Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

very difficult removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

very difficult removal

Unread postby ronecc » October 26th, 2010, 3:17 pm

I am having trouble with my web browser re-directing. The mail culprit is rc23.overture. and 'Gameo' plus a couple of others. This happens on both IE8 and Firefox. Google and Yahoo browsers. I have installed and tried a number of anti virus, anti spyware programs, but non of them can find the problem.
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:51:08, on 26/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\VISTAU~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Vista User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Vista User\Desktop\hijack this\HijackThis.exe
C:\Windows\system32\Taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.mg40.mail.yahoo.com/dc/launch ... 5b30d493of
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vista User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://bq.kp.2020.net/planner/Core/Play ... _Win32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ ... .0.228.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Comp ... eQuery.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c9b6d357e31efa) (gupdate1c9b6d357e31efa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Unknown owner - (no file)

--
End of file - 11916 bytes

Uninstall Log
32 Bit HP CIO Components Installer
3Connect
Acer Arcade Deluxe
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer OrbiCam
Acer OrbiCam
Acer ScreenSaver
Acer Tour
Acrobat.com
Acrobat.com
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Apple Application Support
Apple Software Update
BBC iPlayer Desktop
BBC iPlayer Desktop
Canon CanoScan Toolbox 5.0
CanoScan LiDE 70
CCleaner
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension
Corel Paint Shop Pro Photo X2
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
FastStone Image Viewer 3.6
Free M4a to MP3 Converter 6.1
getPlus+(R) Download Manager for Corel
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Customer Participation Program 8.0
HP Deskjet & Photosmart Printer Driver Software 8.0.A
HP Imaging Device Functions 8.0
HP Solution Center 8.0
HP Update
HPSSupply
Huawei modem
Java(TM) 6 Update 22
Launch Manager
Magic DVD Copier Version 4.9.1
Magic DVD Ripper V5.3 build 7
Malwarebytes' Anti-Malware
Memory-Map OS Edition Version 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mozilla Firefox (3.6.11)
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Norton Internet Security
Norton PC Checkup
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB979332)
ShadowExplorer 0.7
Skype™ 4.0
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager
VLC media player 1.1.4
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinZip 11.2
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Toolbar
ronecc
Regular Member
 
Posts: 21
Joined: October 26th, 2010, 1:27 pm
Advertisement
Register to Remove

Re: very difficult removal

Unread postby peku006 » October 29th, 2010, 2:44 am

Hi ronecc

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: very difficult removal

Unread postby ronecc » October 29th, 2010, 6:10 am

Hi peku006.
Thank you for helping me with my problem. I have downloaded RkU to my desktop and run the scan you suggested. I received a pop up stating, 'Please wait while Rku makes scan....Getting list of files and directories (C:\). I then got an Error pop up, 'Error starting helper service'. Then a Norton Security Request stating that a restart was required to remove the Security risk. The name Sonar flashed up on the screen. I have done nothing else with any of this, only replying to you. Should I have stopped Norton before running RkU?
Thanks Ron
ronecc
Regular Member
 
Posts: 21
Joined: October 26th, 2010, 1:27 pm

Re: very difficult removal

Unread postby peku006 » October 29th, 2010, 6:35 am

Hi Ron

Ok...let´s try this

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Please reply with

Gmer.txt log.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: very difficult removal

Unread postby ronecc » October 29th, 2010, 12:29 pm

Hi peku006.
Sorry but that download just locks my computer. The initial scan page opens where I have to untick the suggested boxes, but before I can do that the window freezes. I cannot then open Task Manager, the computer hard drive just stops I have to unplug the computer and switch on again.
Ron
ronecc
Regular Member
 
Posts: 21
Joined: October 26th, 2010, 1:27 pm

Re: very difficult removal

Unread postby peku006 » October 29th, 2010, 1:06 pm

Hi Ron

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: very difficult removal

Unread postby ronecc » October 29th, 2010, 1:32 pm

Hi peku006.
Before I start running this program, I do not have a Vista DVD in case I need it. My computer came ready loaded by Acer without the DVD. I do have a few start up cd's, Would any of these work if needed?
Ron
ronecc
Regular Member
 
Posts: 21
Joined: October 26th, 2010, 1:27 pm

Re: very difficult removal

Unread postby peku006 » October 30th, 2010, 6:28 am

Hi Ron

you do not need Vista DVD
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: very difficult removal

Unread postby ronecc » October 30th, 2010, 6:51 am

Hi peku006.
I did the scan as suggested, and here is what came out...
ComboFix 10-10-28.09 - Vista User 30/10/2010 11:26:49.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1712 [GMT 1:00]
Running from: c:\users\Vista User\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Vista User\AppData\Roaming\inst.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1-2.inf
c:\windows\system\BisonC07.dll
c:\windows\system\BisonV07.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-30 10:35 . 2010-10-30 10:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-27 10:28 . 2010-10-07 15:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-27 10:27 . 2010-10-07 15:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C3D87C3-967E-486E-89D3-1C1884B5FCE4}\mpengine.dll
2010-10-26 18:43 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 18:43 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 18:43 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 12:02 . 2010-10-26 12:02 -------- d-----w- c:\programdata\PCPitstop
2010-10-26 12:02 . 2010-10-26 12:04 -------- d-----w- c:\program files\PCPitstop
2010-10-25 17:30 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-25 17:27 . 2010-10-25 17:28 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-22 16:02 . 2008-12-24 03:07 1615 ----a-w- c:\windows\system32\drivers\etc\mvps.bat
2010-10-22 15:19 . 2010-10-22 15:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-22 15:19 . 2010-10-22 15:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-22 15:18 . 2010-10-22 15:18 -------- d-----w- c:\programdata\Hitman Pro
2010-10-21 11:21 . 2010-10-21 11:21 -------- d-----w- c:\program files\Windows Easy Transfer 7
2010-10-20 17:25 . 2010-10-20 17:25 -------- d-----w- c:\users\Vista User\AppData\Local\www.shadowexplorer.com
2010-10-20 17:07 . 2010-10-20 17:07 -------- d-----w- c:\program files\ShadowExplorer
2010-10-20 15:32 . 2010-10-20 15:32 -------- d-----w- c:\users\Vista User\AppData\Roaming\Malwarebytes
2010-10-20 15:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 15:31 . 2010-10-20 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 15:31 . 2010-10-20 15:31 -------- d-----w- c:\programdata\Malwarebytes
2010-10-20 15:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 14:01 . 2010-10-19 14:05 -------- d-----w- c:\users\Vista User\AppData\Local\NPE
2010-10-18 16:59 . 2010-10-26 17:02 -------- d-----w- c:\users\Vista User\AppData\Roaming\vlc
2010-10-16 13:48 . 2010-10-16 13:48 -------- d-----w- c:\users\Vista User\AppData\Roaming\SUPERAntiSpyware.com
2010-10-16 13:48 . 2010-10-16 13:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-16 13:48 . 2010-10-16 13:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-15 09:37 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 09:37 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 09:35 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 18:54 . 2010-10-14 18:54 -------- d-----w- c:\windows\system32\syncdb
2010-10-13 11:11 . 2005-06-06 12:31 108336 ----a-w- c:\windows\system32\Mswinsck.OCX
2010-10-13 11:11 . 2007-06-04 15:10 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-10-11 16:37 . 2010-10-11 16:37 116736 --sha-r- c:\windows\system32\mfc703.dll
2010-10-11 12:24 . 2010-10-11 12:27 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-10-08 20:31 . 2010-10-08 20:31 -------- d-----w- c:\program files\vso
2010-09-30 16:08 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 16:07 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 03:50 . 2010-04-29 16:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-26 18:43 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 18:43 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 18:43 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-26 18:43 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-22 13:23 . 2010-06-16 19:56 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-08-17 14:11 . 2010-09-15 19:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"Google Update"="c:\users\Vista User\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-21 659456]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-11 122880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-11-26 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Vista User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Vista User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Vista User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Vista User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Vista User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-01-14 18:38 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-30 18:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-01-02 18:58 464168 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 21:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 16:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 21:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b6d357e31efa;Google Update Service (gupdate1c9b6d357e31efa);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 133104]
R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 nosGetPlusHelper;nosGetPlusHelper; [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101028.001\IDSvix86.sys [2010-10-19 353840]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe [2010-09-25 115056]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 17:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-25 15:59]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 16:18]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 16:18]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000Core.job
- c:\users\Vista User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-14 12:33]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000UA.job
- c:\users\Vista User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-14 12:33]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://uk.mg40.mail.yahoo.com/dc/launch ... 5b30d493of
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Comp ... eQuery.dll
FF - ProfilePath - c:\users\Vista User\AppData\Roaming\Mozilla\Firefox\Profiles\9nao40ic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UT ... tff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UT ... tff-tyc&p=
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Vista User\AppData\Roaming\Mozilla\Firefox\Profiles\9nao40ic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Vista User\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Vista User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\Vista User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Vista User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.txt=txt_auto_file
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
MSConfigStartUp-BitTorrent DNA - c:\users\Vista User\Program Files\DNA\btdna.exe
MSConfigStartUp-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe
MSConfigStartUp-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
MSConfigStartUp-Standby - c:\program files\Common Files\Corel\Standby\Standby.exe
MSConfigStartUp-TomTomHOME - d:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-{459E93B6-150E-45d5-8D4B-45C66FC035FE} - c:\program files\NOS\bin\getPlus_Helper_3001.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 11:36
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.547\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-30 11:40:52
ComboFix-quarantined-files.txt 2010-10-30 10:40

Pre-Run: 11,193,667,584 bytes free
Post-Run: 11,064,877,056 bytes free

- - End Of File - - 83402BBD780807242B90128C46D6FDA1
ronecc
Regular Member
 
Posts: 21
Joined: October 26th, 2010, 1:27 pm

Re: very difficult removal

Unread postby peku006 » October 30th, 2010, 7:20 am

Hi Ron

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: very difficult removal

Unread postby ronecc » October 30th, 2010, 8:00 am

Hi. Here are the OTL files.
Ron

OTL logfile created on: 30/10/2010 12:46:35 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Vista User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 3113 4219d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.99 Gb Total Space | 10.34 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive D: | 51.98 Gb Total Space | 37.41 Gb Free Space | 71.97% Space Free | Partition Type: NTFS

Computer Name: VISTAUSER-PC | User Name: Vista User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Vista User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Users\Vista User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Users\Vista User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe (Yahoo! Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\PSIService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Vista User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (XAudioService) -- File not found
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3001.dll File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (sesvc) -- C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (ZTEusbser6k) -- C:\Windows\System32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- C:\Windows\System32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (XAudio) -- C:\Windows\System32\DRIVERS\xaudio.sys File not found
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (mdmxsdk) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hwusbfake) -- C:\Windows\System32\DRIVERS\ewusbfake.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (HSXHWAZL) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys File not found
DRV - (EraserUtilDrvI7) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101028.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101029.048\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101029.048\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys ()
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.mg40.mail.yahoo.com/dc/launch ... 5b30d493of
IE - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/05/26 20:46:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/02/12 17:54:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 10:41:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 10:41:18 | 000,000,000 | ---D | M]

[2008/11/25 15:20:50 | 000,000,000 | ---D | M] -- C:\Users\Vista User\AppData\Roaming\mozilla\Extensions
[2008/11/25 15:20:50 | 000,000,000 | ---D | M] -- C:\Users\Vista User\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/10/30 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions
[2010/04/29 17:55:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/06/28 17:07:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/13 14:21:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/19 18:46:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/15 11:29:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/12/17 16:39:37 | 000,000,000 | ---D | M] -- C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\toolbar_extras@uk.yahoo.com
[2009/08/31 16:58:34 | 000,002,149 | ---- | M] () -- C:\Users\Vista User\AppData\Roaming\Mozilla\FireFox\Profiles\9nao40ic.default\searchplugins\MyStart Search.xml
[2010/10/22 12:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/29 17:54:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 11:08:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/22 12:30:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/11 21:56:27 | 000,031,920 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll

O1 HOSTS File: ([2010/10/30 11:36:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.net/planner/Core/Play ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.net/plugins/windows/ ... .0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Comp ... eQuery.dll (CSEQueryObject Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} http://216.249.24.62/code/iPIX-ImageWell-ipix.cab (iPIX Media Send Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vista User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Vista User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/07 13:05:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1347133558-1696348400-1136593757-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 12:43:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Vista User\Desktop\OTL.exe
[2010/10/30 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Vista User\Documents\combofix
[2010/10/30 11:41:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/30 11:40:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/30 11:24:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/30 11:24:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 11:24:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 11:24:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 11:23:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/30 11:22:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/30 11:22:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/26 19:45:24 | 000,000,000 | ---D | C] -- C:\Users\Vista User\Desktop\hijack this
[2010/10/26 19:43:52 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/26 19:43:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/26 19:43:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/26 15:07:54 | 000,000,000 | ---D | C] -- C:\Users\Vista User\Documents\Hosts
[2010/10/26 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/10/26 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/10/25 18:30:55 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/25 18:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/25 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Vista User\Documents\Map Overlays
[2010/10/22 16:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/22 16:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/10/22 12:30:21 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/22 12:30:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/22 12:30:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/21 12:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Easy Transfer 7
[2010/10/20 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Vista User\AppData\Local\www.shadowexplorer.com
[2010/10/20 18:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2010/10/20 16:32:03 | 000,000,000 | ---D | C] -- C:\Users\Vista User\AppData\Roaming\Malwarebytes
[2010/10/20 16:31:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/20 16:31:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/20 16:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 16:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/19 15:01:42 | 000,000,000 | ---D | C] -- C:\Users\Vista User\AppData\Local\NPE
[2010/10/18 17:59:47 | 000,000,000 | ---D | C] -- C:\Users\Vista User\AppData\Roaming\vlc
[2010/10/16 14:48:19 | 000,000,000 | ---D | C] -- C:\Users\Vista User\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/16 14:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/16 14:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/15 10:37:06 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/15 10:36:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/15 10:36:26 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/15 10:36:23 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/15 10:36:19 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/15 10:36:19 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/15 10:36:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/15 10:36:14 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/15 10:36:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/15 10:36:13 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/15 10:36:13 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/15 10:36:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/15 10:36:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/15 10:36:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/15 10:36:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/15 10:36:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/15 10:36:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/15 10:36:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/15 10:36:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/15 10:36:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/15 10:36:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/15 10:36:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/15 10:36:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/15 10:36:04 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/15 10:36:02 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/14 19:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\syncdb
[2010/10/13 12:11:02 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mswinsck.OCX
[2010/10/13 12:11:01 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2010/10/11 13:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/10/11 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Vista User\Documents\Adobe
[2010/10/08 21:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2010/10/06 19:19:47 | 000,000,000 | ---D | C] -- C:\Users\Vista User\Documents\Video to DVD Burner
[2010/10/05 20:52:30 | 000,000,000 | ---D | C] -- C:\Users\Vista User\Documents\tv license
[2010/09/30 17:08:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/12/13 16:25:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Vista User\AppData\Roaming\pcouffin.sys
[2006/12/07 13:18:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/30 12:43:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Vista User\Desktop\OTL.exe
[2010/10/30 12:19:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000UA.job
[2010/10/30 11:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/30 11:44:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/30 11:36:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/30 11:05:05 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 11:05:05 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 10:53:55 | 000,013,260 | ---- | M] () -- C:\Users\Vista User\AppData\Roaming\nvModes.dat
[2010/10/30 10:53:55 | 000,013,260 | ---- | M] () -- C:\Users\Vista User\AppData\Roaming\nvModes.001
[2010/10/30 10:53:49 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/10/30 10:53:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 10:53:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 10:52:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/30 10:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 10:51:52 | 2951,397,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 18:33:24 | 003,894,257 | R--- | M] () -- C:\Users\Vista User\Desktop\ComboFix.exe
[2010/10/29 18:19:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000Core.job
[2010/10/29 10:45:16 | 000,133,632 | ---- | M] () -- C:\Users\Vista User\Desktop\RKUnhookerLE.EXE
[2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/25 18:27:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/22 16:19:27 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/20 12:15:53 | 000,001,356 | ---- | M] () -- C:\Users\Vista User\AppData\Local\d3d9caps.dat
[2010/10/19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/19 17:51:30 | 000,001,659 | ---- | M] () -- C:\Users\Vista User\Desktop\Command Prompt.lnk
[2010/10/19 17:15:40 | 001,641,025 | ---- | M] () -- C:\Users\Vista User\Documents\http___us.norton.com_support_premium_services_malware_removal_guide.pdf
[2010/10/18 17:59:37 | 000,000,695 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/16 10:25:39 | 000,306,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/16 09:59:06 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/10/14 16:14:54 | 000,007,048 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/10/11 17:37:13 | 000,116,736 | RHS- | M] () -- C:\Windows\System32\mfc703.dll
[2010/10/09 10:14:19 | 000,002,437 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/10/08 20:34:54 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/30 11:24:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 11:24:31 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 11:24:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 11:24:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 11:24:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/29 18:33:09 | 003,894,257 | R--- | C] () -- C:\Users\Vista User\Desktop\ComboFix.exe
[2010/10/29 10:45:14 | 000,133,632 | ---- | C] () -- C:\Users\Vista User\Desktop\RKUnhookerLE.EXE
[2010/10/25 18:27:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/22 16:19:27 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/20 12:29:45 | 2951,397,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/19 17:51:30 | 000,001,659 | ---- | C] () -- C:\Users\Vista User\Desktop\Command Prompt.lnk
[2010/10/19 17:15:39 | 001,641,025 | ---- | C] () -- C:\Users\Vista User\Documents\http___us.norton.com_support_premium_services_malware_removal_guide.pdf
[2010/10/18 17:59:36 | 000,000,695 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/16 09:59:06 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/10/11 17:37:13 | 000,116,736 | RHS- | C] () -- C:\Windows\System32\mfc703.dll
[2010/10/08 20:34:52 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/20 11:36:17 | 000,003,689 | ---- | C] () -- C:\Windows\jhvr_b24.ini
[2010/02/24 18:02:06 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009/09/12 10:18:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/19 10:16:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/23 18:40:10 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/02/10 22:14:42 | 000,024,206 | ---- | C] () -- C:\Users\Vista User\AppData\Roaming\UserTile.png
[2009/01/10 19:06:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\msrctp.ini
[2008/12/20 19:12:04 | 000,001,356 | ---- | C] () -- C:\Users\Vista User\AppData\Local\d3d9caps.dat
[2008/12/13 16:25:56 | 000,000,034 | ---- | C] () -- C:\Users\Vista User\AppData\Roaming\pcouffin.log
[2008/12/13 16:25:16 | 000,007,887 | ---- | C] () -- C:\Users\Vista User\AppData\Roaming\pcouffin.cat
[2008/12/13 16:25:16 | 000,001,144 | ---- | C] () -- C:\Users\Vista User\AppData\Roaming\pcouffin.inf
[2008/11/26 15:37:19 | 000,011,270 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008/11/26 15:37:19 | 000,000,168 | RHS- | C] () -- C:\ProgramData\EBFCAC4176.sys
[2008/11/26 12:23:28 | 000,007,048 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/11/26 12:23:28 | 000,000,168 | RHS- | C] () -- C:\Windows\System32\9DC5C30FED.sys
[2008/11/25 22:59:21 | 000,010,752 | ---- | C] () -- C:\Users\Vista User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 21:26:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/25 16:54:56 | 000,004,488 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/18 17:52:11 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2008/11/18 12:21:55 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2008/11/18 12:21:55 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/11/18 12:20:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/11/18 12:05:49 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2008/11/18 12:05:09 | 000,013,260 | ---- | C] () -- C:\Users\Vista User\AppData\Roaming\nvModes.001
[2008/11/18 12:05:02 | 000,013,260 | ---- | C] () -- C:\Users\Vista User\AppData\Roaming\nvModes.dat
[2007/01/02 19:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/02 19:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/02 19:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/02 19:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/02 19:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/02 19:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/02 19:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/12/07 14:44:32 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/12/07 13:18:26 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/12/07 13:05:27 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/12/07 13:04:14 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2006/12/02 08:24:39 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2006/12/02 08:24:39 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2006/12/02 08:24:39 | 000,204,800 | ---- | C] () -- C:\Windows\Capsule.dll
[2006/12/02 08:24:39 | 000,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2006/12/02 08:24:38 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:242231A9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0B9D8E22

< End of report >

OTL Extras logfile created on: 30/10/2010 12:46:35 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Vista User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 3113 4219d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.99 Gb Total Space | 10.34 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive D: | 51.98 Gb Total Space | 37.41 Gb Free Space | 71.97% Space Free | Partition Type: NTFS

Computer Name: VISTAUSER-PC | User Name: Vista User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1347133558-1696348400-1136593757-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.txt [@ = txt_auto_file] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisabledInterfaces" = {1B0FC5DE-E817-4556-AF9B-A879981DECB8},{67D5B339-A61F-41D1-ABC4-8A72BB01CD0C}

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30B54185-3028-4F45-995D-D320FEBDA8DB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{519F4B40-188D-4E10-8220-0D705F46F68B}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{66119A97-E30B-4CC6-B296-AFC9F2AB8817}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{71DBEE56-1E91-4154-86A4-2A909BE07B55}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{7CD06B0D-F173-4FB5-92A1-7C33415539C1}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{86603039-3C0F-4281-A9C9-C812F172938D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{A917F24F-33D4-4CE6-A1E0-8C22910A88BD}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AE8BB805-9672-42D4-B29F-2ACC6045CA7C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{CA686F79-E49C-4A6D-B24A-7D74145A22A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D292691C-017A-41D9-8542-DAB4940F9F24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D80D679C-440A-4D58-9453-876804EC4DA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E9291034-D08D-46DE-B523-2532E9DC316F}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0883EFEB-8A75-4575-A3EB-FA8AECF7475B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{132CCF05-A9B4-4A76-899F-3D5F383B5745}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{199F91E1-415F-4E45-8FF3-BB4D489822A4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{458CF7C5-2C60-4323-B4D2-534B28FC7B2A}" = protocol=17 | dir=in | app=c:\users\vista user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5D066C6C-F1DD-43B0-AD6F-F9E9EB9A5025}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{6418DFE6-1BCA-45C4-960F-5A203B9B64D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{66342D41-8DEB-4D04-9270-36938D3BA2AA}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{72BADA08-984F-4069-A5AC-53E21AD87631}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B492361-4B35-48BC-8311-B0D48EB1295E}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{876A966C-EE93-49C3-B1EC-1DE5F84D07CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{958CC127-30B5-43B7-B0E6-4F3D343F6BDF}" = protocol=17 | dir=in | app=c:\users\vista user\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{A0E7CC27-D826-4520-AE6D-249955D7F0F9}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{A53F2ED5-0DF9-4DDD-B26C-D0F623B40C61}" = protocol=6 | dir=in | app=d:\program files\ea games\battlefield 2\bf2.exe |
"{B4CFF8DC-8AB2-4E5B-AB1F-503E94466906}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BCB09164-CCB1-4CA2-ADB5-07DD2FA57724}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{C27EA940-9427-44F1-9D4D-000823DCE74E}" = protocol=6 | dir=in | app=c:\users\vista user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F30CD73B-7FFF-4825-8DB6-CE54EB6BCC0B}" = protocol=6 | dir=in | app=c:\users\vista user\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{F6668DA4-B315-40DB-82CA-E88BBC1976BA}" = protocol=17 | dir=in | app=d:\program files\ea games\battlefield 2\bf2.exe |
"{FFD549C9-1AC3-4189-9202-4BD4EB05C3C3}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{601F42A9-8B4F-4650-A472-4CA8325E3E87}" = D6100
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}" = Memory-Map OS Edition Version 5
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FastStone Image Viewer" = FastStone Image Viewer 3.6
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"Huawei Modems" = Huawei modem
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LManager" = Launch Manager
"Magic DVD Copier_is1" = Magic DVD Copier Version 4.9.1
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.3 build 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NIS" = Norton Internet Security
"NortonPCCheckup" = Norton PC Checkup
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ShadowExplorer_is1" = ShadowExplorer 0.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1347133558-1696348400-1136593757-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/11/2009 09:04:24 | Computer Name = VistaUser-PC | Source = Application Hang | ID = 1002
Description = The program TomTomHOMERuntime.exe version 1.9.1.3443 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1328 Start Time: 01ca6918a182138b Termination Time: 289

Error - 20/11/2009 10:47:17 | Computer Name = VistaUser-PC | Source = Google Update | ID = 20
Description =

Error - 20/11/2009 13:43:28 | Computer Name = VistaUser-PC | Source = Application Hang | ID = 1002
Description = The program MagicDVDCopier.exe version 4.9.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1300 Start Time: 01ca69fccd495250 Termination Time: 279

Error - 20/11/2009 13:56:23 | Computer Name = VistaUser-PC | Source = Application Hang | ID = 1002
Description = The program Cdmkr32.exe version 7.7.0.9 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1dc8 Start Time: 01ca6a0aa0ddd430 Termination Time: 28

Error - 20/11/2009 13:58:03 | Computer Name = VistaUser-PC | Source = Application Hang | ID = 1002
Description = The program Cdmkr32.exe version 7.7.0.9 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1924 Start Time: 01ca6a0ad9eb1580 Termination Time: 29

Error - 20/11/2009 14:45:48 | Computer Name = VistaUser-PC | Source = Application Hang | ID = 1002
Description = The program MagicDVDCopier.exe version 4.9.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 934 Start Time: 01ca6a0b17cbfef0 Termination Time: 2335

Error - 20/11/2009 16:23:00 | Computer Name = VistaUser-PC | Source = Application Error | ID = 1000
Description = Faulting application MagicDVDCopier.exe, version 4.9.0.0, time stamp
0x494606f1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x1624, application start time
0x01ca6a193598e660.

Error - 23/11/2009 13:26:32 | Computer Name = VistaUser-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module yt.dll, version 2008.7.28.1, time stamp 0x488da12a,
exception code 0xc0000005, fault offset 0x00056d54, process id 0x11a0, application
start time 0x01ca6c60fa660c37.

Error - 23/11/2009 19:03:20 | Computer Name = VistaUser-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18828 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17bc Start Time: 01ca6c1e4bb24927 Termination Time: 0

Error - 27/11/2009 05:00:09 | Computer Name = VistaUser-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 29/10/2010 12:20:47 | Computer Name = VistaUser-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:16:39 on 29/10/2010 was unexpected.

Error - 29/10/2010 12:21:49 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/10/2010 12:21:49 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/10/2010 12:22:02 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/10/2010 05:53:38 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/10/2010 05:53:38 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/10/2010 05:53:45 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/10/2010 06:26:34 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 30/10/2010 06:26:36 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 30/10/2010 06:36:09 | Computer Name = VistaUser-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >
ronecc
Regular Member
 
Posts: 21
Joined: October 26th, 2010, 1:27 pm

Re: very difficult removal

Unread postby peku006 » October 30th, 2010, 8:49 am

Hi Ron

Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Please reply with

Malwarebytes' Anti-Malware Log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: very difficult removal

Unread postby ronecc » October 30th, 2010, 10:20 am

Hipeku006.
Here is the MBAM log
Ron

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4996

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

30/10/2010 15:15:45
mbam-log-2010-10-30 (15-15-45).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 261401
Time elapsed: 1 hour(s), 21 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:


(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ronecc
Regular Member
 
Posts: 21
Joined: October 26th, 2010, 1:27 pm

Re: very difficult removal

Unread postby peku006 » October 30th, 2010, 11:41 am

Hi Ron

TFC (Temp File Cleaner)

  • Please download TFC to your desktop
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: very difficult removal

Unread postby ronecc » October 30th, 2010, 12:56 pm

Hi. Kapersky taking hours to download updates. Computer is running very slow
ronecc
Regular Member
 
Posts: 21
Joined: October 26th, 2010, 1:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware