View Full Version : Slow firefox performance
davemire
2010-11-07, 16:19
Around 2 nights ago i was getting browser redirects so i ran Avira, Spybot and Malware which found an infection called coolwwwsearch.ole or something along those lines.
Spybot removed most of it but couldnt remove all of it because it was being used in the memory, ran a few more scans after a reboot and nothing else was found but when i tried to open firefox or IE webpages wouldnt load because they were being re-directed through a proxy and it wasn't allowing any connections. Anyway i tried to run a DDS but it would go to blue screen every time but i did it in safe more with networking and it succeeded.
DDS (Ver_10-11-05.01) - NTFSx86 NETWORK
Run by Asus at 15:12:15.55 on 07/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3071.2512 [GMT 0:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Asus\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - No File
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\asus\appdata\roaming\micros~1\windows\startm~1\programs\startup\anticr~1.lnk - c:\program files\dachshund software\anticrash\AntiCrash.exe
StartupFolder: c:\users\asus\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner
IE: Add to Banner Ad Blocker
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\asus\appdata\roaming\mozilla\firefox\profiles\jdvb0nyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\asus\appdata\roaming\mozilla\firefox\profiles\jdvb0nyj.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}\components\FFExternalAlert.dll
FF - component: c:\users\asus\appdata\roaming\mozilla\firefox\profiles\jdvb0nyj.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}\components\RadioWMPCore.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-10-21 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-21 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-21 267944]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-10-21 403624]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-21 60936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S2 LasMan;Local Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-8 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
S2 wmcmgc;Windows Management Configuration;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808]
S3 TNET1130;TNET1130 Long Range PCI Wireless Network Card;c:\windows\system32\drivers\TNET1130.sys [2008-9-5 386688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
=============== Created Last 30 ================
2099-01-04 22:36:39 -------- d-----w- c:\windows\Panther
2099-01-04 22:36:24 -------- d-sh--w- C:\Boot
2010-11-07 00:28:01 -------- d-----w- c:\progra~2\McAfee Security Scan
2010-11-07 00:28:00 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-06 19:33:23 -------- d-----w- c:\program files\Safer Networking
2010-11-06 16:12:47 -------- d-----w- c:\program files\XP TCPIP Repair
2010-11-05 13:44:12 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{47dcfd24-ec9d-45f1-92f9-9d42c79092d5}\mpengine.dll
2010-11-02 08:57:26 64512 ---ha-w- c:\users\asus\appdata\roaming\dach100.dll
2010-10-27 12:13:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 12:13:28 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 12:13:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-21 18:38:23 -------- d-----w- c:\users\asus\appdata\roaming\Avira
2010-10-21 18:33:54 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-21 18:33:54 -------- d-----w- c:\progra~2\Avira
2010-10-21 18:33:53 -------- d-----w- c:\program files\Avira
2010-10-20 21:31:04 -------- d-----w- c:\windows\en
2010-10-20 21:23:55 469256 ----a-w- c:\program files\common files\windows live\.cache\186174f41cb709d2c\InstallManager_WLE_WLE.exe
2010-10-20 21:23:34 15712 ----a-w- c:\program files\common files\windows live\.cache\d3440341cb709d1f\MeshBetaRemover.exe
2010-10-20 21:23:20 94040 ----a-w- c:\program files\common files\windows live\.cache\46f8f941cb709d18\DSETUP.dll
2010-10-20 21:23:20 525656 ----a-w- c:\program files\common files\windows live\.cache\46f8f941cb709d18\DXSETUP.exe
2010-10-20 21:23:20 1691480 ----a-w- c:\program files\common files\windows live\.cache\46f8f941cb709d18\dsetup32.dll
2010-10-20 21:23:19 94040 ----a-w- c:\program files\common files\windows live\.cache\343a2541cb709d17\DSETUP.dll
2010-10-20 21:23:19 525656 ----a-w- c:\program files\common files\windows live\.cache\343a2541cb709d17\DXSETUP.exe
2010-10-20 21:23:19 1691480 ----a-w- c:\program files\common files\windows live\.cache\343a2541cb709d17\dsetup32.dll
2010-10-20 21:22:37 -------- d-----w- c:\users\asus\appdata\local\Windows Live
2010-10-20 21:22:03 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-13 22:15:56 -------- d-----w- c:\program files\LSoft Technologies Inc
==================== Find3M ====================
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07:35 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23:27 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
============= FINISH: 15:13:50.38 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay but we get very busy, but I am linked to you now
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
davemire
2010-11-13, 13:43
posting mbam results -
also noticed a few odd things happening on the pc, mainly concerning programs updating (eg. avira,starcraft2) i can update them manually but when they try to update automatically they fail and tell me that its because i am not connected to the internet.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5105
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
13/11/2010 12:37:08
mbam-log-2010-11-13 (12-37-08).txt
Scan type: Quick scan
Objects scanned: 150033
Time elapsed: 6 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi,
Malwarebytes does a good job if removing MyWebSearch but didn't find anything.
You do have some entries in your DDS log that shows your being redirected, let run this program to see if it fixes it
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
davemire
2010-11-13, 15:44
Posting combofix results :-
ComboFix 10-11-12.05 - Asus 13/11/2010 14:32:07.1.2 - x86
Running from: c:\users\Asus\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\programdata\pswi_preloaded.exe
c:\users\Asus\AppData\Roaming\dach100.dll
.
((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.
2099-01-04 22:36 . 2099-01-04 14:40 -------- d-----w- c:\windows\Panther
2099-01-04 22:36 . 2009-10-21 14:45 -------- d-----w- C:\Boot
2099-01-04 14:42 . 2010-11-10 14:03 -------- d-----w- c:\windows\Debug
2010-11-13 14:40 . 2010-11-13 14:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-13 14:40 . 2010-11-13 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-12 12:40 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6108AAF0-63AA-4E5C-8002-FD447C4AED33}\mpengine.dll
2010-11-10 14:43 . 2006-06-19 13:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-10 14:43 . 2006-05-25 15:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-10 14:43 . 2005-08-26 01:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-10 14:43 . 2003-02-02 20:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-10 14:43 . 2002-03-06 01:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-10 14:43 . 2010-11-10 14:43 -------- d-----w- c:\program files\Trojan Remover
2010-11-10 14:43 . 2010-11-10 14:43 -------- d-----w- c:\users\Asus\AppData\Roaming\Simply Super Software
2010-11-10 14:43 . 2010-11-10 14:43 -------- d-----w- c:\programdata\Simply Super Software
2010-11-10 14:39 . 2010-11-10 14:39 -------- d-----w- c:\program files\PFPortChecker
2010-11-10 13:51 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-07 00:29 . 2010-11-07 00:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-07 00:28 . 2010-11-07 00:28 -------- d-----w- c:\programdata\McAfee
2010-11-07 00:28 . 2010-11-07 00:28 -------- d-----w- c:\programdata\McAfee Security Scan
2010-11-07 00:28 . 2010-11-07 00:28 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-06 19:36 . 2010-11-06 19:36 -------- d-----w- c:\program files\ERUNT
2010-11-06 19:33 . 2010-11-06 19:33 -------- d-----w- c:\program files\Safer Networking
2010-11-06 16:12 . 2010-11-06 16:12 -------- d-----w- c:\program files\XP TCPIP Repair
2010-10-27 12:13 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 12:13 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 12:13 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-21 18:38 . 2010-10-21 18:38 -------- d-----w- c:\users\Asus\AppData\Roaming\Avira
2010-10-21 18:33 . 2010-11-06 19:36 -------- d-----w- c:\programdata\Avira
2010-10-21 18:33 . 2010-11-02 16:39 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-21 18:33 . 2010-11-02 16:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-21 18:33 . 2010-10-21 18:31 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-21 18:33 . 2010-10-21 18:31 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-21 18:33 . 2010-10-21 18:33 -------- d-----w- c:\program files\Avira
2010-10-20 21:31 . 2010-10-20 21:31 -------- d-----w- c:\windows\en
2010-10-20 21:23 . 2010-10-20 21:23 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\186174f41cb709d2c\InstallManager_WLE_WLE.exe
2010-10-20 21:23 . 2010-10-20 21:23 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\d3440341cb709d1f\MeshBetaRemover.exe
2010-10-20 21:23 . 2010-10-20 21:23 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\46f8f941cb709d18\DSETUP.dll
2010-10-20 21:23 . 2010-10-20 21:23 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\46f8f941cb709d18\DXSETUP.exe
2010-10-20 21:23 . 2010-10-20 21:23 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\46f8f941cb709d18\dsetup32.dll
2010-10-20 21:23 . 2010-10-20 21:23 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\343a2541cb709d17\DSETUP.dll
2010-10-20 21:23 . 2010-10-20 21:23 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\343a2541cb709d17\DXSETUP.exe
2010-10-20 21:23 . 2010-10-20 21:23 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\343a2541cb709d17\dsetup32.dll
2010-10-20 21:22 . 2010-11-05 21:08 -------- d-----w- c:\users\Asus\AppData\Local\Windows Live
2010-10-20 21:22 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 16:25 . 2008-10-27 17:21 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 10:41 . 2009-10-04 18:52 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-13 20:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23 . 2010-10-13 20:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-13 20:46 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23 . 2010-10-13 20:46 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-06 16:20 . 2010-10-13 20:46 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 20:46 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 20:46 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 20:46 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 20:46 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-13 20:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 20:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 20:46 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 20:46 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-13 20:46 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 12:13 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 12:13 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 12:13 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 12:13 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05 . 2010-10-13 20:46 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11 . 2010-09-18 20:52 128000 ----a-w- c:\windows\system32\spoolsv.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless PCI_CardBus utility V1.01.exe.lnk]
backup=c:\windows\pss\Wireless PCI_CardBus utility V1.01.exe.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Asus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Asus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 22:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
2010-07-31 18:40 38184 ----a-w- c:\program files\NCSoft\Launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-31 01:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PC Booster"=c:\program files\inKline Global\PC Booster\pcbooster.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3000718428-1516675723-597361126-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 LasMan;Local Connection Manager;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Normandy;Normandy SR2; [x]
R3 pohci13F;pohci13F;c:\users\Asus\AppData\Local\Temp\pohci13F.sys [x]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]
R3 TNET1130;TNET1130 Long Range PCI Wireless Network Card;c:\windows\system32\DRIVERS\tnet1130.sys [2004-06-17 386688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-08-30 3407412]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-16 691696]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-11-02 403624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
LasMan
wmcmgc
wmcmgc
wmcmgc
wmcmgc
wmcmgc
.
Contents of the 'Scheduled Tasks' folder
2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:30]
2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
IE: Add to Anti-Banner
IE: Add to Banner Ad Blocker
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\jdvb0nyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}\components\FFExternalAlert.dll
FF - component: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{193d7001-bd9f-48c2-b5c7-69775aa2201d} - (no file)
Notify-klogon - (no file)
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-AcronisTimounterMonitor - c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3000718428-1516675723-597361126-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:09,4c,c6,51,2e,0b,f8,57,c3,91,70,7a,32,a8,44,30,4e,d8,64,8c,bf,3d,b2,
7f,c9,31,5c,5a,f0,14,f4,60,7d,46,3f,8c,30,37,ae,f8,94,9e,4e,ba,5f,d3,79,bc,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
[HKEY_USERS\S-1-5-21-3000718428-1516675723-597361126-1000\Software\SecuROM\License information*]
"datasecu"=hex:ea,75,63,8d,b4,27,53,a8,d1,17,f3,ec,d4,28,df,7d,62,37,ab,67,b9,
fd,00,e3,6f,60,c4,0a,47,7f,cb,45,f3,ca,fb,c8,3c,ae,18,09,cd,eb,a7,70,3d,1b,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-13 14:43:10
ComboFix-quarantined-files.txt 2010-11-13 14:43
Pre-Run: 117,738,450,944 bytes free
Post-Run: 122,770,194,432 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5CE25360AA1FF7066FFBE5F9CFB6EAD5
davemire
2010-11-13, 15:49
Things are looking better already, starcraft 2 updated itself! Happy days thanks a lot for helping me out pal.
Looks like there are a few more things to remove, run this quick scan and post the log please
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
davemire
2010-11-13, 17:31
OTL.txt report :-
OTL logfile created on: 13/11/2010 16:27:31 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Asus\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.12 Gb Total Space | 113.32 Gb Free Space | 25.06% Space Free | Partition Type: NTFS
Drive D: | 13.63 Gb Total Space | 8.54 Gb Free Space | 62.61% Space Free | Partition Type: NTFS
Drive E: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: ASUS-PC | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Asus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\XpertVision\TBPANEL.exe (Xpertvision, Inc.)
PRC - C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe ()
PRC - C:\Windows\Integrator.exe (Dachshund Software)
========== Modules (SafeList) ==========
MOD - C:\Users\Asus\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (pohci13F) -- C:\Users\Asus\AppData\Local\Temp\pohci13F.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Asus\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (MRV6X32P) -- C:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (TNET1130) -- C:\Windows\System32\drivers\TNET1130.sys (Texas Instruments)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {193d7001-bd9f-48c2-b5c7-69775aa2201d}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/07 14:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 14:49:47 | 000,000,000 | ---D | M]
[2008/10/27 16:51:19 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions
[2010/11/12 21:02:33 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions
[2010/08/18 17:43:54 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/02/18 00:35:47 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/09/01 16:18:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/05 14:41:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/17 23:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/08/21 23:54:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/12 21:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/11/13 14:40:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - No CLSID value found.
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe ()
O4 - Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/22 17:02:32 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2006/09/15 18:31:42 | 000,983,040 | R--- | M] () - E:\autoplay.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/15 03:50:54 | 000,001,989 | R--- | M] () - E:\Autoplay.ini -- [ UDF ]
O32 - AutoRun File - [2006/09/15 03:50:54 | 000,000,706 | R--- | M] () - E:\Autoplay.ucs -- [ UDF ]
O32 - AutoRun File - [2006/08/31 22:39:37 | 000,576,056 | R--- | M] () - E:\autorun.bmp -- [ UDF ]
O32 - AutoRun File - [2006/08/30 12:00:03 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2099/01/04 22:36:39 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2099/01/04 22:36:24 | 000,000,000 | ---D | C] -- C:\Boot
[2099/01/04 14:42:39 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2099/01/04 14:40:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2099/01/04 14:37:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2099/01/04 14:37:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/13 14:43:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/13 14:43:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/13 14:29:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/13 14:29:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/13 14:29:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/13 14:29:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/13 14:28:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/13 14:28:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/10 21:50:38 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\SC2backup!
[2010/11/10 14:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/10 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\Simply Super Software
[2010/11/10 14:43:21 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/11/10 14:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/11/10 14:43:18 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Simply Super Software
[2010/11/10 14:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/11/10 14:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\PFPortChecker
[2010/11/07 00:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/07 00:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/07 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/11/07 00:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/11/07 00:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/11/07 00:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/11/06 19:37:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/06 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/06 19:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/11/06 16:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\XP TCPIP Repair
[2010/10/27 12:13:28 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 12:13:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 12:13:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/21 18:38:23 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Avira
[2010/10/21 18:33:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/10/21 18:33:54 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/10/21 18:33:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/10/21 18:33:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/10/21 18:33:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/21 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/10/21 18:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/20 21:31:04 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/20 21:22:37 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Windows Live
[2010/10/20 21:22:03 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
========== Files - Modified Within 30 Days ==========
[2099/01/04 14:40:55 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2099/01/04 14:40:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/11/13 15:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 14:59:04 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/13 14:59:03 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/13 14:53:01 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/13 14:53:00 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/13 14:52:48 | 000,064,512 | -H-- | M] () -- C:\Users\Asus\AppData\Roaming\dach100.dll
[2010/11/13 14:52:48 | 000,000,066 | ---- | M] () -- C:\Windows\anticrash.dat
[2010/11/13 14:52:41 | 000,006,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 14:52:41 | 000,006,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 14:52:38 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 14:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/13 14:52:18 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/13 14:40:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/12 23:31:50 | 000,000,217 | -H-- | M] () -- C:\Windows\winshell.dat
[2010/11/11 18:06:44 | 000,047,616 | ---- | M] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/11 16:25:00 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/11/10 14:39:05 | 000,000,864 | ---- | M] () -- C:\Users\Asus\Desktop\PFPortChecker.lnk
[2010/11/10 14:30:11 | 000,006,594 | ---- | M] () -- C:\Users\Asus\Documents\cc_20101110_143007.reg
[2010/11/08 17:27:54 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 15:18:44 | 000,004,473 | ---- | M] () -- C:\Users\Asus\Desktop\Attach.zip
[2010/11/07 14:49:49 | 000,001,748 | ---- | M] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 14:49:49 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/07 00:29:10 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/07 00:28:01 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/11/07 00:28:01 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/06 21:21:57 | 000,090,020 | ---- | M] () -- C:\Users\Asus\Documents\cc_20101106_212148.reg
[2010/11/06 19:36:51 | 000,000,913 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/06 19:36:44 | 000,000,733 | ---- | M] () -- C:\Users\Asus\Desktop\NTREGOPT.lnk
[2010/11/06 19:36:44 | 000,000,714 | ---- | M] () -- C:\Users\Asus\Desktop\ERUNT.lnk
[2010/11/05 16:31:24 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/05 16:26:02 | 000,424,780 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.trb
[2010/11/04 11:16:58 | 000,295,424 | ---- | M] () -- C:\Users\Asus\Desktop\gmer.exe
[2010/11/02 16:39:00 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/02 16:39:00 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/01 21:11:08 | 000,000,133 | ---- | M] () -- C:\Users\Asus\webct_upload_applet.properties
[2010/10/23 00:34:46 | 000,423,310 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101105-162602.backup
[2010/10/21 18:34:08 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/21 18:31:15 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/10/21 18:31:14 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/21 18:31:13 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/10/21 18:12:02 | 000,326,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/19 17:01:52 | 000,422,500 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101023-013446.backup
[2010/10/19 17:00:36 | 000,422,500 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101019-180152.backup
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
========== Files Created - No Company Name ==========
[2099/01/04 22:36:24 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2099/01/04 14:40:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/11/13 14:52:47 | 000,064,512 | -H-- | C] () -- C:\Users\Asus\AppData\Roaming\dach100.dll
[2010/11/13 14:29:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/13 14:29:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/13 14:29:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/13 14:29:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/13 14:29:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/10 14:43:21 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/11/10 14:43:21 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/11/10 14:43:21 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/11/10 14:43:21 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/11/10 14:39:05 | 000,000,864 | ---- | C] () -- C:\Users\Asus\Desktop\PFPortChecker.lnk
[2010/11/10 14:30:09 | 000,006,594 | ---- | C] () -- C:\Users\Asus\Documents\cc_20101110_143007.reg
[2010/11/07 15:21:07 | 3220,496,384 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/07 15:18:44 | 000,004,473 | ---- | C] () -- C:\Users\Asus\Desktop\Attach.zip
[2010/11/07 14:49:49 | 000,001,748 | ---- | C] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 14:49:49 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/07 00:29:10 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/07 00:28:01 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/11/07 00:28:01 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/06 21:21:50 | 000,090,020 | ---- | C] () -- C:\Users\Asus\Documents\cc_20101106_212148.reg
[2010/11/06 19:36:51 | 000,000,913 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/06 19:36:44 | 000,000,733 | ---- | C] () -- C:\Users\Asus\Desktop\NTREGOPT.lnk
[2010/11/06 19:36:44 | 000,000,714 | ---- | C] () -- C:\Users\Asus\Desktop\ERUNT.lnk
[2010/11/06 16:20:52 | 000,295,424 | ---- | C] () -- C:\Users\Asus\Desktop\gmer.exe
[2010/11/05 16:31:24 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/22 13:26:40 | 000,000,133 | ---- | C] () -- C:\Users\Asus\webct_upload_applet.properties
[2010/10/21 18:34:08 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/15 22:55:58 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/15 22:55:45 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/20 23:32:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 09:45:35 | 000,018,037 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\UserTile.png
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/10 22:34:42 | 000,004,076 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/05/10 22:34:42 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4ABB68D08C.sys
[2009/04/13 12:46:38 | 000,000,050 | ---- | C] () -- C:\Windows\System32\swkotor2.ini
[2009/04/08 13:04:10 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/01/09 18:35:33 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008/12/15 23:52:48 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/11/16 17:15:21 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/31 03:09:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/10/28 02:22:34 | 000,047,616 | ---- | C] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 17:47:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/27 17:19:21 | 000,022,328 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\PnkBstrK.sys
[2008/10/23 14:03:29 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/18 18:17:09 | 000,295,028 | ---- | C] () -- C:\Windows\System32\Install6x.dll
[2008/09/18 17:58:59 | 000,001,356 | ---- | C] () -- C:\Users\Asus\AppData\Local\d3d9caps.dat
[2008/09/05 14:54:47 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/09/05 14:54:47 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/09/05 14:54:47 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/09/05 14:54:46 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/09/05 14:52:52 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SystemInfo32.sys
[2008/09/05 14:50:36 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2008/09/05 14:50:36 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008/09/05 14:50:21 | 000,016,057 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/09/05 14:50:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/09/05 14:50:10 | 000,008,290 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007/08/01 03:39:28 | 000,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2010/11/11 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Azureus
[2010/11/10 18:14:19 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Bioshock
[2010/08/30 16:08:15 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Bioshock2
[2009/04/08 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools
[2009/06/11 13:12:49 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools Lite
[2010/06/16 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools Pro
[2010/07/27 23:10:08 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Darkfall
[2009/06/29 19:35:23 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Firaxis Games
[2009/09/03 21:07:27 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\GetRightToGo
[2009/03/24 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\gtk-2.0
[2009/05/27 14:12:17 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Mumble
[2009/07/19 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\My Games
[2009/08/27 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\OpenOffice.org
[2009/08/27 13:25:59 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\OpenOffice.org3
[2009/09/15 09:45:35 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PeerNetworking
[2009/01/01 17:19:10 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Red Alert 3
[2010/02/25 16:32:53 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Research In Motion
[2010/11/10 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Simply Super Software
[2010/05/20 01:51:30 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SystemRequirementsLab
[2009/07/08 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\The Creative Assembly
[2008/11/04 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Thinstall
[2010/11/13 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TuneUpMedia
[2009/03/03 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\uTorrent
[2010/11/13 14:51:12 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 988 bytes -> C:\Users\Asus\Documents\Fw_ Landlord statement_ April 10 Statement - 6 St Mary's Close.eml:OECustomProperty
< End of report >
davemire
2010-11-13, 17:32
extras.txt report :-
OTL Extras logfile created on: 13/11/2010 16:27:31 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Asus\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.12 Gb Total Space | 113.32 Gb Free Space | 25.06% Space Free | Partition Type: NTFS
Drive D: | 13.63 Gb Total Space | 8.54 Gb Free Space | 62.61% Space Free | Partition Type: NTFS
Drive E: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: ASUS-PC | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3000718428-1516675723-597361126-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BFDE21F-42D1-4D26-B7C2-2191E1529D07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2C08419B-529A-4A29-84A4-6BCF8E283AD6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B45F8D5-E97F-4AD4-9B8E-642E7F9CD0EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{55A95E83-662F-4F14-A5D4-ED2B5AF2A7C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6AC90702-8DA3-47A3-BBE9-2B5B64436124}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FA56244-B0D2-4797-AC5E-DB6F59F865B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{87B95AED-1E84-416C-A4B6-F7912DA29570}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{88F584E5-35A0-420A-B9E3-9F3661E210A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8FBA1D30-23D1-4895-A287-3BFFDA711E4B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BE35EE7-039D-4A9E-8D0C-41E33B1C8FD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B363F6A4-3335-43B2-98F0-BF13D0CB397E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C0F475E5-3569-430D-8DEF-5F697980826D}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294A12C-CA06-4A89-B822-E79481098DF3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{049C3467-330F-47D1-9B6C-3A6643E63752}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\gameszone4\age of chivalry\hl2.exe |
"{06F3E410-709A-4C98-973F-0E60733C6DDF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{0CEE0DEB-498B-4463-B665-BF5491F147BD}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{0D9CFA83-3509-41E5-ACBD-0135EC7B5440}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\gameszone4\half-life\hl.exe |
"{1004F237-1746-4DC3-89F0-8FEADF1FEED2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{196ABEDE-3B6F-4B4B-A51C-E52E244554A3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 2\cod2mp_s.exe |
"{1ADB9B3C-0B54-470B-B25D-EE77B848118E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{1CFF14BF-ED78-48B8-8841-1111442379DF}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{1D337479-9DA6-41FD-BE73-BAA4EEC5C3C2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{1D9EDA82-460B-4516-B07A-82654F065FC6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{26E56D73-DB80-46CB-B508-1FF9422B0580}" = dir=in | app=c:\program files\thq\relic entertainment\company of heroes online\cohoseeder.exe |
"{27F019AA-0E5F-4B6E-9D7B-781B4B2AFC8D}" = dir=in | app=c:\program files\thq\relic entertainment\company of heroes online\game\reliccohoww.exe |
"{2D77D1AD-56E7-4E8B-9C51-0D5D845E19EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{2D97E9C2-DC40-485C-9428-996FD99DC86D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2E1F0499-B2F4-4239-9D75-E538457E5887}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2E657879-1E50-465C-8E8C-33B4F7D7F074}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"{2E94FBEB-252A-4893-9952-604DAA83BCB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\coduomp.exe |
"{2EC4DB43-8BAB-42BA-94F3-7A23CC447100}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2F26FF35-FA73-4C9C-9323-B6E7C17A8D37}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{317E825E-4998-47DE-87C2-9380BC4373E3}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{3293DE4E-C427-4806-A0C3-82DC8E127C84}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3297A3A4-FF50-4CC8-9E43-438296C9274D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{33B18D0E-080A-4F2D-8FD5-27098F198814}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{372FC994-4075-4C4B-8D18-01818BD592C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37D99EBF-F876-4A11-A134-643E748EE87B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{39752579-494B-447B-B98F-C7E6609057C7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3C594AEC-7863-4F81-9831-31A29D3484B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codmp.exe |
"{4251E273-A592-4705-86E3-8C44E2CF5CBD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{46A177C1-6476-45DB-9BF9-FA467D1E1F2A}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"{4870029E-87B1-4158-9B34-F94EEF19D0B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\swkotor\swkotor.exe |
"{4A70DF66-37D8-4D24-A7A2-D2D41045DC31}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CA2BCE4-6F4B-4BAE-A0BD-C6A4E0D8A1E4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{4D8CF2FD-F0FC-43AB-ABF4-C3513CB84A85}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{4DCF9F7E-F905-4907-84A8-9C7306C85A3F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{4FE73D7D-1C63-40A3-BE2B-F2C09A043442}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{50B1419B-7DE3-4997-AF17-F8615D7D342E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\swkotor\swkotor.exe |
"{53A8FA19-4D78-49B3-8141-C8525ADD0843}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codsp.exe |
"{548393BE-2EAB-49E8-8877-9871D157F1DD}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{5880E2FC-32BE-4974-9E0C-344C9ACF195B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{58D8AAD1-C374-41A3-A710-4C63E386FCBE}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"{5C49D416-FFFE-4BBE-88F9-703E07E3151A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{5C7ABBA8-707A-4064-A1E7-00772AEDB2A7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5DC9AE1B-A7BF-4220-99A2-D79138A6FC83}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{5F5CEA4A-5603-4EE6-9AD1-6B5A66DA14E2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{60497DEF-CA95-46B3-8184-AAACC6AF91E5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{622DF638-7DEC-4266-9922-495AA3D56905}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{64AF79E3-4592-4085-8B9D-14DA3C6190CC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{65013D7C-6CF0-4116-A4C1-ACDB4DA084F8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codmp.exe |
"{68DED725-10D1-4171-9F1B-E020671A2D9B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6DC9A950-8051-4818-B009-0D7BF362F5D3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{6E17881F-B4BB-4FF9-90FB-DA1F3B876967}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{70E65ECF-665A-4F4B-A81E-D84D0FA22843}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\gameszone4\age of chivalry\hl2.exe |
"{74CDE6DA-9287-4228-84FC-413A216E33C7}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{7643CD25-F9AC-46C0-8D80-15F353F5BEB3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\coduosp.exe |
"{7A1AF6FB-3541-4045-B167-35DC4BF0C4E9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{838E0399-05DF-4849-9DC2-BA93C37C83BC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wings of prey\launcher.exe |
"{84431BE8-B752-4FB8-8E6A-A365D2C4EE96}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{863623C3-76EB-4061-A8DA-8D9A0FF4F4F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 2\cod2sp_s.exe |
"{895B4354-7008-4C34-8237-BD99365FE56F}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{8C0560F9-951A-4A7D-B313-77EE7B296977}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{8D4B1E6A-468D-4836-9FD4-A9F999CD4C6A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{958BDC1C-719D-47AF-B11E-B191DA074E69}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{95CF1CE9-BD68-4CAE-A78A-0B0576680941}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{961A1657-54CB-40A3-9A0C-50766C36DF4A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 2\cod2sp_s.exe |
"{9BC98485-4EA3-44DC-B502-567704AA775D}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{9BE8E76D-DE9F-4304-B326-2D70AAEE8297}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{A21D2DE5-558E-4D47-8EE5-083C7EEA70C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\coduomp.exe |
"{A456FC7A-A0F2-43CB-B65E-6A41B8D255B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{A4D0022C-2949-49C8-B14C-197938AD7588}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\help.htm |
"{A5575D1C-9709-43E0-BFBB-11EEE9612D62}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{A5753CF5-A3F9-4846-B956-B7FC3DF80AC4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{AC6A9F50-6B0E-4CF2-9CAD-7A9E6EC90C0F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{B02986D2-A0DA-440D-9984-7A5E527789D6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B69CEDEF-3D01-4BEF-AB2C-896BD143369E}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B6ADF7DF-13BC-441A-8033-D4985164D186}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{B92C0F31-F878-47E9-81FE-556AE2F3E708}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{C0F18019-E769-4CFC-8E1E-DF81C387F32C}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{C124F402-FD78-4ED5-90CC-0FD2BF64BC0E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{C260490A-3252-46A2-A911-060AC83734E8}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{C421D59D-B48A-4A47-AA07-4E4F8C45E5B0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\coduosp.exe |
"{C43FD9BF-285A-4831-8AE9-D476788D79CE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C516BA52-5E1A-4E9D-8BAE-D5D7F4C15F5F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C5C3B994-BA6D-4729-9AFE-2A300C043D17}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C8E3F2D8-3D48-4BD9-83F5-3C69F17EB699}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{CF6DE55F-66BA-42A3-B896-EE91C42674ED}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D17F7691-7A2E-4ADE-AD0C-FC0671DFA48B}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{D2FA5724-4451-48F2-B7B3-2AEADE3A96CC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{D89E7862-F291-41EF-9568-F117DCE23A26}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{D8C7E9FD-25D5-459B-A112-1947E477B7A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\help.htm |
"{D9027378-FD81-4810-AE29-9CC792130719}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{DE85D552-6BC6-44BB-9166-9DCF661FF328}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{E15B46D1-830E-43AE-B098-564C74929F30}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E639EDEE-3487-4AD8-9CDC-978EC7CEA10A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{E6FC410F-AFF0-4CEB-8AC4-285177E28A8A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 2\cod2mp_s.exe |
"{E7D9FE71-3D62-4A64-A878-63B52EA24FB3}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"{E8774CE4-F9C0-42E4-A3D8-000FAD984B50}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wings of prey\launcher.exe |
"{E9A1EB87-2E68-408B-9284-1D7412F12704}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E9A5DF27-5EEC-48A6-A285-2DC59E0E1199}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA9406B2-8871-4113-953B-1782D8BCE2D9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{EE8B68E3-CC82-4C16-97E1-F0F82F8DEDF7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{EF27328A-5C63-42AB-9A2F-B09193CFE8D3}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{F28CA232-D0D5-41D8-9ED6-9517D7BD73D4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codsp.exe |
"{F290E6CD-5970-43B0-BF65-0C5D4C252935}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F77DE7B6-8957-4185-B370-E3D9DE5768FE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\gameszone4\half-life\hl.exe |
"{FAAFC7A5-B4CC-4E39-984B-F6FBE3AF5F1D}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{030633A3-927D-4584-9426-A86DB70E8BCC}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{14F00AAA-826C-4A7A-83DA-2C452C331A57}C:\program files\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{5777E626-13A7-430D-AC85-40051482D095}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{676C3F23-F316-4586-8D99-F0A292DA93E6}C:\program files\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{7BAA92C2-EA63-4ED7-8944-F96474C636B1}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{8292A625-A302-4784-A297-2ED785EC8EB9}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{A80A4E7C-86FB-4670-A4A2-979E15CB284A}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{1E9B9BF8-5954-43EE-B3D8-6FDA43133E9D}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{554EEE9A-9ECA-4132-949F-453C72A36220}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{A714B05C-F073-4D2B-AF05-BF58FFA1DF2F}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{AC028631-E82E-4E8B-8408-FD604A793859}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{E9049796-B2D0-4FC1-85AC-6CCF97E21890}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{EF778FCD-FDDC-4232-81FB-05EF92217425}C:\program files\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files\bethesda softworks\fallout 3\fallout3.exe |
"UDP Query User{F3F9E765-6553-4DDD-B080-430125C240CE}C:\program files\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files\bethesda softworks\fallout 3\fallout3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0150ECF7-60CB-43C5-AB0A-877BB76ABA55}" = Wireless PCI_CardBus utility V1.01
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0CE907-3A71-4CF9-BD13-DA74E63278B2}" = Company of Heroes Online (THQ)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39F8BF57-47FA-4F8D-9404-1B41321743AF}" = AntiCrash 3.6.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5435FF3C-48CF-4B34-85E1-2C95673EB254}" = Dawn of War - Soulstorm
"{5454085C-840F-4070-8FAA-441000018301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6231FDA0-7E6F-11D4-A671-006008D09831}" = Sacrifice
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BA0601E1-B65C-11D5-80A9-0000B494D9A6}" = PC Booster
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN Card
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Company of Heroes" = Company of Heroes
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"PFPortChecker" = PFPortChecker 1.0.36
"PokerStars" = PokerStars
"Registry Mechanic_is1" = Registry Mechanic 5.2
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 630" = Alien Swarm
"Steam App 7670" = BioShock
"Steam App 8850" = BioShock 2
"SystemRequirementsLab" = System Requirements Lab
"The Sith Lords Restored Content Mod_is1" = TSLRCM 1.5
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUpMedia" = TuneUp Companion 1.6.1
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XP TCP/IP Repair_is1" = XP TCP/IP Repair
"XpertVision_is1" = XpertVision 6.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"477233b55d082a86" = Company of Heroes Online Launcher (THQ)
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned Fixes" = Dragon Age Redesigned Fixes
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned© Zevran" = Dragon Age Redesigned© Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"Dragon Age Redesigned© Sten" = Dragon Age Redesigned© Sten
"Dragon Age Redesigned© Wynne" = Dragon Age Redesigned© Wynne
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27/01/2010 04:28:26 | Computer Name = Asus-PC | Source = WinMgmt | ID = 10
Description =
Error - 27/01/2010 07:52:29 | Computer Name = Asus-PC | Source = System Restore | ID = 8193
Description =
Error - 27/01/2010 18:21:43 | Computer Name = Asus-PC | Source = WinMgmt | ID = 10
Description =
Error - 28/01/2010 12:47:31 | Computer Name = Asus-PC | Source = System Restore | ID = 8193
Description =
Error - 29/01/2010 01:37:44 | Computer Name = Asus-PC | Source = WinMgmt | ID = 10
Description =
Error - 29/01/2010 01:41:38 | Computer Name = Asus-PC | Source = WinMgmt | ID = 10
Description =
Error - 29/01/2010 01:48:27 | Computer Name = Asus-PC | Source = WinMgmt | ID = 10
Description =
Error - 29/01/2010 01:56:21 | Computer Name = Asus-PC | Source = WinMgmt | ID = 10
Description =
Error - 29/01/2010 02:00:10 | Computer Name = Asus-PC | Source = System Restore | ID = 8193
Description =
Error - 31/01/2010 16:04:15 | Computer Name = Asus-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12/11/2010 19:31:52 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 13/11/2010 08:07:36 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 13/11/2010 08:07:36 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 13/11/2010 08:07:38 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13/11/2010 08:18:45 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 13/11/2010 08:18:45 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 13/11/2010 10:31:52 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 13/11/2010 10:40:33 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 13/11/2010 10:52:47 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 13/11/2010 10:52:47 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7023
Description =
< End of report >
Hi,
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
FF - prefs.js..extensions.enabledItems: {193d7001-bd9f-48c2-b5c7-69775aa2201d}:2.7.2.0
FF - prefs.js..network.proxy.http_port: 50370
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
davemire
2010-11-13, 19:23
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {193d7001-bd9f-48c2-b5c7-69775aa2201d}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: 50370 removed from network.proxy.http_port
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Asus
->Temp folder emptied: 61677 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3009955 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.17.3 log created on 11132010_182018
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
davemire
2010-11-13, 19:27
OTL logfile created on: 13/11/2010 18:25:00 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Asus\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.12 Gb Total Space | 111.24 Gb Free Space | 24.60% Space Free | Partition Type: NTFS
Drive D: | 13.63 Gb Total Space | 8.54 Gb Free Space | 62.61% Space Free | Partition Type: NTFS
Drive E: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: ASUS-PC | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - c:\Users\Asus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\XpertVision\TBPANEL.exe (Xpertvision, Inc.)
PRC - C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe ()
PRC - C:\Windows\Integrator.exe (Dachshund Software)
========== Modules (SafeList) ==========
MOD - c:\Users\Asus\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (pohci13F) -- C:\Users\Asus\AppData\Local\Temp\pohci13F.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Asus\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (MRV6X32P) -- C:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (TNET1130) -- C:\Windows\System32\drivers\TNET1130.sys (Texas Instruments)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/07 14:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 14:49:47 | 000,000,000 | ---D | M]
[2008/10/27 16:51:19 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions
[2010/11/12 21:02:33 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions
[2010/08/18 17:43:54 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/02/18 00:35:47 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/09/01 16:18:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/05 14:41:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/17 23:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/08/21 23:54:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\jdvb0nyj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/12 21:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/11/13 18:20:19 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - No CLSID value found.
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe ()
O4 - Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/22 17:02:32 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2006/09/15 18:31:42 | 000,983,040 | R--- | M] () - E:\autoplay.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/15 03:50:54 | 000,001,989 | R--- | M] () - E:\Autoplay.ini -- [ UDF ]
O32 - AutoRun File - [2006/09/15 03:50:54 | 000,000,706 | R--- | M] () - E:\Autoplay.ucs -- [ UDF ]
O32 - AutoRun File - [2006/08/31 22:39:37 | 000,576,056 | R--- | M] () - E:\autorun.bmp -- [ UDF ]
O32 - AutoRun File - [2006/08/30 12:00:03 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2099/01/04 22:36:39 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2099/01/04 22:36:24 | 000,000,000 | ---D | C] -- C:\Boot
[2099/01/04 14:42:39 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2099/01/04 14:40:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2099/01/04 14:37:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2099/01/04 14:37:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/13 18:09:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/13 14:43:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/13 14:43:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/13 14:29:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/13 14:29:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/13 14:29:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/13 14:29:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/13 14:28:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/13 14:28:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/10 21:50:38 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\SC2backup!
[2010/11/10 14:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/10 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\Simply Super Software
[2010/11/10 14:43:21 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/11/10 14:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/11/10 14:43:18 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Simply Super Software
[2010/11/10 14:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/11/10 14:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\PFPortChecker
[2010/11/07 00:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/07 00:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/07 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/11/07 00:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/11/07 00:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/11/07 00:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/11/06 19:37:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/06 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/06 19:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/11/06 16:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\XP TCPIP Repair
[2010/10/27 12:13:28 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 12:13:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 12:13:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/21 18:38:23 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Avira
[2010/10/21 18:33:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/10/21 18:33:54 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/10/21 18:33:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/10/21 18:33:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/10/21 18:33:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/21 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/10/21 18:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/20 21:31:04 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/20 21:22:37 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Windows Live
[2010/10/20 21:22:03 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
========== Files - Modified Within 30 Days ==========
[2099/01/04 14:40:55 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2099/01/04 14:40:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/11/13 18:22:04 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/13 18:22:04 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/13 18:21:54 | 000,000,066 | ---- | M] () -- C:\Windows\anticrash.dat
[2010/11/13 18:21:53 | 000,064,512 | -H-- | M] () -- C:\Users\Asus\AppData\Roaming\dach100.dll
[2010/11/13 18:21:44 | 000,006,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 18:21:44 | 000,006,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 18:21:43 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 18:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/13 18:21:22 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/13 18:20:19 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/11/13 18:17:10 | 000,000,217 | -H-- | M] () -- C:\Windows\winshell.dat
[2010/11/13 17:56:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 14:59:04 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/13 14:59:03 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/11 18:06:44 | 000,047,616 | ---- | M] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/11 16:25:00 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/11/10 14:39:05 | 000,000,864 | ---- | M] () -- C:\Users\Asus\Desktop\PFPortChecker.lnk
[2010/11/10 14:30:11 | 000,006,594 | ---- | M] () -- C:\Users\Asus\Documents\cc_20101110_143007.reg
[2010/11/08 17:27:54 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 15:18:44 | 000,004,473 | ---- | M] () -- C:\Users\Asus\Desktop\Attach.zip
[2010/11/07 14:49:49 | 000,001,748 | ---- | M] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 14:49:49 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/07 00:29:10 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/07 00:28:01 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/11/07 00:28:01 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/06 21:21:57 | 000,090,020 | ---- | M] () -- C:\Users\Asus\Documents\cc_20101106_212148.reg
[2010/11/06 19:36:51 | 000,000,913 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/06 19:36:44 | 000,000,733 | ---- | M] () -- C:\Users\Asus\Desktop\NTREGOPT.lnk
[2010/11/06 19:36:44 | 000,000,714 | ---- | M] () -- C:\Users\Asus\Desktop\ERUNT.lnk
[2010/11/05 16:31:24 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/05 16:26:02 | 000,424,780 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.trb
[2010/11/04 11:16:58 | 000,295,424 | ---- | M] () -- C:\Users\Asus\Desktop\gmer.exe
[2010/11/02 16:39:00 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/02 16:39:00 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/01 21:11:08 | 000,000,133 | ---- | M] () -- C:\Users\Asus\webct_upload_applet.properties
[2010/10/23 00:34:46 | 000,423,310 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101105-162602.backup
[2010/10/21 18:34:08 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/21 18:31:15 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/10/21 18:31:14 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/21 18:31:13 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/10/21 18:12:02 | 000,326,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/19 17:01:52 | 000,422,500 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101023-013446.backup
[2010/10/19 17:00:36 | 000,422,500 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101019-180152.backup
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
========== Files Created - No Company Name ==========
[2099/01/04 22:36:24 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2099/01/04 14:40:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/11/13 14:52:47 | 000,064,512 | -H-- | C] () -- C:\Users\Asus\AppData\Roaming\dach100.dll
[2010/11/13 14:29:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/13 14:29:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/13 14:29:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/13 14:29:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/13 14:29:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/10 14:43:21 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/11/10 14:43:21 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/11/10 14:43:21 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/11/10 14:43:21 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/11/10 14:39:05 | 000,000,864 | ---- | C] () -- C:\Users\Asus\Desktop\PFPortChecker.lnk
[2010/11/10 14:30:09 | 000,006,594 | ---- | C] () -- C:\Users\Asus\Documents\cc_20101110_143007.reg
[2010/11/07 15:21:07 | 3220,496,384 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/07 15:18:44 | 000,004,473 | ---- | C] () -- C:\Users\Asus\Desktop\Attach.zip
[2010/11/07 14:49:49 | 000,001,748 | ---- | C] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 14:49:49 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/07 00:29:10 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/07 00:28:01 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/11/07 00:28:01 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/06 21:21:50 | 000,090,020 | ---- | C] () -- C:\Users\Asus\Documents\cc_20101106_212148.reg
[2010/11/06 19:36:51 | 000,000,913 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/06 19:36:44 | 000,000,733 | ---- | C] () -- C:\Users\Asus\Desktop\NTREGOPT.lnk
[2010/11/06 19:36:44 | 000,000,714 | ---- | C] () -- C:\Users\Asus\Desktop\ERUNT.lnk
[2010/11/06 16:20:52 | 000,295,424 | ---- | C] () -- C:\Users\Asus\Desktop\gmer.exe
[2010/11/05 16:31:24 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/22 13:26:40 | 000,000,133 | ---- | C] () -- C:\Users\Asus\webct_upload_applet.properties
[2010/10/21 18:34:08 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/15 22:55:58 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/15 22:55:45 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/20 23:32:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 09:45:35 | 000,018,037 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\UserTile.png
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/10 22:34:42 | 000,004,076 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/05/10 22:34:42 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4ABB68D08C.sys
[2009/04/13 12:46:38 | 000,000,050 | ---- | C] () -- C:\Windows\System32\swkotor2.ini
[2009/04/08 13:04:10 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/01/09 18:35:33 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008/12/15 23:52:48 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/11/16 17:15:21 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/31 03:09:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/10/28 02:22:34 | 000,047,616 | ---- | C] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 17:47:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/27 17:19:21 | 000,022,328 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\PnkBstrK.sys
[2008/10/23 14:03:29 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/18 18:17:09 | 000,295,028 | ---- | C] () -- C:\Windows\System32\Install6x.dll
[2008/09/18 17:58:59 | 000,001,356 | ---- | C] () -- C:\Users\Asus\AppData\Local\d3d9caps.dat
[2008/09/05 14:54:47 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/09/05 14:54:47 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/09/05 14:54:47 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/09/05 14:54:46 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/09/05 14:52:52 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SystemInfo32.sys
[2008/09/05 14:50:36 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2008/09/05 14:50:36 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008/09/05 14:50:21 | 000,016,057 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/09/05 14:50:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/09/05 14:50:10 | 000,008,290 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007/08/01 03:39:28 | 000,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 988 bytes -> C:\Users\Asus\Documents\Fw_ Landlord statement_ April 10 Statement - 6 St Mary's Close.eml:OECustomProperty
< End of report >
:bigthumb:
How are things running now ?
What I would do is run a free online virus scanner to sweep for leftovers we may have missed
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
davemire
2010-11-13, 20:19
Yes my programs can update automatically and firefox is definately quicker, the ESET scanner wouldn't work though, got as far as step 2 but it couldn't update because my proxy isn't configured.
Are you using Internet Explorer for the scan.
http://kb.eset.com/esetkb/index?page=content&id=SOLN555
http://windows.microsoft.com/en-US/windows-vista/Change-proxy-settings-in-Internet-Explorer
Or try this other scanner
Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) or from Here. (http://www.kaspersky.com/virusscanner)
Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif
davemire
2010-11-13, 22:26
The Kaspersky one didn't work either here is the error message that i am getting:
The program is starting. Please wait...
Updates source is selected: http://www.kaspersky.com
File download: packages/kos-extras.jar
The program is started.
Updating the anti-virus database. Please wait...
Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]
Try both ESET and Kaspersky in Safemode with Networking and see if one of them will run.
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
davemire
2010-11-14, 01:25
ESET worked when i ran it in safe mode here is the log :-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5d65cd8861b3914284d706cfb0c1a163
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-14 12:23:12
# local_time=2010-11-14 12:23:12 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 2002587 2002587 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 126615 127221392 0 0
# compatibility_mode=8192 67108863 100 0 16420 16420 0 0
# scanned=234425
# found=0
# cleaned=0
# scan_time=5572
Clean :bigthumb:
How are things running now ?
davemire
2010-11-14, 14:28
Things are a lot better now, thank you so much buddy i owe you one!
Your very welcome
Open OTL and click on the CleanUp Feature and it will remove tools and backups for the programs we ran.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.