EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

Msa.exe, possibly something else, not totally sure

Posted 9/23/2009 1:47 AM
#77644
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
Sorry, posted this in the wrong section. Could a moderator please move it to the appropriate forum? Thank you.

So, yesterday, the opening of CSI: Miami season 8 was on and the parents were hogging the television, so I went online to watch it, and ended up getting a fake Flash Player installation.

I stupidly ran it to see just how legit it was, and my installed Comodo Antivirus told me that MSA.EXE, B.EXE, and C.EXE were all trying to do unauthorized actions. I blocked every one of them, and when I went back to the folder to delete the fake Flash Player installer, it was gone.

I thought nothing of it, and ran a Comodo AV scan last night, which came up with zero threats, so I turned off my computer and went to bed.

This morning, I went to university and booted up Chrome to log into the wireless, then went to FireFox to start working on my assignment. The FireFox.exe process loaded, but closed almost immediately after. I tried it again, and the same thing happened. At the end of class, I turned off my machine, hoping it might clear it up. Before it shut down, it gave me a notification that "CUccPlatform" was not responding, so I just hit end task.

Went on break after class and booted up my machine, and FireFox would still not boot. It was at this point that I noticed Windows Live Messenger (which I have enabled to run on startup) was a running process but did not display a window or anything.

I'm a fair bit computer-savvy so I decided to try a few things with FireFox. I renamed it to ff3.exe instead of firefox.exe, and it ran perfectly. This is when I realized I probably had a virus, and related it back to yesterday when I downloaded that file.

I quickly went to the internet and to my Firewall log files to find the cause of the problem. I quickly found C:\WINDOWS\msa.exe (which I found on Google was a piece of malware), and deleted it. I also found the C:\Documents and Settings\USER\Local Settings\Temp\b.exe (and c.exe) and deleted them both.

Thinking I was oh so clever, I started FireFox again (using firefox.exe), but the same problem occurred.

At this point, I was getting a little fed up, so I just used Chrome for the rest of my school day and ran ClamWin Antivirus in the background. It came across a few viral files which I swiftly deleted.

The same problem still existed, so I went back to good old Google, and found MalwareByte's Anti-Malware program, and downloaded it. Immediately after starting a Full Scan, the program terminated and I was unable to run it again (something about invalid permissions--as if I'm not the administrator or something).

Continuing on my witch hunt, I tried HiJackThis! (which I have used with success in the past on my desktop). Same problem--halfway through the scan, it just shuts down and I am unable to run it again.

Attempting once again to rectify the issue, I used Comodo to block all access to the HiJackThis.exe file, and even renamed it Blablabla.exe to see if that could throw the virus off.

Nope; didn't work either.

I've also tried the DDS tool and GMER. They both crash upon completion as well.

Throughout this process I also ended up looking through all my registry keys. I found a few that were mentioned online, namely one named NordPull, and one named poprock. I didn't find any startup keys starting msa.exe or anything suspicious, nor is there anything odd in my Active Processes list.

So basically, it's now been almost 12 hours of frustration, I'm at my wit's end here, and I'm hoping someone can steer me in the right direction. This'll sure teach me to watch TV online... :P

Cheers, and thanks in advance! :sigh:
Posted 9/23/2009 2:54 AM
#77651
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello Stewie and welcome :smile:




I´ll suggest you two onlinescan, to cleanup som of your infections ->




Please go to [color=#0000ff>https://www.eset.com/onlinescan/[/url]

to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.

Click on the Start button next to it.

When prompted to run ActiveX. click Yes.

You will be asked to install an ActiveX. Click Install.

Once installed, the scanner will be initialized.

After the scanner is initialized, click Start.

Check (tick) Remove found threats box.

Check (tick) Scan unwanted applications.

Click on Scan.

It will start scanning. Please be patient.

Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt.



If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here[/color] and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.




Please run [color=#800080>https://www.superantispyware.com/onlinescan.html[/url]

Follow the instructions on the site. When downloaded, click on – Check for updates – Button.

Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Ignore System Restore/Volume Information on ME and XP
Please leave the others unchecked.

On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
NO.

[/color]
[color=#000000>
When the scan have finished ->

Click Preferences . Click the Statistics/Logs tab .
Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
It will open in your default text editor (such as Notepad/Wordpad).


  • Save the logfile to desktop
  • Click close and close again to exit the program.

Reboot, if needed.

[/color]

Post Superantispyware log, along with [color=#000000>C:\Program]log.txt. [/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/23/2009 5:55 AM
#77658
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
Thank you, first off, for your prompt reply. This has been a very aggravating issue and I appreciate your response.

The two log files are enclosed in code below:

[code]ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=0c226f00cdcffd47b3cdcc500b58f80a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-23 04:20:14
# local_time=2009-09-22 10:20:14 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2817 63 100 100 89272649218750
# compatibility_mode=3073 21 80 88 62742656250
# scanned=136729
# found=3
# cleaned=3
# scan_time=2996
C:\System Volume Information\_restore{CB02C56C-7E9C-421C-9B6B-10BDEB11CFC3}\RP86\A0014265.exe a variant of Win32/Kryptik.ANU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CB02C56C-7E9C-421C-9B6B-10BDEB11CFC3}\RP86\A0014281.exe a variant of Win32/Kryptik.ANU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CB02C56C-7E9C-421C-9B6B-10BDEB11CFC3}\RP86\A0014282.exe a variant of Win32/Kryptik.ANU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
[/code]
[code]SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 09/22/2009 at 11:41 PM

Application Version : 4.29.1002

Core Rules Database Version : 4117
Trace Rules Database Version: 2057

Scan type : Complete Scan
Total Scan Time : 01:11:42

Memory items scanned : 674
Memory threats detected : 0
Registry items scanned : 6929
Registry threats detected : 0
File items scanned : 126374
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Eric\Cookies\eric@atdmt[2].txt
C:\Documents and Settings\Eric\Cookies\eric@atdmt[1].txt
C:\Documents and Settings\Eric\Cookies\eric@atwola[2].txt[/code]

Hope this helps!

PS: I did attempt to run FireFox and MSN again, and still no luck. Wasn't sure if I would be able to or not yet. ;)
PPS: When I rebooted my computer, the same CUccPlatform application was frozen.
PPPS: If I don't reply tonight, my apologies! Have to head off to university in the morn'. :|

Thanks again!
Posted 9/23/2009 6:24 AM
#77659
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. Let´s see if you can run ->



Download OTL by OldTimer, saving it to your desktop: https://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.

In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".

Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.

Do not TOUCH your keyboard until the scan completes!

It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.

Exit Notepad. Remember where you've saved these 2 files.

Exit OTL by clicking the X at top right.


Then copy/paste the following into your post (in order):



the contents of OTL.txt

the contents of Extras.txt

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/23/2009 4:31 PM
#77676
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
[2]OTL.TXT[/2]
OTL logfile created on: 9/23/2009 10:22:42 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 110.94 Gb Total Space | 66.10 Gb Free Space | 59.58% Space Free | Partition Type: NTFS
Drive D: | 110.94 Gb Total Space | 107.71 Gb Free Space | 97.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIC-LTOP
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/09/17 16:56:40 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/01/11 18:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/03/03 14:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/04/15 18:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/05/31 15:19:48 | 03,481,088 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
PRC - [2007/01/04 19:48:50 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/07/09 18:42:00 | 16,862,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/07/09 18:11:00 | 01,028,096 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/04/15 18:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PRC - [2008/04/25 22:36:20 | 00,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/25 22:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/06/27 14:39:28 | 00,466,944 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/08/31 19:17:00 | 00,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/25 22:36:02 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009/05/31 15:19:41 | 03,686,400 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2007/10/23 10:56:18 | 00,200,704 | ---- | M] () -- C:\WINDOWS\PLFSetI.exe
PRC - [2009/06/11 14:32:30 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2008/12/28 18:20:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/08 21:09:42 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/17 16:56:48 | 01,799,952 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2007/07/24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/17 01:28:48 | 00,818,176 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/05/31 15:13:45 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/09 14:07:14 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/04/23 07:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2009/09/18 18:36:46 | 00,860,160 | ---- | M] (Lee Matthew Chantrey & Windows X) -- C:\Program Files\ViStart\ViStart.exe
PRC - [2008/03/18 18:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo! Widgets\YahooWidgets.exe
PRC - [2008/09/11 06:30:38 | 00,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Eric\Local Settings\Temp\RtkBtMnt.exe
PRC - [2008/03/18 18:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo! Widgets\YahooWidgets.exe
PRC - [2009/02/06 04:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/11/06 11:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2009/02/06 04:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/09/08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/04/14 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2008/04/14 06:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/09/23 10:21:07 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
PRC - [2008/04/14 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/01/11 18:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/03/03 14:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/09/17 16:56:40 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2009/06/28 20:30:15 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/05/31 15:13:20 | 00,024,064 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100 [On_Demand | Stopped])
SRV - [2009/07/14 23:42:37 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca050f12d1e7b8 [Auto | Stopped])
SRV - [2009/07/14 23:41:58 | 00,190,448 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 06:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/15 18:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/31 15:19:48 | 03,481,088 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC [Auto | Running])
SRV - [2009/09/08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/01/04 19:48:50 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009/06/10 20:32:14 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2006/04/14 11:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped])
SRV - [2005/10/14 04:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/25 22:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008/04/25 22:36:02 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2008/12/28 18:20:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/07/24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
SRV - [2006/04/14 11:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2006/04/14 11:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/05/31 15:19:45 | 00,043,184 | ---- | M] (Alfa Corporation) -- C:\WINDOWS\system32\Drivers\AlfaFF.sys -- (AlfaFF [Boot | Running])
DRV - [2008/04/14 06:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/14 01:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2008/04/14 06:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2008/04/14 06:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2008/05/30 13:44:42 | 00,146,944 | R--- | M] (AuthenTec, Inc.) -- C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV [On_Demand | Running])
DRV - [2008/03/19 15:26:24 | 00,175,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2009/09/17 16:57:12 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/09/17 16:57:13 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2008/04/14 06:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2008/04/14 06:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2008/08/31 19:17:00 | 00,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/06/17 20:44:15 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2008/04/14 06:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/07/09 18:41:00 | 00,210,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2008/07/09 18:41:00 | 00,985,472 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2008/04/15 18:53:44 | 00,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/09/17 16:57:13 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
DRV - [2007/01/26 00:32:18 | 00,069,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\int15.sys -- (Int15 [Auto | Running])
DRV - [2008/07/09 18:42:00 | 04,739,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2005/09/20 18:27:20 | 00,010,368 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2008/07/09 18:15:00 | 00,080,784 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\System32\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])
DRV - [2008/07/09 18:41:00 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/04/14 06:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/07/09 18:35:00 | 03,626,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw5x32.sys -- (NETw5x32 [On_Demand | Running])
DRV - [2008/01/30 03:59:42 | 00,013,952 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2008/12/28 18:19:00 | 06,179,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/12/28 18:21:00 | 00,041,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys -- (NVHDA [On_Demand | Running])
DRV - [2008/04/14 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/14 06:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2008/04/14 06:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2008/04/14 06:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/04/17 20:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\WINDOWS\System32\drivers\regi.sys -- (regi [Auto | Running])
DRV - [2009/09/04 14:50:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Eric\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV [System | Running])
DRV - [2009/09/04 14:49:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Eric\Local Settings\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL [System | Running])
DRV - [2008/04/14 06:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/14 01:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2007/10/01 14:59:46 | 01,769,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2008/04/14 06:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/09/13 18:26:48 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/04/14 06:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2008/04/14 06:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2008/04/14 06:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2008/04/14 06:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/07/09 18:11:00 | 00,220,640 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/30 08:56:42 | 00,012,288 | ---- | M] (NewTech Infosystems Corporation) -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2008/04/14 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/14 06:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/07/09 18:41:00 | 00,731,264 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=0&o=xpp&d=0509&m=travelmate_7730g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "https://google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.6.15
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.2
FF - prefs.js..extensions.enabledItems: {2E481B23-66AC-313F-D6A8-A81DDDF26249}:0.7.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324
FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.4.2
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.3
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.3.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.6.2
FF - prefs.js..extensions.enabledItems: wikipediatoolbar@wikipedia.org:0.5.9
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..extensions.enabledItems: {1a76f5a0-6354-11de-8a39-0800200c9a66}:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/31 22:20:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 03:11:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/22 10:36:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 20:15:45 | 00,000,000 | ---D | M]

[2009/05/31 15:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Extensions
[2009/05/31 15:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/22 11:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions
[2009/08/20 12:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/08/20 12:32:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/09/18 23:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/06/28 16:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{1a76f5a0-6354-11de-8a39-0800200c9a66}
[2009/09/22 11:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2009/09/18 22:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{2E481B23-66AC-313F-D6A8-A81DDDF26249}
[2009/05/31 15:43:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/18 22:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2009/08/20 12:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/08/24 13:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/07/26 13:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/07/28 23:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/07/28 23:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/21 19:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/28 23:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009/07/26 13:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/04 21:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2009/07/28 23:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/08/13 12:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/28 23:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2009/09/17 21:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/05/31 15:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/09/11 10:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/08/24 13:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}
[2009/07/21 19:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/07/26 13:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\askopensearch-VTS@ask.com
[2009/05/31 15:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\currentsiteip@webdatamation.com
[2009/08/04 21:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\firebug@software.joehewitt.com
[2009/09/22 11:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\personas@christopher.beard
[2009/09/18 22:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\piclens@cooliris.com
[2009/05/31 15:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\wikipediatoolbar@wikipedia.org
[2009/08/25 17:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\yetanothersmoothscrolling@kataho
[2009/07/26 13:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2009/07/26 13:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/07/26 13:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2009/07/26 13:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\mozilla\Firefox\Profiles\amd47zl9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009/09/21 20:49:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/09 20:15:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/31 22:21:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 15:44:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 21:39:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/09 20:15:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/09 20:15:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/09 20:15:42 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 19:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 19:56:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/03/09 17:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/06/24 05:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 05:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 05:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 05:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 05:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 05:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 05:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe (Lee Matthew Chantrey & Windows X)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo! Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/11 06:02:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{84d1f528-4e49-11de-a61d-00238b926417}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/09/23 10:21:06 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
[2009/09/22 22:27:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\SUPERAntiSpyware.com
[2009/09/22 22:27:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/22 16:54:45 | 32,158,35136 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/22 13:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\Malwarebytes
[2009/09/22 13:10:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/22 12:49:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\30DE01F0.x86.dll
[2009/09/21 20:27:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/09/18 22:01:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Cooliris
[2009/09/18 18:36:46 | 00,000,000 | ---D | C] -- C:\Program Files\ViStart
[2009/09/18 18:36:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\ViStart
[2009/09/17 20:05:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/17 13:58:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Xming.lnk
[2009/09/17 13:58:37 | 00,000,000 | ---D | C] -- C:\Program Files\Xming
[2009/09/17 13:05:43 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\PUTTY.RND
[2009/09/17 12:08:56 | 00,454,656 | ---- | C] (Simon Tatham) -- C:\Documents and Settings\Eric\Desktop\putty.exe
[2009/09/15 11:49:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\DOSBox
[2009/09/15 11:48:38 | 00,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.73.lnk
[2009/09/15 11:48:12 | 00,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.73
[2009/09/15 10:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\wxWidgets-2.8.10
[2009/09/13 18:52:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
[2009/09/13 18:52:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
[2009/09/13 18:48:06 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Symbols
[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects
[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools
[2009/09/13 18:40:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/09/13 18:40:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/09/13 18:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Visual Studio 2005
[2009/09/13 18:38:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/09/13 18:33:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/09/13 18:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/09/13 18:33:39 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/09/13 18:26:48 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/13 18:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\DAEMON Tools Lite
[2009/09/12 00:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/09/10 20:35:45 | 00,088,477 | ---- | C] () -- C:\Documents and Settings\Eric\My Documents\Photo 223.jpg
[2009/09/09 20:04:16 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/09/09 20:03:57 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/09/09 20:00:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility
[2009/09/09 20:00:20 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/09 19:58:35 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/09 19:58:29 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/09 19:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/09 19:56:16 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 19:55:58 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/08 21:37:22 | 00,000,000 | ---D | C] -- C:\Program Files\Python
[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/04 20:10:24 | 00,009,858 | ---- | C] () -- C:\Documents and Settings\Eric\My Documents\Scrabble090409_01.xlsx
[2009/08/26 16:10:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2009/08/25 20:40:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\AIMLogger
[2009/08/25 18:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\My Widgets
[2009/08/25 18:09:13 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/08/25 18:09:11 | 00,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Widgets.lnk
[2009/08/25 18:09:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Yahoo
[2009/08/25 18:09:07 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! Widgets
[2009/06/14 00:26:21 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/05/31 18:04:08 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/31 18:04:07 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/31 18:04:05 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/05/31 18:04:03 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/31 15:21:56 | 00,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2009/05/31 15:21:56 | 00,000,169 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/05/31 15:21:07 | 01,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/05/31 15:21:07 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/05/31 15:21:06 | 01,769,984 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2009/05/31 15:21:05 | 00,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/05/31 15:21:05 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/05/31 15:21:05 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2009/05/31 15:21:05 | 00,000,169 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2009/05/31 15:20:06 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\VMC3KAPI.dll
[2008/09/11 18:50:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/11 18:47:06 | 00,000,439 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/09/11 06:56:22 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008/09/11 06:56:22 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008/09/11 06:55:36 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/09/11 06:55:36 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/09/11 06:50:26 | 00,000,765 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/30 20:37:26 | 00,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/04/14 06:00:00 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2008/04/14 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/11/14 15:00:44 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2007/11/14 15:00:44 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2007/01/26 00:32:18 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2005/03/28 16:45:26 | 00,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[4 C:\WINDOWS\System32\*.tmp files]
[2009/09/23 10:21:07 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
[2009/09/23 10:15:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/23 10:15:39 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/09/23 10:13:30 | 00,201,608 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/23 10:12:59 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/23 10:12:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/23 10:12:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/09/23 10:12:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/23 10:12:19 | 32,158,35136 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/23 01:01:32 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/09/23 01:01:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/23 00:06:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008UA.job
[2009/09/22 18:54:41 | 01,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/22 18:14:10 | 00,000,439 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/22 12:49:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\30DE01F0.x86.dll
[2009/09/22 10:38:56 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\PUTTY.RND
[2009/09/20 02:06:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008Core.job
[2009/09/19 21:10:04 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/17 23:57:17 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/17 16:57:15 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/17 16:57:13 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/17 16:57:13 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/17 16:57:12 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/17 13:58:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Xming.lnk
[2009/09/15 19:30:40 | 00,002,281 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Google Chrome.lnk
[2009/09/15 15:14:33 | 02,642,038 | -H-- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db
[2009/09/15 11:48:38 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.73.lnk
[2009/09/15 01:14:08 | 00,074,072 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 08:35:52 | 01,647,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/13 18:48:06 | 00,000,172 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/09/13 18:26:48 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/11 17:58:43 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/09/10 20:35:56 | 00,088,477 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\Photo 223.jpg
[2009/09/09 19:56:16 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/08 17:30:53 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/04 22:16:16 | 00,009,858 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\Scrabble090409_01.xlsx
[2009/08/30 21:00:13 | 00,110,865 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\Picture 1.png
[2009/08/28 19:42:52 | 02,065,696 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/08/28 15:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/26 16:10:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2009/08/25 18:09:11 | 00,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Widgets.lnk

[color=#E56717]========== LOP Check ==========[/color]

[2009/09/22 22:27:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/03 11:31:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}
[2009/09/09 19:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/03 11:24:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/22 14:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/31 15:16:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/09/13 18:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/31 15:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2009/06/30 21:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/08 00:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/09/13 18:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/07/22 14:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/22 22:27:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Eric\Application Data
[2009/05/31 22:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\.clamwin
[2009/07/22 14:13:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\acccore
[2009/08/09 02:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Auslogics
[2009/05/31 20:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Command & Conquer 3 Tiberium Wars
[2009/09/13 18:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\DAEMON Tools Lite
[2009/09/22 10:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\FileZilla
[2009/06/19 20:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Hamachi
[2009/05/31 16:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Notepad++
[2009/05/31 20:35:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Eric\Application Data\SecuROM
[2009/06/16 21:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\teamspeak2
[2009/09/20 16:54:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\TeamViewer
[2009/09/18 18:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\ViStart
[2009/07/22 12:20:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2008/04/14 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/23 10:15:39 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/09/23 10:12:59 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/23 01:01:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/20 02:06:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008Core.job
[2009/09/23 00:06:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008UA.job
[2009/09/23 10:12:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


[2]EXTRAS.TXT[/2]
OTL Extras logfile created on: 9/23/2009 10:22:42 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 110.94 Gb Total Space | 66.10 Gb Free Space | 59.58% Space Free | Partition Type: NTFS
Drive D: | 110.94 Gb Total Space | 107.71 Gb Free Space | 97.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIC-LTOP
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.ini [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.js [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"9990:TCP" = 9990:TCP:*:Enabled:WZ2100-9990
"9997:TCP" = 9997:TCP:*:Enabled:WZ2100-9997
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe -- ()
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe -- (NewTech InfoSystems, Inc.)
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe -- (NewTech Infosystems, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- File not found
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Warzone 2100\warzone2100.exe" = C:\Program Files\Warzone 2100\warzone2100.exe:*:Enabled:Warzone 2100 -- (Warzone 2100 Project)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Xming\Xming.exe" = C:\Program Files\Xming\Xming.exe:*:Enabled:Xming X Server -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.62.623
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Acer Acer Bio Protection 6.0.00.18" = Acer Bio Protection

ATA 6.0.00.18
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"AutoItv3" = AutoIt v3.3.0.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.2
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"FileZilla Client" = FileZilla Client 3.2.4.1
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PROHYBRIDR" = 2007 Microsoft Office system
"San Andreas Radio_is1" = San Andreas Radio V1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"ViewpointMediaPlayer" = Viewpoint Media Player
"ViStart" = ViStart
"Warzone 2100" = Warzone 2100
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xming_is1" = Xming 6.9.0.31
"Yahoo! Widget Engine" = Yahoo! Widgets

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 7/13/2029 6:14:16 PM | Computer Name = ERIC-LTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2029 6:14:16 PM | Computer Name = ERIC-LTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2029 6:14:16 PM | Computer Name = ERIC-LTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2029 6:14:16 PM | Computer Name = ERIC-LTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2009 7:45:17 PM | Computer Name = ERIC-LTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3462, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2009 10:27:52 PM | Computer Name = ERIC-LTOP | Source = Application Error | ID = 1000
Description = Faulting application ahv.exe, version 1.1.0.143, faulting module ahv.exe,
version 1.1.0.143, fault address 0x00005773.

Error - 7/20/2009 1:53:09 AM | Computer Name = ERIC-LTOP | Source = Application Hang | ID = 1002
Description = Hanging application notepad++.exe, version 5.4.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2009 8:52:19 PM | Computer Name = ERIC-LTOP | Source = Application Hang | ID = 1002
Description = Hanging application notepad++.exe, version 5.4.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2009 11:19:53 PM | Computer Name = ERIC-LTOP | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 4.1.0.136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2009 11:21:56 PM | Computer Name = ERIC-LTOP | Source = MsiInstaller | ID = 11722
Description = Product: Java(TM) 6 Update 15 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"


[ System Events ]
Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 9/22/2009 6:49:37 PM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 9/22/2009 6:49:48 PM | Computer Name = ERIC-LTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/22/2009 6:53:20 PM | Computer Name = ERIC-LTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/22/2009 6:53:32 PM | Computer Name = ERIC-LTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/22/2009 6:53:59 PM | Computer Name = ERIC-LTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/23/2009 12:27:32 AM | Computer Name = ERIC-LTOP | Source = Service Control Manager | ID = 7000
Description = The SASENUM service failed to start due to the following error: %%2


< End of report >

///////////////////////////

PS: Explorer.exe is crashing almost every time I try to open a folder of any kind. I have been using a 3rd-party program called Explorer++ to access files.
Posted 9/24/2009 5:44 AM
#77689
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. It´s not infections there are the cause to your problems.


Please follow this guide to download and run Dial A Fix ->

https://www.bleepingcomputer.com/forums/topic160132.html

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/24/2009 6:11 AM
#77692
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
I downloaded and ran the program as per the provided instructions.

FireFox.exe will still not boot, and MSNMSGR.exe will still not provide a window. HijackThis! is still crashing after completion of the system scan.

During the process of using Dial-A-Fix, it gave me several popup windows saying that DLLs were corrupted or invalid. There must have been at least 20 popups during the whole process.

Any other suggestions?

PS: I have now been using FireFox (ff3.exe) for some online work and have noticed that I have the infamous Google redirect virus. I had this once before and don't remember how I fixed it... I think Comodo detected it that time. Not sure.
Posted 9/25/2009 6:00 AM
#77721
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok.



Please download Combofix from:

https://download.bleepingcomputer.com/sUBs/ComboFix.exe



And save to the desktop.


Close all other browser windows.



Double-click on the combofix icon found on your desktop.



Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.


When finished, it will produce a logfile located at C:\combofix.txt.




Post the contents of that log in your next reply


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/25/2009 6:28 AM
#77723
User avatar

Stewie Member

Date Joined Nov 2016
Total Posts: 5
ComboFix 09-09-23.02 - Eric 09/25/2009 0:12.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2653 [GMT -6:00]
Running from: c:\documents and settings\Eric\Desktop\Combo-Fix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\documents and settings\All Users\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\windows\30DE01F0.x86.dll
c:\windows\Suyin.reg

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-24 06:02 . 2009-09-25 06:12 -------- d-----w- c:\windows\system32\CatRoot2
2009-09-24 04:43 . 2009-09-24 04:43 -------- d-----w- c:\program files\Process Explorer v11
2009-09-23 18:41 . 2009-09-23 18:41 -------- d-----w- c:\program files\iPod
2009-09-23 18:41 . 2009-09-23 18:42 -------- d-----w- c:\program files\iTunes
2009-09-23 18:15 . 2009-09-23 18:15 -------- d-----w- c:\program files\LPL Software
2009-09-23 04:27 . 2009-09-23 04:27 -------- d-----w- c:\documents and settings\Eric\Application Data\SUPERAntiSpyware.com
2009-09-23 04:27 . 2009-09-23 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-22 19:10 . 2009-09-22 19:10 -------- d-----w- c:\documents and settings\Eric\Application Data\Malwarebytes
2009-09-22 19:10 . 2009-09-22 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-22 02:27 . 2009-09-24 22:38 0 ----a-r- c:\windows\win32k.sys
2009-09-19 04:01 . 2009-09-19 04:01 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Cooliris
2009-09-19 00:36 . 2009-09-24 22:41 -------- d-----w- c:\program files\ViStart
2009-09-19 00:36 . 2009-09-19 00:37 -------- d-----w- c:\documents and settings\Eric\Application Data\ViStart
2009-09-17 19:58 . 2009-09-17 19:58 -------- d-----w- c:\program files\Xming
2009-09-15 17:49 . 2009-09-15 17:49 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\DOSBox
2009-09-15 17:48 . 2009-09-15 18:17 -------- d-----w- c:\program files\DOSBox-0.73
2009-09-15 16:02 . 2009-09-15 16:04 -------- d-----w- c:\program files\wxWidgets-2.8.10
2009-09-14 00:52 . 2009-09-14 00:52 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-09-14 00:52 . 2009-09-14 00:52 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2009-09-14 00:40 . 2009-09-14 00:46 -------- d-----w- c:\program files\HTML Help Workshop
2009-09-14 00:40 . 2009-09-14 00:41 -------- d-----w- c:\program files\Common Files\Business Objects
2009-09-14 00:40 . 2009-09-14 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-09-14 00:40 . 2009-09-14 00:40 -------- d-----w- c:\windows\Symbols
2009-09-14 00:40 . 2009-09-14 00:40 -------- d-----w- c:\program files\CE Remote Tools
2009-09-14 00:40 . 2009-09-14 00:45 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-09-14 00:38 . 2009-09-14 00:46 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-14 00:26 . 2009-09-14 00:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-14 00:26 . 2009-09-14 00:37 -------- d-----w- c:\documents and settings\Eric\Application Data\DAEMON Tools Lite
2009-09-12 06:19 . 2009-09-12 06:19 -------- d-----w- c:\program files\Microsoft SDKs
2009-09-10 02:03 . 2009-09-10 02:04 -------- d-----w- c:\program files\Safari
2009-09-10 02:00 . 2009-09-10 02:01 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-10 01:58 . 2009-09-10 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 01:55 . 2009-09-10 01:56 -------- d-----w- c:\program files\QuickTime
2009-09-09 03:37 . 2009-09-10 16:10 -------- d-----w- c:\program files\Python

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 06:16 . 2009-05-31 21:24 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-25 06:07 . 2009-07-10 04:32 -------- d-----w- c:\documents and settings\Eric\Application Data\skypePM
2009-09-25 06:07 . 2009-07-10 04:32 -------- d-----w- c:\documents and settings\Eric\Application Data\Skype
2009-09-25 06:03 . 2009-05-31 22:50 -------- d-----w- c:\program files\mIRC
2009-09-25 05:45 . 2009-06-01 18:22 -------- d-----w- c:\documents and settings\Eric\Application Data\FileZilla
2009-09-24 22:40 . 2009-05-31 22:28 -------- d-----w- c:\program files\Taskbar Shuffle
2009-09-23 18:41 . 2009-07-03 17:21 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 01:58 . 2009-07-14 19:31 -------- d-----w- c:\program files\Warzone 2100
2009-09-23 00:54 . 2009-06-01 18:15 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-09-20 22:54 . 2009-08-09 07:19 -------- d-----w- c:\documents and settings\Eric\Application Data\TeamViewer
2009-09-17 22:57 . 2009-06-01 04:27 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-17 22:57 . 2009-06-01 04:27 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-17 22:57 . 2009-06-01 04:27 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-17 22:57 . 2009-06-01 04:27 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-15 16:04 . 2009-05-31 22:29 -------- d-----w- c:\program files\Explorer++
2009-09-15 07:14 . 2009-07-10 20:40 74072 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-14 01:03 . 2008-09-11 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-14 01:01 . 2008-09-11 12:47 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-14 00:49 . 2008-09-12 00:48 91608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 15:15 . 2009-07-03 17:25 -------- d-----w- c:\documents and settings\Eric\Application Data\Apple Computer
2009-09-04 05:58 . 2009-05-31 21:12 -------- d-----w- c:\program files\Launch Manager
2009-08-29 01:42 . 2009-07-03 17:22 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 01:42 . 2009-07-03 17:22 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:09 . 2009-08-26 00:09 -------- d-----w- c:\program files\Yahoo!
2009-08-26 00:09 . 2009-08-26 00:09 -------- d-----w- c:\program files\Yahoo! Widgets
2009-08-17 05:06 . 2009-08-17 05:06 -------- d-----w- c:\program files\MSBuild
2009-08-17 05:06 . 2009-08-17 05:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 00:07 . 2009-08-11 00:07 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-11 00:06 . 2009-08-11 00:06 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2009-08-09 08:32 . 2009-08-09 08:32 -------- d-----w- c:\documents and settings\Eric\Application Data\Auslogics
2009-08-09 07:53 . 2009-08-09 07:53 -------- d-----w- c:\program files\Auslogics Disk Defrag
2009-08-09 07:19 . 2009-08-09 07:19 -------- d-----w- c:\program files\TeamViewer
2009-08-08 06:14 . 2009-06-02 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:39 . 2009-06-01 04:20 -------- d-----w- c:\program files\Java
2009-07-25 11:23 . 2009-06-01 04:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 01:04 . 2009-06-01 04:22 34 ----a-w- c:\documents and settings\Eric\jagex_runescape_preferences.dat
2009-07-14 19:32 . 2009-07-14 19:32 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-14 19:32 . 2009-07-14 19:32 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-14 05:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 04:32 . 2009-07-10 04:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-03 17:09 . 2007-08-14 01:54 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViStart"="c:\program files\ViStart\ViStart" [X]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"Google Update"="c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-07-10 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-10 1028096]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-27 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-29 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-29 86016]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-09-01 858632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-31 24064]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-05-31 3686400]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-06-11 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-09-17 1799952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-10 16862208]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-29 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Eric\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo! Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2008-1-22 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-05-31 21:19 3077120 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Warzone 2100\\warzone2100.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Xming\\Xming.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9990:TCP"= 9990:TCP:WZ2100-9990
"9997:TCP"= 9997:TCP:WZ2100-9997
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [5/31/2009 3:19 PM 43184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5/31/2009 10:27 PM 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/31/2009 10:27 PM 25160]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 2:11 PM 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/25/2008 10:36 PM 45056]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/22/2009 2:11 PM 24652]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/9/2008 6:15 PM 80784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/31/2009 6:04 PM 41376]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate1ca050f12d1e7b8;Google Update Service (gupdate1ca050f12d1e7b8);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2009 11:42 PM 133104]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [5/31/2009 3:19 PM 3481088]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/25/2008 10:36 PM 131072]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/31/2009 3:13 PM 24064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4/14/2006 11:07 AM 28933976]
S3 SASENUM;SASENUM;\??\c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Eric\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-31 05:41]

2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 05:42]

2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 05:42]

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008Core.job
- c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 05:56]

2009-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2667730276-515693187-1579475875-1008UA.job
- c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-26 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\amd47zl9.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.ca
FF - component: c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\amd47zl9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\amd47zl9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\program files\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-09-25 00:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2667730276-515693187-1579475875-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,9c,3e,3a,10,c9,0d,69,86,a8,ee,04,1c,bb,36,de,02,e7,2a,1d,59,37,b6,
59,da,c2,93,cb,99,bb,76,ba,71,2a,e7,3a,86,3f,13,94,81,f8,dc,eb,19,8c,3f,41,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\windows\system32\ATSC70.DLL
c:\windows\system32\ATSC70PBA.dll

- - - - - - - > 'explorer.exe'(3412)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\program files\ViStart\StartHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Taskbar Shuffle\tbhookin.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\ViStart\ViStart.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\docume~1\Eric\LOCALS~1\temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Explorer++\Explorer++.exe
.
**************************************************************************
.
Completion time: 2009-09-25 0:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 06:25

Pre-Run: 70,603,624,448 bytes free
Post-Run: 76,895,510,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

316 --- E O F --- 2009-09-08 23:32


I am VERY glad to report that FireFox.exe has now booted properly. MSN Messenger is now working correctly, and Google is no longer redirecting me to adware sites! Thank you so much for your help, I can't tell you how happy I am to be free of that awful virus.

Please let me know if there is anything further I should do. But thank you again!
Posted 9/25/2009 6:38 AM
#77725
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
That´s good news :smilewinkgrin:




Just some cleanup remains ->




You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.





Click START then RUN

Now type Combofix /u in the runbox and click OK.

Note the space between the X and the U, it needs to be there.


The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present.
The C:\Deckard folder, if present.
The C:_OtMoveIt folder, if present.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.





To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Post a reply
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, July 4, 2022, 1:58 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
44 Guest(s), 0 Registered Member(s) are currently online.