log.txt.</B> [/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/23/2009 5:55 AM
#77658
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
Thank you, first off, for your prompt reply. This has been a very aggravating issue and I appreciate your response. <br/> <br/>The two log files are enclosed in code below: <br/> <br/>[code]ESETSmartInstaller@High as downloader log: <br/>all ok <br/># version=6 <br/># OnlineScannerApp.exe=1.0.0.1 <br/># OnlineScanner.ocx=1.0.0.6050 <br/># api_version=3.0.2 <br/># EOSSerial=0c226f00cdcffd47b3cdcc500b58f80a <br/># end=finished <br/># remove_checked=true <br/># archives_checked=false <br/># unwanted_checked=true <br/># unsafe_checked=false <br/># antistealth_checked=true <br/># utc_time=2009-09-23 04:20:14 <br/># local_time=2009-09-22 10:20:14 (-0700, Mountain Daylight Time) <br/># country="United States" <br/># lang=1033 <br/># osver=5.1.2600 NT Service Pack 3 <br/># compatibility_mode=2817 63 100 100 89272649218750 <br/># compatibility_mode=3073 21 80 88 62742656250 <br/># scanned=136729 <br/># found=3 <br/># cleaned=3 <br/># scan_time=2996 <br/>C:\System Volume Information\_restore{CB02C56C-7E9C-421C-9B6B-10BDEB11CFC3}\RP86\A0014265.exe a variant of Win32/Kryptik.ANU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\System Volume Information\_restore{CB02C56C-7E9C-421C-9B6B-10BDEB11CFC3}\RP86\A0014281.exe a variant of Win32/Kryptik.ANU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\System Volume Information\_restore{CB02C56C-7E9C-421C-9B6B-10BDEB11CFC3}\RP86\A0014282.exe a variant of Win32/Kryptik.ANU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>[/code] <br/>[code]SUPERAntiSpyware Scan Log <br/>http://www.superantispyware.com <br/> <br/>Generated 09/22/2009 at 11:41 PM <br/> <br/>Application Version : 4.29.1002 <br/> <br/>Core Rules Database Version : 4117 <br/>Trace Rules Database Version: 2057 <br/> <br/>Scan type : Complete Scan <br/>Total Scan Time : 01:11:42 <br/> <br/>Memory items scanned : 674 <br/>Memory threats detected : 0 <br/>Registry items scanned : 6929 <br/>Registry threats detected : 0 <br/>File items scanned : 126374 <br/>File threats detected : 4 <br/> <br/>Adware.Tracking Cookie <br/> C:\Documents and Settings\Eric\Cookies\eric@atdmt[2].txt <br/> C:\Documents and Settings\Eric\Cookies\eric@atdmt[1].txt <br/> C:\Documents and Settings\Eric\Cookies\eric@atwola[2].txt[/code] <br/> <br/>Hope this helps! <br/> <br/>PS: I did attempt to run FireFox and MSN again, and still no luck. Wasn't sure if I would be able to or not yet. ;) <br/>PPS: When I rebooted my computer, the same CUccPlatform application was frozen. <br/>PPPS: If I don't reply tonight, my apologies! Have to head off to university in the morn'. :| <br/> <br/>Thanks again!
Posted 9/23/2009 6:24 AM
#77659
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. Let´s see if you can run -> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Download OTL by OldTimer, saving it to your desktop: <SPAN style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'"><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">http://oldtimer.geekstogo.com/OTL.exe<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check". <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Do not TOUCH your keyboard until the scan completes! <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Exit Notepad. Remember where you've saved these 2 files.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Exit OTL by clicking the X at top right.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB"> <br/>Then copy/paste the following into your post (in order): <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">the contents of OTL.txt<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">the contents of Extras.txt <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/23/2009 4:31 PM
#77676
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
[2]OTL.TXT[/2] <br/>OTL logfile created on: 9/23/2009 10:22:42 AM - Run 1 <br/>OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Eric\Desktop <br/>Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.6001.18702) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free <br/>4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free <br/>Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files <br/>Drive C: | 110.94 Gb Total Space | 66.10 Gb Free Space | 59.58% Space Free | Partition Type: NTFS <br/>Drive D: | 110.94 Gb Total Space | 107.71 Gb Free Space | 97.09% Space Free | Partition Type: NTFS <br/>E: Drive not present or media not loaded <br/>F: Drive not present or media not loaded <br/>G: Drive not present or media not loaded <br/>H: Drive not present or media not loaded <br/>I: Drive not present or media not loaded <br/> <br/>Computer Name: ERIC-LTOP <br/>Current User Name: Eric <br/>Logged in as Administrator. <br/> <br/>Current Boot Mode: Normal <br/>Scan Mode: Current user <br/>Company Name Whitelist: Off <br/>Skip Microsoft Files: Off <br/>File Age = 30 Days <br/>Output = Standard <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2009/09/17 16:56:40 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe <br/>PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>PRC - [2008/01/11 18:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe <br/>PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe <br/>PRC - [2008/03/03 14:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe <br/>PRC - [2008/04/15 18:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe <br/>PRC - [2009/05/31 15:19:48 | 03,481,088 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe <br/>PRC - [2007/01/04 19:48:50 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe <br/>PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe <br/>PRC - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe <br/>PRC - [2008/07/09 18:42:00 | 16,862,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE <br/>PRC - [2008/07/09 18:11:00 | 01,028,096 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>PRC - [2008/04/15 18:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe <br/>PRC - [2008/04/25 22:36:20 | 00,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe <br/>PRC - [2008/04/25 22:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe <br/>PRC - [2008/06/27 14:39:28 | 00,466,944 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe <br/>PRC - [2008/08/31 19:17:00 | 00,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE <br/>PRC - [2008/04/25 22:36:02 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe <br/>PRC - [2009/05/31 15:19:41 | 03,686,400 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe <br/>PRC - [2007/10/23 10:56:18 | 00,200,704 | ---- | M] () -- C:\WINDOWS\PLFSetI.exe <br/>PRC - [2009/06/11 14:32:30 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe <br/>PRC - [2008/12/28 18:20:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe <br/>PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe <br/>PRC - [2009/09/08 21:09:42 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe <br/>PRC - [2009/09/17 16:56:48 | 01,799,952 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe <br/>PRC - [2007/07/24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe <br/>PRC - [2008/04/17 01:28:48 | 00,818,176 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe <br/>PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe <br/>PRC - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe <br/>PRC - [2009/05/31 15:13:45 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>PRC - [2009/07/09 14:07:14 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe <br/>PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe <br/>PRC - [2009/04/23 07:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe <br/>PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe <br/>PRC - [2009/09/18 18:36:46 | 00,860,160 | ---- | M] (Lee Matthew Chantrey & Windows X) -- C:\Program Files\ViStart\ViStart.exe <br/>PRC - [2008/03/18 18:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo! Widgets\YahooWidgets.exe <br/>PRC - [2008/09/11 06:30:38 | 00,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Eric\Local Settings\Temp\RtkBtMnt.exe <br/>PRC - [2008/03/18 18:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo! Widgets\YahooWidgets.exe <br/>PRC - [2009/02/06 04:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe <br/>PRC - [2008/11/06 11:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe <br/>PRC - [2009/02/06 04:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe <br/>PRC - [2009/09/08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe <br/>PRC - [2008/04/14 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe <br/>PRC - [2008/04/14 06:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe <br/>PRC - [2009/09/23 10:21:07 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe <br/>PRC - [2008/04/14 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe <br/> <br/>[color=#E56717]========== Win32 Services (SafeList) ==========[/color] <br/> <br/>SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) <br/>SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) <br/>SRV - [2008/01/11 18:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running]) <br/>SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) <br/>SRV - [2008/03/03 14:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running]) <br/>SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) <br/>SRV - [2009/09/17 16:56:40 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running]) <br/>SRV - [2009/06/28 20:30:15 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) <br/>SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) <br/>SRV - [2009/05/31 15:13:20 | 00,024,064 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100 [On_Demand | Stopped]) <br/>SRV - [2009/07/14 23:42:37 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca050f12d1e7b8 [Auto | Stopped]) <br/>SRV - [2009/07/14 23:41:58 | 00,190,448 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) <br/>SRV - [2008/04/14 06:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) <br/>SRV - [2008/04/15 18:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running]) <br/>SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) <br/>SRV - [2009/05/31 15:19:48 | 03,481,088 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC [Auto | Running]) <br/>SRV - [2009/09/08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) <br/>SRV - [2007/01/04 19:48:50 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running]) <br/>SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) <br/>SRV - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) <br/>SRV - [2009/06/10 20:32:14 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped]) <br/>SRV - [2006/04/14 11:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped]) <br/>SRV - [2005/10/14 04:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped]) <br/>SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped]) <br/>SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) <br/>SRV - [2008/04/25 22:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running]) <br/>SRV - [2008/04/25 22:36:02 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running]) <br/>SRV - [2008/12/28 18:20:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) <br/>SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) <br/>SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) <br/>SRV - [2007/07/24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running]) <br/>SRV - [2006/04/14 11:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped]) <br/>SRV - [2006/04/14 11:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped]) <br/>SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running]) <br/>SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV - [2009/05/31 15:19:45 | 00,043,184 | ---- | M] (Alfa Corporation) -- C:\WINDOWS\system32\Drivers\AlfaFF.sys -- (AlfaFF [Boot | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped]) <br/>DRV - [2008/04/14 01:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped]) <br/>DRV - [2008/05/30 13:44:42 | 00,146,944 | R--- | M] (AuthenTec, Inc.) -- C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV [On_Demand | Running]) <br/>DRV - [2008/03/19 15:26:24 | 00,175,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running]) <br/>DRV - [2009/09/17 16:57:12 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running]) <br/>DRV - [2009/09/17 16:57:13 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped]) <br/>DRV - [2008/08/31 19:17:00 | 00,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running]) <br/>DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) <br/>DRV - [2009/06/17 20:44:15 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) <br/>DRV - [2008/07/09 18:41:00 | 00,210,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running]) <br/>DRV - [2008/07/09 18:41:00 | 00,985,472 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running]) <br/>DRV - [2008/04/15 18:53:44 | 00,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running]) <br/>DRV - [2009/09/17 16:57:13 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running]) <br/>DRV - [2007/01/26 00:32:18 | 00,069,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\int15.sys -- (Int15 [Auto | Running]) <br/>DRV - [2008/07/09 18:42:00 | 04,739,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) <br/>DRV - [2005/09/20 18:27:20 | 00,010,368 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running]) <br/>DRV - [2008/07/09 18:15:00 | 00,080,784 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\System32\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running]) <br/>DRV - [2008/07/09 18:41:00 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped]) <br/>DRV - [2008/07/09 18:35:00 | 03,626,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw5x32.sys -- (NETw5x32 [On_Demand | Running]) <br/>DRV - [2008/01/30 03:59:42 | 00,013,952 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running]) <br/>DRV - [2008/12/28 18:19:00 | 06,179,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) <br/>DRV - [2008/12/28 18:21:00 | 00,041,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys -- (NVHDA [On_Demand | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped]) <br/>DRV - [2007/04/17 20:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\WINDOWS\System32\drivers\regi.sys -- (regi [Auto | Running]) <br/>DRV - [2009/09/04 14:50:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Eric\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV [System | Running]) <br/>DRV - [2009/09/04 14:49:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Eric\Local Settings\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL [System | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) <br/>DRV - [2008/04/14 01:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped]) <br/>DRV - [2007/10/01 14:59:46 | 01,769,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped]) <br/>DRV - [2009/09/13 18:26:48 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped]) <br/>DRV - [2008/07/09 18:11:00 | 00,220,640 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running]) <br/>DRV - [2008/01/30 08:56:42 | 00,012,288 | ---- | M] (NewTech Infosystems Corporation) -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running]) <br/>DRV - [2008/04/14 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped]) <br/>DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) <br/>DRV - [2008/04/14 06:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped]) <br/>DRV - [2008/07/09 18:41:00 | 00,731,264 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running]) <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm <br/> <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=0&o=xpp&d=0509&m=travelmate_7730g <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF - prefs.js..browser.search.defaultenginename: "Google" <br/>FF - prefs.js..browser.startup.homepage: "http://google.ca" <br/>FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 <br/>FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.6.15 <br/>FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1 <br/>FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76 <br/>FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6 <br/>FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4 <br/>FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.2 <br/>FF - prefs.js..extensions.enabledItems: {2E481B23-66AC-313F-D6A8-A81DDDF26249}:0.7.1 <br/>FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2 <br/>FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1 <br/>FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324 <br/>FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.4.2 <br/>FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 <br/>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 <br/>FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.3 <br/>FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.3.9 <br/>FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 <br/>FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2 <br/>FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.6.2 <br/>FF - prefs.js..extensions.enabledItems: wikipediatoolbar@wikipedia.org:0.5.9 <br/>FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5 <br/>FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 <br/>FF - prefs.js..extensions.enabledItems: {1a76f5a0-6354-11de-8a39-0800200c9a66}:1.0 <br/> <br/>FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/31 22:20:55 | 00,000,000 | ---D | M] <br/>FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 03:11:44 | 00,000,000 | ---D | M] <br/>FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/22 10:36:54 | 00,000,000 | ---D | M] <br/>FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 20:15:45 | 00,000,000 | ---D | M] <br/> <br/>[2009/05/31 15:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Extensions <br/>[2009/05/31 15:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} <br/>[2009/09/22 11:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions <br/>[2009/08/20 12:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} <br/>[2009/08/20 12:32:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} <br/>[2009/09/18 23:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} <br/>[2009/06/28 16:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{1a76f5a0-6354-11de-8a39-0800200c9a66} <br/>[2009/09/22 11:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b} <br/>[2009/09/18 22:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{2E481B23-66AC-313F-D6A8-A81DDDF26249} <br/>[2009/05/31 15:43:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} <br/>[2009/09/18 22:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} <br/>[2009/08/20 12:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} <br/>[2009/08/24 13:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} <br/>[2009/07/26 13:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} <br/>[2009/07/28 23:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0} <br/>[2009/07/28 23:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} <br/>[2009/07/21 19:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} <br/>[2009/07/28 23:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} <br/>[2009/07/26 13:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} <br/>[2009/08/04 21:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} <br/>[2009/07/28 23:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} <br/>[2009/08/13 12:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} <br/>[2009/07/28 23:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d} <br/>[2009/09/17 21:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} <br/>[2009/05/31 15:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} <br/>[2009/09/11 10:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} <br/>[2009/08/24 13:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4} <br/>[2009/07/21 19:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} <br/>[2009/07/26 13:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\askopensearch-VTS@ask.com <br/>[2009/05/31 15:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\currentsiteip@webdatamation.com <br/>[2009/08/04 21:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\firebug@software.joehewitt.com <br/>[2009/09/22 11:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\personas@christopher.beard <br/>[2009/09/18 22:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\piclens@cooliris.com <br/>[2009/05/31 15:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\wikipediatoolbar@wikipedia.org <br/>[2009/08/25 17:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\yetanothersmoothscrolling@kataho <br/>[2009/07/26 13:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions <br/>[2009/07/26 13:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions <br/>[2009/07/26 13:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions <br/>[2009/07/26 13:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions <br/>[2009/09/21 20:49:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions <br/>[2009/09/09 20:15:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} <br/>[2009/05/31 22:21:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} <br/>[2009/06/10 15:44:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} <br/>[2009/08/04 21:39:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <br/>[2009/09/09 20:15:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll <br/>[2009/09/09 20:15:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll <br/>[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll <br/>[2009/09/09 20:15:42 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll <br/>[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL <br/>[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll <br/>[2009/09/09 19:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll <br/>[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll <br/>[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll <br/>[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll <br/>[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll <br/>[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll <br/>[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll <br/>[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll <br/>[2007/03/09 17:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll <br/>[2009/06/24 05:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml <br/>[2009/06/24 05:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml <br/>[2009/06/24 05:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml <br/>[2009/06/24 05:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml <br/>[2009/06/24 05:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml <br/>[2009/06/24 05:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml <br/>[2009/06/24 05:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml <br/> <br/>O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts <br/>O1 - Hosts: 127.0.0.1 localhost <br/>O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. <br/>O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) <br/>O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) <br/>O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) <br/>O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) <br/>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) <br/>O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) <br/>O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. <br/>O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) <br/>O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) <br/>O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) <br/>O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) <br/>O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () <br/>O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation) <br/>O4 - HKLM..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe () <br/>O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch) <br/>O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO) <br/>O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe () <br/>O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) <br/>O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) <br/>O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) <br/>O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) <br/>O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) <br/>O4 - HKLM..\Run: [KernelFaultCheck] File not found <br/>O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) <br/>O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) <br/>O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () <br/>O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) <br/>O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) <br/>O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () <br/>O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) <br/>O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) <br/>O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe () <br/>O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix) <br/>O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) <br/>O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) <br/>O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) <br/>O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) <br/>O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) <br/>O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC) <br/>O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) <br/>O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) <br/>O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) <br/>O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) <br/>O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) <br/>O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj) <br/>O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe (Lee Matthew Chantrey & Windows X) <br/>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe (Acer Inc.) <br/>O4 - Startup: C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo! Widgets\YahooWidgets.exe (Yahoo! Inc.) <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) <br/>O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () <br/>O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () <br/>O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) <br/>O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) <br/>O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) <br/>O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) <br/>O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) <br/>O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) <br/>O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) <br/>O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) <br/>O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) <br/>O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) <br/>O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) <br/>O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. <br/>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) <br/>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120 <br/>O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) <br/>O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) <br/>O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) <br/>O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) <br/>O18 - Protocol\Handler\ipp - No CLSID value found <br/>O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) <br/>O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) <br/>O18 - Protocol\Handler\msdaipp - No CLSID value found <br/>O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) <br/>O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) <br/>O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) <br/>O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) <br/>O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) <br/>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) <br/>O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) <br/>O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) <br/>O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) <br/>O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO) <br/>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) <br/>O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) <br/>O24 - Desktop Components:0 (My Current Home Page) - About:Home <br/>O31 - SafeBoot: AlternateShell - cmd.exe <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O32 - AutoRun File - [2008/09/11 06:02:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] <br/>O33 - MountPoints2\{84d1f528-4e49-11de-a61d-00238b926417}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found <br/>O34 - HKLM BootExecute: (autocheck) - File not found <br/>O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) <br/>O34 - HKLM BootExecute: (*) - File not found <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2009/09/23 10:21:06 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe <br/>[2009/09/22 22:27:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\SUPERAntiSpyware.com <br/>[2009/09/22 22:27:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com <br/>[2009/09/22 16:54:45 | 32,158,35136 | -HS- | C] () -- C:\hiberfil.sys <br/>[2009/09/22 13:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\Malwarebytes <br/>[2009/09/22 13:10:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes <br/>[2009/09/22 12:49:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\30DE01F0.x86.dll <br/>[2009/09/21 20:27:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys <br/>[2009/09/18 22:01:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Cooliris <br/>[2009/09/18 18:36:46 | 00,000,000 | ---D | C] -- C:\Program Files\ViStart <br/>[2009/09/18 18:36:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\ViStart <br/>[2009/09/17 20:05:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump <br/>[2009/09/17 13:58:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Xming.lnk <br/>[2009/09/17 13:58:37 | 00,000,000 | ---D | C] -- C:\Program Files\Xming <br/>[2009/09/17 13:05:43 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\PUTTY.RND <br/>[2009/09/17 12:08:56 | 00,454,656 | ---- | C] (Simon Tatham) -- C:\Documents and Settings\Eric\Desktop\putty.exe <br/>[2009/09/15 11:49:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\DOSBox <br/>[2009/09/15 11:48:38 | 00,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.73.lnk <br/>[2009/09/15 11:48:12 | 00,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.73 <br/>[2009/09/15 10:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\wxWidgets-2.8.10 <br/>[2009/09/13 18:52:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator <br/>[2009/09/13 18:52:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition <br/>[2009/09/13 18:48:06 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI <br/>[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Symbols <br/>[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop <br/>[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects <br/>[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools <br/>[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions <br/>[2009/09/13 18:40:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules <br/>[2009/09/13 18:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Visual Studio 2005 <br/>[2009/09/13 18:38:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 <br/>[2009/09/13 18:33:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite <br/>[2009/09/13 18:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar <br/>[2009/09/13 18:33:39 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite <br/>[2009/09/13 18:26:48 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys <br/>[2009/09/13 18:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\DAEMON Tools Lite <br/>[2009/09/12 00:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs <br/>[2009/09/10 20:35:45 | 00,088,477 | ---- | C] () -- C:\Documents and Settings\Eric\My Documents\Photo 223.jpg <br/>[2009/09/09 20:04:16 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk <br/>[2009/09/09 20:03:57 | 00,000,000 | ---D | C] -- C:\Program Files\Safari <br/>[2009/09/09 20:00:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility <br/>[2009/09/09 20:00:20 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk <br/>[2009/09/09 19:58:35 | 00,000,000 | ---D | C] -- C:\Program Files\iPod <br/>[2009/09/09 19:58:29 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes <br/>[2009/09/09 19:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} <br/>[2009/09/09 19:56:16 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk <br/>[2009/09/09 19:55:58 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime <br/>[2009/09/08 21:37:22 | 00,000,000 | ---D | C] -- C:\Program Files\Python <br/>[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx <br/>[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts <br/>[2009/09/04 20:10:24 | 00,009,858 | ---- | C] () -- C:\Documents and Settings\Eric\My Documents\Scrabble090409_01.xlsx <br/>[2009/08/26 16:10:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Yahoo! Widgets.lnk <br/>[2009/08/25 20:40:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\AIMLogger <br/>[2009/08/25 18:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\My Widgets <br/>[2009/08/25 18:09:13 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! <br/>[2009/08/25 18:09:11 | 00,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Widgets.lnk <br/>[2009/08/25 18:09:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Yahoo <br/>[2009/08/25 18:09:07 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! Widgets <br/>[2009/06/14 00:26:21 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI <br/>[2009/05/31 18:04:08 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll <br/>[2009/05/31 18:04:07 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll <br/>[2009/05/31 18:04:05 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll <br/>[2009/05/31 18:04:03 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll <br/>[2009/05/31 15:21:56 | 00,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll <br/>[2009/05/31 15:21:56 | 00,000,169 | ---- | C] () -- C:\WINDOWS\PidList.ini <br/>[2009/05/31 15:21:07 | 01,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys <br/>[2009/05/31 15:21:07 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys <br/>[2009/05/31 15:21:06 | 01,769,984 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys <br/>[2009/05/31 15:21:05 | 00,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll <br/>[2009/05/31 15:21:05 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll <br/>[2009/05/31 15:21:05 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys <br/>[2009/05/31 15:21:05 | 00,000,169 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini <br/>[2009/05/31 15:20:06 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\VMC3KAPI.dll <br/>[2008/09/11 18:50:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini <br/>[2008/09/11 18:47:06 | 00,000,439 | ---- | C] () -- C:\WINDOWS\system.ini <br/>[2008/09/11 06:56:22 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll <br/>[2008/09/11 06:56:22 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll <br/>[2008/09/11 06:55:36 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll <br/>[2008/09/11 06:55:36 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll <br/>[2008/09/11 06:50:26 | 00,000,765 | ---- | C] () -- C:\WINDOWS\win.ini <br/>[2008/07/30 20:37:26 | 00,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini <br/>[2008/04/14 06:00:00 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll <br/>[2008/04/14 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini <br/>[2007/11/14 15:00:44 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll <br/>[2007/11/14 15:00:44 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll <br/>[2007/01/26 00:32:18 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys <br/>[2005/03/28 16:45:26 | 00,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini <br/>[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll <br/>[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll <br/>[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll <br/>[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[4 C:\WINDOWS\System32\*.tmp files] <br/>[2009/09/23 10:21:07 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe <br/>[2009/09/23 10:15:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl <br/>[2009/09/23 10:15:39 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job <br/>[2009/09/23 10:13:30 | 00,201,608 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml <br/>[2009/09/23 10:12:59 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job <br/>[2009/09/23 10:12:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT <br/>[2009/09/23 10:12:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys <br/>[2009/09/23 10:12:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat <br/>[2009/09/23 10:12:19 | 32,158,35136 | -HS- | M] () -- C:\hiberfil.sys <br/>[2009/09/23 01:01:32 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat <br/>[2009/09/23 01:01:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job <br/>[2009/09/23 00:06:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008UA.job <br/>[2009/09/22 18:54:41 | 01,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat <br/>[2009/09/22 18:14:10 | 00,000,439 | ---- | M] () -- C:\WINDOWS\system.ini <br/>[2009/09/22 12:49:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\30DE01F0.x86.dll <br/>[2009/09/22 10:38:56 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\PUTTY.RND <br/>[2009/09/20 02:06:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008Core.job <br/>[2009/09/19 21:10:04 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk <br/>[2009/09/17 23:57:17 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk <br/>[2009/09/17 16:57:15 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll <br/>[2009/09/17 16:57:13 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys <br/>[2009/09/17 16:57:13 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys <br/>[2009/09/17 16:57:12 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys <br/>[2009/09/17 13:58:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Xming.lnk <br/>[2009/09/15 19:30:40 | 00,002,281 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Google Chrome.lnk <br/>[2009/09/15 15:14:33 | 02,642,038 | -H-- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db <br/>[2009/09/15 11:48:38 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.73.lnk <br/>[2009/09/15 01:14:08 | 00,074,072 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat <br/>[2009/09/14 08:35:52 | 01,647,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT <br/>[2009/09/13 18:48:06 | 00,000,172 | ---- | M] () -- C:\WINDOWS\ODBC.INI <br/>[2009/09/13 18:26:48 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys <br/>[2009/09/11 17:58:43 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk <br/>[2009/09/10 20:35:56 | 00,088,477 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\Photo 223.jpg <br/>[2009/09/09 19:56:16 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk <br/>[2009/09/08 17:30:53 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK <br/>[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx <br/>[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts <br/>[2009/09/04 22:16:16 | 00,009,858 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\Scrabble090409_01.xlsx <br/>[2009/08/30 21:00:13 | 00,110,865 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\Picture 1.png <br/>[2009/08/28 19:42:52 | 02,065,696 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll <br/>[2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys <br/>[2009/08/28 15:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe <br/>[2009/08/26 16:10:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Yahoo! Widgets.lnk <br/>[2009/08/25 18:09:11 | 00,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Widgets.lnk <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2009/09/22 22:27:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data <br/>[2009/07/03 11:31:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23} <br/>[2009/09/09 19:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} <br/>[2009/07/03 11:24:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} <br/>[2009/07/22 14:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore <br/>[2009/05/31 15:16:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel <br/>[2009/09/13 18:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite <br/>[2009/05/31 15:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi <br/>[2009/06/30 21:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet <br/>[2009/08/08 00:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! <br/>[2009/09/13 18:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions <br/>[2009/07/22 14:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint <br/>[2009/09/22 22:27:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Eric\Application Data <br/>[2009/05/31 22:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\.clamwin <br/>[2009/07/22 14:13:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\acccore <br/>[2009/08/09 02:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Auslogics <br/>[2009/05/31 20:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Command & Conquer 3 Tiberium Wars <br/>[2009/09/13 18:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\DAEMON Tools Lite <br/>[2009/09/22 10:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\FileZilla <br/>[2009/06/19 20:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Hamachi <br/>[2009/05/31 16:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Notepad++ <br/>[2009/05/31 20:35:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Eric\Application Data\SecuROM <br/>[2009/06/16 21:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\teamspeak2 <br/>[2009/09/20 16:54:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\TeamViewer <br/>[2009/09/18 18:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\ViStart <br/>[2009/07/22 12:20:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job <br/>[2008/04/14 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini <br/>[2009/09/23 10:15:39 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job <br/>[2009/09/23 10:12:59 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job <br/>[2009/09/23 01:01:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job <br/>[2009/09/20 02:06:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008Core.job <br/>[2009/09/23 00:06:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008UA.job <br/>[2009/09/23 10:12:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/>< End of report > <br/> <br/> <br/>[2]EXTRAS.TXT[/2] <br/>OTL Extras logfile created on: 9/23/2009 10:22:42 AM - Run 1 <br/>OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Eric\Desktop <br/>Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.6001.18702) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free <br/>4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free <br/>Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files <br/>Drive C: | 110.94 Gb Total Space | 66.10 Gb Free Space | 59.58% Space Free | Partition Type: NTFS <br/>Drive D: | 110.94 Gb Total Space | 107.71 Gb Free Space | 97.09% Space Free | Partition Type: NTFS <br/>E: Drive not present or media not loaded <br/>F: Drive not present or media not loaded <br/>G: Drive not present or media not loaded <br/>H: Drive not present or media not loaded <br/>I: Drive not present or media not loaded <br/> <br/>Computer Name: ERIC-LTOP <br/>Current User Name: Eric <br/>Logged in as Administrator. <br/> <br/>Current Boot Mode: Normal <br/>Scan Mode: Current user <br/>Company Name Whitelist: Off <br/>Skip Microsoft Files: Off <br/>File Age = 30 Days <br/>Output = Standard <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) <br/>.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) <br/>.ini [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr) <br/>.js [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr) <br/>.txt [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr) <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] <br/>.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* File not found <br/>chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) <br/>cmdfile [open] -- "%1" %* File not found <br/>comfile [open] -- "%1" %* File not found <br/>exefile [open] -- "%1" %* File not found <br/>htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) <br/>htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) <br/>htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) <br/>http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) <br/>https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) <br/>piffile [open] -- "%1" %* File not found <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" File not found <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) <br/>scrfile [open] -- "%1" /S File not found <br/>txtfile [edit] -- Reg Error: Key error. <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) <br/>Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) <br/>Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) <br/>CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"FirstRunDisabled" = 1 <br/>"AntiVirusDisableNotify" = 0 <br/>"FirewallDisableNotify" = 0 <br/>"UpdatesDisableNotify" = 0 <br/>"AntiVirusOverride" = 0 <br/>"FirewallOverride" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] <br/>"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 <br/>"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 <br/>"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 <br/>"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 <br/>"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"EnableFirewall" = 1 <br/>"DoNotAllowExceptions" = 0 <br/>"DisableNotifications" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] <br/>"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 <br/>"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 <br/>"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 <br/>"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 <br/>"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 <br/>"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 <br/>"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 <br/>"9990:TCP" = 9990:TCP:*:Enabled:WZ2100-9990 <br/>"9997:TCP" = 9997:TCP:*:Enabled:WZ2100-9997 <br/>"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] <br/>"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) <br/>"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) <br/>"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) <br/>"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) <br/>"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] <br/>"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) <br/>"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) <br/>"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe -- () <br/>"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe -- (NewTech InfoSystems, Inc.) <br/>"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe -- (NewTech Infosystems, Inc.) <br/>"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) <br/>"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) <br/>"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) <br/>"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- File not found <br/>"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.) <br/>"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) <br/>"C:\Program Files\Warzone 2100\warzone2100.exe" = C:\Program Files\Warzone 2100\warzone2100.exe:*:Enabled:Warzone 2100 -- (Warzone 2100 Project) <br/>"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) <br/>"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC) <br/>"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) <br/>"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) <br/>"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) <br/>"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) <br/>"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) <br/>"C:\Program Files\Xming\Xming.exe" = C:\Program Files\Xming\Xming.exe:*:Enabled:Xming X Server -- () <br/>"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) <br/> <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR <br/>"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 <br/>"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 <br/>"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour <br/>"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting <br/>"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger <br/>"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support <br/>"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard <br/>"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools <br/>"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 <br/>"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer <br/>"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin <br/>"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool <br/>"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT <br/>"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer <br/>"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 <br/>"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2 <br/>"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 <br/>"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller <br/>"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15 <br/>"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition <br/>"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 <br/>"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) <br/>"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004 <br/>"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install <br/>"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP <br/>"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera <br/>"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform <br/>"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 <br/>"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU <br/>"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005 <br/>"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant <br/>"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies <br/>"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client <br/>"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings <br/>"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) <br/>"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 <br/>"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management <br/>"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 <br/>"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 <br/>"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup <br/>"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package <br/>"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update <br/>"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All <br/>"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer <br/>"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings <br/>"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow <br/>"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 <br/>"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable <br/>"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com <br/>"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU <br/>"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver <br/>"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 <br/>"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support <br/>"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard <br/>"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 <br/>"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 <br/>"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 <br/>"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 <br/>"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 <br/>"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 <br/>"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 <br/>"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 <br/>"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 <br/>"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 <br/>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 <br/>"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 <br/>"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager <br/>"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components <br/>"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 <br/>"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 <br/>"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) <br/>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting <br/>"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings <br/>"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync <br/>"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 <br/>"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI <br/>"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps <br/>"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific <br/>"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 <br/>"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime <br/>"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller <br/>"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8 <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components <br/>"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support <br/>"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology <br/>"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings <br/>"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3 <br/>"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 <br/>"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser <br/>"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1 <br/>"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 <br/>"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup <br/>"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 <br/>"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 <br/>"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 <br/>"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer <br/>"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries <br/>"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials <br/>"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 <br/>"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth <br/>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 <br/>"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 <br/>"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.62.623 <br/>"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client <br/>"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 <br/>"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup <br/>"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files <br/>"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings <br/>"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 <br/>"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag <br/>"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime <br/>"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant <br/>"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari <br/>"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 <br/>"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes <br/>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver <br/>"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call <br/>"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility <br/>"Acer Acer Bio Protection 6.0.00.18" = Acer Bio Protection <br/> <br/>ATA 6.0.00.18 <br/>"Adobe AIR" = Adobe AIR <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX <br/>"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin <br/>"Adobe Shockwave Player" = Adobe Shockwave Player 11.5 <br/>"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 <br/>"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 <br/>"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings <br/>"AIM_6" = AIM 6 <br/>"Audacity_is1" = Audacity 1.2.6 <br/>"AutoItv3" = AutoIt v3.3.0.0 <br/>"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1 <br/>"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.2 <br/>"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP <br/>"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com <br/>"COMODO Internet Security" = COMODO Internet Security <br/>"DAEMON Tools Toolbar" = DAEMON Tools Toolbar <br/>"FileZilla Client" = FileZilla Client 3.2.4.1 <br/>"Google Desktop" = Google Desktop <br/>"Google Updater" = Google Updater <br/>"GridVista" = Acer GridVista <br/>"Hamachi" = Hamachi 1.0.3.0 <br/>"HijackThis" = HijackThis 2.0.2 <br/>"HOMESTUDENTR" = Microsoft Office Home and Student 2007 <br/>"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs <br/>"ie7" = Windows Internet Explorer 7 <br/>"ie8" = Windows Internet Explorer 8 <br/>"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 <br/>"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 <br/>"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 <br/>"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 <br/>"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow <br/>"LManager" = Launch Manager <br/>"Messenger Plus! Live" = Messenger Plus! Live <br/>"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 <br/>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 <br/>"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005 <br/>"Microsoft SQL Server 2005" = Microsoft SQL Server 2005 <br/>"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package <br/>"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU <br/>"mIRC" = mIRC <br/>"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) <br/>"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP <br/>"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs <br/>"Notepad++" = Notepad++ <br/>"NVIDIA Drivers" = NVIDIA Drivers <br/>"OpenAL" = OpenAL <br/>"PROHYBRIDR" = 2007 Microsoft Office system <br/>"San Andreas Radio_is1" = San Andreas Radio V1.0 <br/>"SynTPDeinstKey" = Synaptics Pointing Device Driver <br/>"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5 <br/>"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 <br/>"TeamViewer 4" = TeamViewer 4 <br/>"ViewpointMediaPlayer" = Viewpoint Media Player <br/>"ViStart" = ViStart <br/>"Warzone 2100" = Warzone 2100 <br/>"Windows Media Format Runtime" = Windows Media Format 11 runtime <br/>"Windows Media Player" = Windows Media Player 11 <br/>"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook <br/>"WinLiveSuite_Wave3" = Windows Live Essentials <br/>"WinRAR archiver" = WinRAR archiver <br/>"WMFDist11" = Windows Media Format 11 runtime <br/>"wmp11" = Windows Media Player 11 <br/>"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>"Xming_is1" = Xming 6.9.0.31 <br/>"Yahoo! Widget Engine" = Yahoo! Widgets <br/> <br/>[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"Google Chrome" = Google Chrome <br/> <br/>[color=#E56717]========== Last 10 Event Log Errors ==========[/color] <br/> <br/>[ Application Events ] <br/>Error - 7/13/2029 6:14:16 PM | Computer Name = ERIC-LTOP | Source = crypt32 | ID = 131083 <br/>Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> <br/> with error: A required certificate is not within its validity period when verifying <br/> against the current system clock or the timestamp in the signed file. <br/> <br/>Error - 7/13/2029 6:14:16 PM | Computer Name = ERIC-LTOP | Source = crypt32 | ID = 131083 <br/>Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> <br/> with error: A required certificate is not within its validity period when verifying <br/> against the current system clock or the timestamp in the signed file. <br/> <br/>Error - 7/13/2029 6:14:16 PM | Computer Name = ERIC-LTOP | Source = crypt32 | ID = 131083 <br/>Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> <br/> with error: A required certificate is not within its validity period when verifying <br/> against the current system clock or the timestamp in the signed file. <br/> <br/>Error - 7/13/2029 6:14:16 PM | Computer Name = ERIC-LTOP | Source = crypt32 | ID = 131083 <br/>Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> <br/> with error: A required certificate is not within its validity period when verifying <br/> against the current system clock or the timestamp in the signed file. <br/> <br/>Error - 7/13/2009 7:45:17 PM | Computer Name = ERIC-LTOP | Source = Application Hang | ID = 1002 <br/>Description = Hanging application firefox.exe, version 1.9.1.3462, hang module hungapp, <br/> version 0.0.0.0, hang address 0x00000000. <br/> <br/>Error - 7/19/2009 10:27:52 PM | Computer Name = ERIC-LTOP | Source = Application Error | ID = 1000 <br/>Description = Faulting application ahv.exe, version 1.1.0.143, faulting module ahv.exe, <br/> version 1.1.0.143, fault address 0x00005773. <br/> <br/>Error - 7/20/2009 1:53:09 AM | Computer Name = ERIC-LTOP | Source = Application Hang | ID = 1002 <br/>Description = Hanging application notepad++.exe, version 5.4.1.0, hang module hungapp, <br/> version 0.0.0.0, hang address 0x00000000. <br/> <br/>Error - 7/24/2009 8:52:19 PM | Computer Name = ERIC-LTOP | Source = Application Hang | ID = 1002 <br/>Description = Hanging application notepad++.exe, version 5.4.1.0, hang module hungapp, <br/> version 0.0.0.0, hang address 0x00000000. <br/> <br/>Error - 8/4/2009 11:19:53 PM | Computer Name = ERIC-LTOP | Source = Application Hang | ID = 1002 <br/>Description = Hanging application Skype.exe, version 4.1.0.136, hang module hungapp, <br/> version 0.0.0.0, hang address 0x00000000. <br/> <br/>Error - 8/4/2009 11:21:56 PM | Computer Name = ERIC-LTOP | Source = MsiInstaller | ID = 11722 <br/>Description = Product: Java(TM) 6 Update 15 -- Error 1722.There is a problem with <br/> this Windows Installer package. A program run as part of the setup did not finish <br/> as expected. Contact your support personnel or package vendor. Action patchjre, <br/> location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6" <br/> <br/> <br/>[ System Events ] <br/>Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7001 <br/>Description = The TCP/IP NetBIOS Helper service depends on the AFD service which <br/> failed to start because of the following error: %%31 <br/> <br/>Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7001 <br/>Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver <br/> service which failed to start because of the following error: %%31 <br/> <br/>Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7001 <br/>Description = The Bonjour Service service depends on the TCP/IP Protocol Driver <br/>service which failed to start because of the following error: %%31 <br/> <br/>Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7001 <br/>Description = The IPSEC Services service depends on the IPSEC driver service which <br/> failed to start because of the following error: %%31 <br/> <br/>Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7026 <br/>Description = The following boot-start or system-start driver(s) failed to load: <br/> AFD cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip <br/> <br/>Error - 9/22/2009 6:49:48 PM | Computer Name = ERIC-LTOP | Source = DCOM | ID = 10005 <br/>Description = DCOM got error "%1084" attempting to start the service StiSvc with <br/> arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} <br/> <br/>Error - 9/22/2009 6:53:20 PM | Computer Name = ERIC-LTOP | Source = DCOM | ID = 10005 <br/>Description = DCOM got error "%1084" attempting to start the service StiSvc with <br/> arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} <br/> <br/>Error - 9/22/2009 6:53:32 PM | Computer Name = ERIC-LTOP | Source = DCOM | ID = 10005 <br/>Description = DCOM got error "%1084" attempting to start the service netman with <br/> arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} <br/> <br/>Error - 9/22/2009 6:53:59 PM | Computer Name = ERIC-LTOP | Source = DCOM | ID = 10005 <br/>Description = DCOM got error "%1084" attempting to start the service EventSystem <br/> with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} <br/> <br/>Error - 9/23/2009 12:27:32 AM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7000 <br/>Description = The SASENUM service failed to start due to the following error: %%2 <br/> <br/> <br/>< End of report > <br/> <br/>/////////////////////////// <br/> <br/>PS: Explorer.exe is crashing almost every time I try to open a folder of any kind. I have been using a 3rd-party program called Explorer++ to access files.
Posted 9/24/2009 5:44 AM
#77689
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. It´s not infections there are the cause to your problems. <br/> <br/> <br/>Please follow this guide to download and run Dial A Fix -> <br/> <br/>http://www.bleepingcomputer.com/forums/topic160132.html

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/24/2009 6:11 AM
#77692
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
I downloaded and ran the program as per the provided instructions. <br/> <br/>FireFox.exe will still not boot, and MSNMSGR.exe will still not provide a window. HijackThis! is still crashing after completion of the system scan. <br/> <br/>During the process of using Dial-A-Fix, it gave me several popup windows saying that DLLs were corrupted or invalid. There must have been at least 20 popups during the whole process. <br/> <br/>Any other suggestions? <br/> <br/>PS: I have now been using FireFox (ff3.exe) for some online work and have noticed that I have the infamous Google redirect virus. I had this once before and don't remember how I fixed it... I think Comodo detected it that time. Not sure.
Posted 9/25/2009 6:00 AM
#77721
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. <br/> <br/> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB">Please download Combofix from:<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN-US"> <SPAN style="FONT-SIZE: 8.5pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">http://download.bleepingcomputer.com/sUBs/ComboFix.exe<SPAN lang=EN-GB style="mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN-GB"> <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB">And save to the desktop.<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN">Close all other browser windows.<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Double-click on the combofix icon found on your desktop. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN-GB">Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.<o:p></o:p></B> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> When finished, it will produce a logfile located at C:\combofix.txt.<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"> <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 11.0pt; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB">Post the contents of that log in your next reply <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"> <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/25/2009 6:28 AM
#77723
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
ComboFix 09-09-23.02 - Eric 09/25/2009 0:12.1.2 - NTFSx86 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2653 [GMT -6:00] <br/>Running from: c:\documents and settings\Eric\Desktop\Combo-Fix.exe <br/>AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} <br/>FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>c:\documents and settings\All Users\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera <br/>c:\documents and settings\All Users\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk <br/>c:\windows\30DE01F0.x86.dll <br/>c:\windows\Suyin.reg <br/> <br/>Infected copy of c:\windows\system32\eventlog.dll was found and disinfected <br/>Restored copy from - c:\windows\system32\dllcache\eventlog.dll <br/> <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} <br/> <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-09-24 06:02 . 2009-09-25 06:12 -------- d-----w- c:\windows\system32\CatRoot2 <br/>2009-09-24 04:43 . 2009-09-24 04:43 -------- d-----w- c:\program files\Process Explorer v11 <br/>2009-09-23 18:41 . 2009-09-23 18:41 -------- d-----w- c:\program files\iPod <br/>2009-09-23 18:41 . 2009-09-23 18:42 -------- d-----w- c:\program files\iTunes <br/>2009-09-23 18:15 . 2009-09-23 18:15 -------- d-----w- c:\program files\LPL Software <br/>2009-09-23 04:27 . 2009-09-23 04:27 -------- d-----w- c:\documents and settings\Eric\Application Data\SUPERAntiSpyware.com <br/>2009-09-23 04:27 . 2009-09-23 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com <br/>2009-09-22 19:10 . 2009-09-22 19:10 -------- d-----w- c:\documents and settings\Eric\Application Data\Malwarebytes <br/>2009-09-22 19:10 . 2009-09-22 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2009-09-22 02:27 . 2009-09-24 22:38 0 ----a-r- c:\windows\win32k.sys <br/>2009-09-19 04:01 . 2009-09-19 04:01 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Cooliris <br/>2009-09-19 00:36 . 2009-09-24 22:41 -------- d-----w- c:\program files\ViStart <br/>2009-09-19 00:36 . 2009-09-19 00:37 -------- d-----w- c:\documents and settings\Eric\Application Data\ViStart <br/>2009-09-17 19:58 . 2009-09-17 19:58 -------- d-----w- c:\program files\Xming <br/>2009-09-15 17:49 . 2009-09-15 17:49 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\DOSBox <br/>2009-09-15 17:48 . 2009-09-15 18:17 -------- d-----w- c:\program files\DOSBox-0.73 <br/>2009-09-15 16:02 . 2009-09-15 16:04 -------- d-----w- c:\program files\wxWidgets-2.8.10 <br/>2009-09-14 00:52 . 2009-09-14 00:52 -------- d-----w- c:\program files\Microsoft Device Emulator <br/>2009-09-14 00:52 . 2009-09-14 00:52 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition <br/>2009-09-14 00:40 . 2009-09-14 00:46 -------- d-----w- c:\program files\HTML Help Workshop <br/>2009-09-14 00:40 . 2009-09-14 00:41 -------- d-----w- c:\program files\Common Files\Business Objects <br/>2009-09-14 00:40 . 2009-09-14 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions <br/>2009-09-14 00:40 . 2009-09-14 00:40 -------- d-----w- c:\windows\Symbols <br/>2009-09-14 00:40 . 2009-09-14 00:40 -------- d-----w- c:\program files\CE Remote Tools <br/>2009-09-14 00:40 . 2009-09-14 00:45 -------- d-----w- c:\program files\Common Files\Merge Modules <br/>2009-09-14 00:38 . 2009-09-14 00:46 -------- d-----w- c:\program files\Microsoft Visual Studio 8 <br/>2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite <br/>2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\program files\DAEMON Tools Toolbar <br/>2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\program files\DAEMON Tools Lite <br/>2009-09-14 00:26 . 2009-09-14 00:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys <br/>2009-09-14 00:26 . 2009-09-14 00:37 -------- d-----w- c:\documents and settings\Eric\Application Data\DAEMON Tools Lite <br/>2009-09-12 06:19 . 2009-09-12 06:19 -------- d-----w- c:\program files\Microsoft SDKs <br/>2009-09-10 02:03 . 2009-09-10 02:04 -------- d-----w- c:\program files\Safari <br/>2009-09-10 02:00 . 2009-09-10 02:01 -------- d-----w- c:\program files\iPhone Configuration Utility <br/>2009-09-10 01:58 . 2009-09-10 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} <br/>2009-09-10 01:55 . 2009-09-10 01:56 -------- d-----w- c:\program files\QuickTime <br/>2009-09-09 03:37 . 2009-09-10 16:10 -------- d-----w- c:\program files\Python <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-09-25 06:16 . 2009-05-31 21:24 12 ----a-w- c:\windows\bthservsdp.dat <br/>2009-09-25 06:07 . 2009-07-10 04:32 -------- d-----w- c:\documents and settings\Eric\Application Data\skypePM <br/>2009-09-25 06:07 . 2009-07-10 04:32 -------- d-----w- c:\documents and settings\Eric\Application Data\Skype <br/>2009-09-25 06:03 . 2009-05-31 22:50 -------- d-----w- c:\program files\mIRC <br/>2009-09-25 05:45 . 2009-06-01 18:22 -------- d-----w- c:\documents and settings\Eric\Application Data\FileZilla <br/>2009-09-24 22:40 . 2009-05-31 22:28 -------- d-----w- c:\program files\Taskbar Shuffle <br/>2009-09-23 18:41 . 2009-07-03 17:21 -------- d-----w- c:\program files\Common Files\Apple <br/>2009-09-23 01:58 . 2009-07-14 19:31 -------- d-----w- c:\program files\Warzone 2100 <br/>2009-09-23 00:54 . 2009-06-01 18:15 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat <br/>2009-09-20 22:54 . 2009-08-09 07:19 -------- d-----w- c:\documents and settings\Eric\Application Data\TeamViewer <br/>2009-09-17 22:57 . 2009-06-01 04:27 179792 ----a-w- c:\windows\system32\guard32.dll <br/>2009-09-17 22:57 . 2009-06-01 04:27 87104 ----a-w- c:\windows\system32\drivers\inspect.sys <br/>2009-09-17 22:57 . 2009-06-01 04:27 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys <br/>2009-09-17 22:57 . 2009-06-01 04:27 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys <br/>2009-09-15 16:04 . 2009-05-31 22:29 -------- d-----w- c:\program files\Explorer++ <br/>2009-09-15 07:14 . 2009-07-10 20:40 74072 ---ha-w- c:\windows\system32\mlfcache.dat <br/>2009-09-14 01:03 . 2008-09-11 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help <br/>2009-09-14 01:01 . 2008-09-11 12:47 -------- d-----w- c:\program files\Microsoft SQL Server <br/>2009-09-14 00:49 . 2008-09-12 00:48 91608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-09-10 15:15 . 2009-07-03 17:25 -------- d-----w- c:\documents and settings\Eric\Application Data\Apple Computer <br/>2009-09-04 05:58 . 2009-05-31 21:12 -------- d-----w- c:\program files\Launch Manager <br/>2009-08-29 01:42 . 2009-07-03 17:22 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys <br/>2009-08-29 01:42 . 2009-07-03 17:22 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll <br/>2009-08-26 00:09 . 2009-08-26 00:09 -------- d-----w- c:\program files\Yahoo! <br/>2009-08-26 00:09 . 2009-08-26 00:09 -------- d-----w- c:\program files\Yahoo! Widgets <br/>2009-08-17 05:06 . 2009-08-17 05:06 -------- d-----w- c:\program files\MSBuild <br/>2009-08-17 05:06 . 2009-08-17 05:06 -------- d-----w- c:\program files\Reference Assemblies <br/>2009-08-11 00:07 . 2009-08-11 00:07 -------- d-----w- c:\program files\Microsoft ActiveSync <br/>2009-08-11 00:06 . 2009-08-11 00:06 -------- d-----w- c:\program files\Windows Mobile Device Handbook <br/>2009-08-09 08:32 . 2009-08-09 08:32 -------- d-----w- c:\documents and settings\Eric\Application Data\Auslogics <br/>2009-08-09 07:53 . 2009-08-09 07:53 -------- d-----w- c:\program files\Auslogics Disk Defrag <br/>2009-08-09 07:19 . 2009-08-09 07:19 -------- d-----w- c:\program files\TeamViewer <br/>2009-08-08 06:14 . 2009-06-02 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! <br/>2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll <br/>2009-08-05 03:39 . 2009-06-01 04:20 -------- d-----w- c:\program files\Java <br/>2009-07-25 11:23 . 2009-06-01 04:21 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll <br/>2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll <br/>2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll <br/>2009-07-16 01:04 . 2009-06-01 04:22 34 ----a-w- c:\documents and settings\Eric\jagex_runescape_preferences.dat <br/>2009-07-14 19:32 . 2009-07-14 19:32 413696 ----a-w- c:\windows\system32\wrap_oal.dll <br/>2009-07-14 19:32 . 2009-07-14 19:32 110592 ----a-w- c:\windows\system32\OpenAL32.dll <br/>2009-07-14 05:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll <br/>2009-07-10 04:32 . 2009-07-10 04:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat <br/>2009-07-03 17:09 . 2007-08-14 01:54 915456 ----a-w- c:\windows\system32\wininet.dll <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ViStart"="c:\program files\ViStart\ViStart" [X] <br/>"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176] <br/>"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 68856] <br/>"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968] <br/>"Google Update"="c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104] <br/>"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] <br/>"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] <br/>"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"LaunchApp"="Alaunch" [X] <br/>"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-07-10 53248] <br/>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-10 1028096] <br/>"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] <br/>"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672] <br/>"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-27 466944] <br/>"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584] <br/>"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] <br/>"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] <br/>"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-29 13594624] <br/>"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-29 86016] <br/>"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-09-01 858632] <br/>"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-31 24064] <br/>"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-05-31 3686400] <br/>"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] <br/>"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888] <br/>"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-06-11 86016] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] <br/>"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] <br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] <br/>"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-09-17 1799952] <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] <br/>"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] <br/>"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-10 16862208] <br/>"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-29 1657376] <br/> <br/>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] <br/> <br/>c:\documents and settings\Eric\Start Menu\Programs\Startup\ <br/>Yahoo! Widgets.lnk - c:\program files\Yahoo! Widgets\YahooWidgets.exe [2008-3-18 4742184] <br/> <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2008-1-22 45056] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] <br/>2009-05-31 21:19 3077120 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= <br/>"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"= <br/>"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"= <br/>"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"= <br/>"c:\\Program Files\\mIRC\\mirc.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\Hamachi\\hamachi.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\Warzone 2100\\warzone2100.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= <br/>"c:\\Program Files\\AIM6\\aim6.exe"= <br/>"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= <br/>"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager <br/>"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager <br/>"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application <br/>"c:\\Program Files\\Xming\\Xming.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 <br/>"9990:TCP"= 9990:TCP:WZ2100-9990 <br/>"9997:TCP"= 9997:TCP:WZ2100-9997 <br/>"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service <br/> <br/>R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [5/31/2009 3:19 PM 43184] <br/>R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5/31/2009 10:27 PM 132296] <br/>R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/31/2009 10:27 PM 25160] <br/>R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312] <br/>R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 2:11 PM 16384] <br/>R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/25/2008 10:36 PM 45056] <br/>R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032] <br/>R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/22/2009 2:11 PM 24652] <br/>R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/9/2008 6:15 PM 80784] <br/>R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/31/2009 6:04 PM 41376] <br/>S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] <br/>S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?] <br/>S2 gupdate1ca050f12d1e7b8;Google Update Service (gupdate1ca050f12d1e7b8);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2009 11:42 PM 133104] <br/>S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [5/31/2009 3:19 PM 3481088] <br/>S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/25/2008 10:36 PM 131072] <br/>S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/31/2009 3:13 PM 24064] <br/>S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4/14/2006 11:07 AM 28933976] <br/>S3 SASENUM;SASENUM;\??\c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?] <br/>S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] <br/>"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] <br/> <br/>2009-09-25 c:\windows\Tasks\Google Software Updater.job <br/>- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-31 05:41] <br/> <br/>2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 05:42] <br/> <br/>2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 05:42] <br/> <br/>2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008Core.job <br/>- c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 05:56] <br/> <br/>2009-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008UA.job <br/>- c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 05:56] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = about:blank <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\amd47zl9.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxp://google.ca <br/>FF - component: c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\amd47zl9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll <br/>FF - plugin: c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\amd47zl9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll <br/>FF - plugin: c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll <br/>FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll <br/>FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll <br/>FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll <br/>FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe <br/>AddRemove-HijackThis - c:\program files\HijackThis\HijackThis.exe <br/> <br/> <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-09-25 00:18 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_USERS\S-1-5-21-2667730276-515693187-1579475875-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] <br/>"??"=hex:84,9c,3e,3a,10,c9,0d,69,86,a8,ee,04,1c,bb,36,de,02,e7,2a,1d,59,37,b6, <br/> 59,da,c2,93,cb,99,bb,76,ba,71,2a,e7,3a,86,3f,13,94,81,f8,dc,eb,19,8c,3f,41,\ <br/>"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'winlogon.exe'(1016) <br/>c:\program files\Acer\Acer Bio Protection\WinNotify.dll <br/>c:\program files\Acer\Acer Bio Protection\CustomRes.dll <br/>c:\windows\system32\ATSC70.DLL <br/>c:\windows\system32\ATSC70PBA.dll <br/> <br/>- - - - - - - > 'explorer.exe'(3412) <br/>c:\windows\system32\WININET.dll <br/>c:\program files\iTunes\iTunesMiniPlayer.dll <br/>c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <br/>c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <br/>c:\program files\Acer\Empowering Technology\ePower\SysHook.dll <br/>c:\windows\system32\ieframe.dll <br/>c:\program files\ViStart\StartHook.dll <br/>c:\windows\system32\webcheck.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>c:\program files\Taskbar Shuffle\tbhookin.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files\Comodo\COMODO Internet Security\cmdagent.exe <br/>c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>c:\program files\Bonjour\mDNSResponder.exe <br/>c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe <br/>c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe <br/>c:\program files\Java\jre6\bin\jqs.exe <br/>c:\program files\Common Files\LightScribe\LSSrvc.exe <br/>c:\windows\system32\nvsvc32.exe <br/>c:\program files\Common Files\Protexis\License Service\PsiService_2.exe <br/>c:\windows\system32\rundll32.exe <br/>c:\windows\system32\rundll32.exe <br/>c:\windows\system32\wscntfy.exe <br/>c:\program files\ViStart\ViStart.exe <br/>c:\progra~1\MI3AA1~1\rapimgr.exe <br/>c:\docume~1\Eric\LOCALS~1\temp\RtkBtMnt.exe <br/>c:\windows\system32\wbem\unsecapp.exe <br/>c:\program files\iPod\bin\iPodService.exe <br/>c:\program files\AIM6\aolsoftware.exe <br/>c:\program files\Windows Live\Contacts\wlcomm.exe <br/>c:\program files\Explorer++\Explorer++.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2009-09-25 0:25 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2009-09-25 06:25 <br/> <br/>Pre-Run: 70,603,624,448 bytes free <br/>Post-Run: 76,895,510,528 bytes free <br/> <br/>WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe <br/>[boot loader] <br/>timeout=2 <br/>default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS <br/>[operating systems] <br/>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons <br/>multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect <br/> <br/>316 --- E O F --- 2009-09-08 23:32
<br/> <br/>I am VERY glad to report that FireFox.exe has now booted properly. MSN Messenger is now working correctly, and Google is no longer redirecting me to adware sites! Thank you so much for your help, I can't tell you how happy I am to be free of that awful virus. <br/> <br/>Please let me know if there is anything further I should do. But thank you again!
Posted 9/25/2009 6:38 AM
#77725
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
That´s good news :smilewinkgrin: <br/> <br/> <br/> <br/> <br/>Just some cleanup remains -> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">You should Create a New Restore Point to prevent possible reinfection from an old one. <br/>The easiest and safest way to do this is:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB">Go to Start > All Programs > Accessories > System Tools > System Restore <br/>Select Create a restore point, and Ok it. <br/>Next, go to Start > Run and type in cleanmgr <br/>Select the More options tab <br/>Choose the option to clean up system restore and OK it. <br/>This will remove all restore points except the new one you just created.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Click START then RUN <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Now type Combofix /u in the runbox and click OK. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Note the space between the X and the U, it needs to be there. <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">The above procedure will: <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Delete the following: <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">ComboFix and its associated files and folders. <br/><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt">VundoFix backups, if present. <br/>The C:\Deckard folder, if present. <br/>The C:_OtMoveIt folder, if present. <br/>Reset the clock settings. <br/>Hide file extensions, if required. <br/>Hide System/Hidden files, if required. <br/> <br/> <br/><SPAN lang=EN-GB><BR style="mso-special-character: line-break"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB">To learn more about how to protect yourself while on the internet, please read Tony Klein´s<SPAN style="mso-spacerun: yes"> guide: <br/>How did I get infected in the first place? <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 9, 2016, 5:03 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.