Most recent log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 5520
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
15/01/2011 9:05:23 a.m.
mbam-log-2011-01-15 (09-05-23).txt
Scan type: Quick scan
Objects scanned: 140242
Time elapsed: 10 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Removed heaps of Trojans log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 5434
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
2/01/2011 6:51:23 a.m.
mbam-log-2011-01-02 (06-51-23).txt
Scan type: Quick scan
Objects scanned: 138923
Time elapsed: 28 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Value: *.securewebinfo.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Value: *.safetyincludes.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Value: *.securemanaging.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\QuickTime Task (Trojan.Zlob) -> Value: QuickTime Task -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
c:\program files\webmediaviewer (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\antivirustrigger 2.1 (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\xlitte danx\favorites\antivirus scan.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\antivirus scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\online antispyware test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\webmediaviewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\webmediaviewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\webmediaviewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\webmediaviewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\webmediaviewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\webmediaviewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\antivirustrigger 2.1\antivirustrigger 2.1.lnk (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
OTL.txt
OTL logfile created on: 15/01/2011 6:31:32 p.m. - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\xlitte danx\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
445.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.79 Gb Total Space | 4.30 Gb Free Space | 13.97% Space Free | Partition Type: NTFS
Drive D: | 32.07 Gb Total Space | 31.24 Gb Free Space | 97.41% Space Free | Partition Type: NTFS
Drive F: | 2.72 Gb Total Space | 2.38 Gb Free Space | 87.43% Space Free | Partition Type: NTFS
Computer Name: ADMIN | User Name: xlitte danx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/01/15 18:29:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xlitte danx\Desktop\OTL.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/11/24 15:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/01/27 13:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/04/11 19:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ========== MOD - [2011/01/15 18:29:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xlitte danx\Desktop\OTL.exe
MOD - [2010/12/04 19:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/09/01 04:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/07/12 20:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 20:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2010/11/24 15:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 14:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 20:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 20:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 20:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/01 10:34:16 | 000,131,072 | ---- | M] (acer) [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/11/30 19:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/25 09:57:54 | 000,107,008 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/20 21:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/11/19 02:58:00 | 000,254,050 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/11/19 02:58:00 | 000,114,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/19 02:56:50 | 001,073,152 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006/11/16 16:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/13 00:13:10 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
========== Driver Services (SafeList) ========== DRV - [2011/01/15 09:49:28 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110114.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/15 09:49:27 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110114.023\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/01 18:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/23 17:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 17:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/23 15:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/18 15:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/16 14:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/09 13:50:30 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110114.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/11/03 20:34:23 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/01 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/21 15:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/05/26 21:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/11 07:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files 2\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 07:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files 2\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/11 17:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/04/11 17:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/11 17:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/05/24 12:16:14 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/05/24 12:16:14 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/12/03 12:08:17 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/12/01 18:38:00 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/25 15:46:36 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/19 02:57:32 | 000,006,656 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer\Acer Arcade\000.fcl -- ({2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD})
DRV - [2006/11/13 15:11:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/13 15:10:00 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/13 15:10:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/13 15:10:00 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/13 15:02:00 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/11/13 15:02:00 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/11/13 15:02:00 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/11/10 15:21:16 | 000,007,936 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2006/11/10 15:10:50 | 000,010,624 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2006/11/10 14:38:22 | 000,506,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/11/08 16:11:30 | 000,053,760 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2006/11/03 02:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 22:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 22:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 22:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 22:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 22:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 22:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 22:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 22:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 22:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 22:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 22:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 22:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 22:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 22:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 22:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 22:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 22:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 22:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 22:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 22:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 22:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 22:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 22:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 22:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 22:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 22:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 22:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 22:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 22:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 22:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 22:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 22:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 22:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 22:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 22:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 21:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 21:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 21:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 21:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 21:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 21:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 20:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 20:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 20:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 20:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/27 19:14:22 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://en.nz.acer.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://en.nz.acer.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.nz/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://msn.co.nz/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 E9 C8 86 69 D5 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/08 10:39:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/07 09:34:48 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/19 10:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [捁牥吠畯r] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xlitte danx\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\xlitte danx\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/03 12:09:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a13981f3-c5a7-11dd-a0a6-001636c7d525}\Shell - "" = AutoRun
O33 - MountPoints2\{a13981f3-c5a7-11dd-a0a6-001636c7d525}\Shell\AutoRun\command - "" = H:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/01/15 18:29:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xlitte danx\Desktop\OTL.exe
[2011/01/02 00:10:31 | 000,000,000 | ---D | C] -- C:\Users\xlitte danx\AppData\Roaming\Malwarebytes
[2011/01/02 00:10:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/02 00:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/02 00:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/02 00:10:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/02 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\xlitte danx\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/02 00:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/02 00:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/01 23:53:47 | 000,000,000 | ---D | C] -- C:\Users\xlitte danx\Desktop\Kayla
[2011/01/01 23:33:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/01 22:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/01 22:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/17 06:14:24 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/17 06:14:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/17 06:14:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/17 06:14:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/17 06:13:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/17 06:13:38 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/17 06:13:37 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/17 06:13:35 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/16 22:58:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/16 22:58:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/16 22:58:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/16 22:58:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/16 22:58:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/16 22:58:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/16 22:58:04 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/16 22:58:03 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/16 22:58:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/16 22:58:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/16 22:58:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/16 22:58:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/16 22:58:00 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/16 22:58:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/16 22:58:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/16 22:57:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/16 22:57:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/16 22:53:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2006/12/03 12:04:51 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
========== Files - Modified Within 30 Days ========== [2011/01/15 18:29:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xlitte danx\Desktop\OTL.exe
[2011/01/15 17:49:11 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/15 17:49:10 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/15 17:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/13 14:41:57 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/13 14:41:57 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/12 17:47:21 | 002,699,084 | ---- | M] () -- C:\Users\xlitte danx\Documents\P1010149.JPG
[2011/01/12 17:46:22 | 001,810,959 | ---- | M] () -- C:\Users\xlitte danx\Documents\P1010145.JPG
[2011/01/12 17:42:44 | 000,220,823 | ---- | M] () -- C:\Users\xlitte danx\Desktop\lawn.jpg
[2011/01/12 17:40:25 | 002,326,531 | ---- | M] () -- C:\Users\xlitte danx\Documents\P1010144.JPG
[2011/01/10 20:17:19 | 000,133,632 | ---- | M] () -- C:\Users\xlitte danx\Desktop\RKUnhookerLE.EXE
[2011/01/10 20:05:17 | 000,624,128 | ---- | M] () -- C:\Users\xlitte danx\Desktop\dds.scr
[2011/01/08 10:38:02 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/01/08 10:36:59 | 001,985,480 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/01/02 21:22:16 | 000,000,680 | ---- | M] () -- C:\Users\xlitte danx\AppData\Local\d3d9caps.dat
[2011/01/02 00:16:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/01/02 00:10:10 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 00:01:24 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/01 22:13:55 | 000,379,898 | ---- | M] () -- C:\Users\xlitte danx\Documents\cc_20110101_221322.reg
[2011/01/01 22:03:12 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/01 22:01:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/27 20:07:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/27 16:49:30 | 018,294,272 | ---- | M] () -- C:\Users\xlitte danx\Documents\TAIT FAMILY REUNION.ppt
[2010/12/24 14:10:55 | 000,033,280 | ---- | M] () -- C:\Users\xlitte danx\Documents\reunion teams.xls
[2010/12/24 13:55:14 | 000,002,593 | ---- | M] () -- C:\Users\xlitte danx\Desktop\Microsoft Excel.lnk
[2010/12/24 13:26:24 | 000,027,648 | ---- | M] () -- C:\Users\xlitte danx\Documents\Lodge teams, roster, menu.xls
[2010/12/22 22:11:20 | 000,080,384 | ---- | M] () -- C:\Users\xlitte danx\Documents\Copy of reunion teams(1).xls
[2010/12/21 19:29:13 | 004,666,880 | ---- | M] () -- C:\Users\xlitte danx\Desktop\aku tamariki.ppt
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 22:02:06 | 000,047,616 | ---- | M] () -- C:\Users\xlitte danx\Documents\WHAKATAUKI.doc
[2010/12/19 18:19:19 | 006,746,112 | ---- | M] () -- C:\Users\xlitte danx\Documents\full version HISTORY OF NANA AND DA excl dormer girls.doc
[2010/12/19 18:16:44 | 004,257,792 | ---- | M] () -- C:\Users\xlitte danx\Documents\presentation.doc
[2010/12/19 14:15:07 | 000,061,113 | ---- | M] () -- C:\Users\xlitte danx\Desktop\16 Hamilton Rd.jpg
[2010/12/18 15:04:35 | 000,207,872 | ---- | M] () -- C:\Users\xlitte danx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 14:58:32 | 000,093,049 | ---- | M] () -- C:\Users\xlitte danx\Documents\Golden wedding boys.jpg
[2010/12/18 03:27:31 | 000,294,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ========== [2011/01/12 17:42:15 | 000,220,823 | ---- | C] () -- C:\Users\xlitte danx\Desktop\lawn.jpg
[2011/01/12 17:36:33 | 001,810,959 | ---- | C] () -- C:\Users\xlitte danx\Documents\P1010145.JPG
[2011/01/12 17:36:21 | 002,326,531 | ---- | C] () -- C:\Users\xlitte danx\Documents\P1010144.JPG
[2011/01/12 17:36:07 | 002,699,084 | ---- | C] () -- C:\Users\xlitte danx\Documents\P1010149.JPG
[2011/01/12 17:35:54 | 003,924,939 | ---- | C] () -- C:\Users\xlitte danx\Documents\P1010146.JPG
[2011/01/10 20:17:14 | 000,133,632 | ---- | C] () -- C:\Users\xlitte danx\Desktop\RKUnhookerLE.EXE
[2011/01/10 20:05:16 | 000,624,128 | ---- | C] () -- C:\Users\xlitte danx\Desktop\dds.scr
[2011/01/02 00:16:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/02 00:10:10 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 00:01:24 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/01 22:13:47 | 000,379,898 | ---- | C] () -- C:\Users\xlitte danx\Documents\cc_20110101_221322.reg
[2011/01/01 22:03:11 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/01 22:01:01 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/24 13:26:15 | 000,027,648 | ---- | C] () -- C:\Users\xlitte danx\Documents\Lodge teams, roster, menu.xls
[2010/12/22 22:11:20 | 000,080,384 | ---- | C] () -- C:\Users\xlitte danx\Documents\Copy of reunion teams(1).xls
[2010/12/21 07:41:34 | 004,666,880 | ---- | C] () -- C:\Users\xlitte danx\Desktop\aku tamariki.ppt
[2010/12/19 19:17:42 | 000,047,616 | ---- | C] () -- C:\Users\xlitte danx\Documents\WHAKATAUKI.doc
[2010/12/19 14:15:03 | 000,061,113 | ---- | C] () -- C:\Users\xlitte danx\Desktop\16 Hamilton Rd.jpg
[2010/12/18 20:39:16 | 004,257,792 | ---- | C] () -- C:\Users\xlitte danx\Documents\presentation.doc
[2010/12/18 14:58:17 | 000,093,049 | ---- | C] () -- C:\Users\xlitte danx\Documents\Golden wedding boys.jpg
[2010/10/28 11:02:17 | 000,001,940 | ---- | C] () -- C:\Users\xlitte danx\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/25 08:32:51 | 000,000,092 | ---- | C] () -- C:\Windows\Elm.ini
[2010/09/22 17:40:05 | 000,000,280 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/11/21 17:17:42 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/20 19:03:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/26 14:27:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/07 14:54:40 | 000,000,552 | ---- | C] () -- C:\Users\xlitte danx\AppData\Local\d3d8caps.dat
[2008/06/14 15:30:18 | 000,000,697 | ---- | C] () -- C:\Windows\ka.ini
[2008/06/12 04:19:30 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/04/13 19:03:02 | 000,000,680 | ---- | C] () -- C:\Users\xlitte danx\AppData\Local\d3d9caps.dat
[2007/03/19 02:29:18 | 000,023,513 | ---- | C] () -- C:\Users\xlitte danx\AppData\Roaming\UserTile.png
[2007/02/26 23:50:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/26 01:40:32 | 000,161,165 | ---- | C] () -- C:\ProgramData\LUInstall.LiveUpdate
[2007/02/25 22:42:14 | 000,000,178 | ---- | C] () -- C:\Users\xlitte danx\AppData\Roaming\iPod Access v2 Prefs
[2007/02/25 22:36:58 | 000,000,010 | -H-- | C] () -- C:\Users\xlitte danx\AppData\Roaming\iPodAccess_Time
[2007/02/24 01:35:40 | 000,207,872 | ---- | C] () -- C:\Users\xlitte danx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/23 14:11:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/02/23 14:11:26 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/02/23 14:10:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/02/23 13:51:44 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2006/12/22 03:30:05 | 000,000,094 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2006/12/05 08:56:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/12/03 12:04:53 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/12/03 11:58:13 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2006/12/03 10:27:37 | 000,000,111 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006/12/03 10:27:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/16 13:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006/11/16 13:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006/11/16 13:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006/11/16 13:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006/11/16 13:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006/11/16 13:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/11/16 13:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 23:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 20:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/12 06:35:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006/08/12 06:31:28 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2004/06/06 12:53:42 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/06/05 12:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001/12/27 12:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 19:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 12:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 18:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/05/31 11:29:14 | 000,008,539 | ---- | C] () -- C:\Windows\System32\ddcfxprs.ini
========== LOP Check ========== [2007/03/11 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\xlitte danx\AppData\Roaming\BitTorrent
[2007/09/11 00:46:57 | 000,000,000 | -H-D | M] -- C:\Users\xlitte danx\AppData\Roaming\ijjigame
[2010/07/26 21:08:11 | 000,000,000 | ---D | M] -- C:\Users\xlitte danx\AppData\Roaming\LimeWire
[2010/07/26 22:36:49 | 000,000,000 | ---D | M] -- C:\Users\xlitte danx\AppData\Roaming\Panasonic
[2009/03/26 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\xlitte danx\AppData\Roaming\RapidTyping
[2010/01/12 20:07:04 | 000,000,000 | ---D | M] -- C:\Users\xlitte danx\AppData\Roaming\SmartDraw
[2010/12/27 20:07:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >
Extras.txt
OTL Extras logfile created on: 15/01/2011 6:31:32 p.m. - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\xlitte danx\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
445.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.79 Gb Total Space | 4.30 Gb Free Space | 13.97% Space Free | Partition Type: NTFS
Drive D: | 32.07 Gb Total Space | 31.24 Gb Free Space | 97.41% Space Free | Partition Type: NTFS
Drive F: | 2.72 Gb Total Space | 2.38 Gb Free Space | 87.43% Space Free | Partition Type: NTFS
Computer Name: ADMIN | User Name: xlitte danx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029596C4-3AD6-494D-9DB5-BDF42DA2AF00}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0F183DDC-E9A1-44FE-B741-454BA8439657}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40F53920-7C18-4402-8A4E-18F108F7C3AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48C6F3F9-F2B1-48F1-AB54-1F6EE764AA28}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DBDF6C7-FC10-4372-BB63-71D50FF5A81C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{992FB7B6-FEE1-4DC5-81FB-8A69882EBFAF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C55545C4-A018-42F1-82DB-FAB321F77409}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4FBAB24-786C-4DB8-ADD8-49EB6E75A357}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF5E7101-BDF4-47E5-B229-76385F582EE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F612B20E-F828-48A0-BE74-7F1679E4BF9C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FE057924-9C7E-46D9-BE83-E9BAFC56F940}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AF1CA9-0150-46CB-8AA8-D2BCEF664545}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{141D2AE4-4B90-4239-843E-5260344041FD}" = protocol=6 | dir=out | app=system |
"{19FE3A2F-7144-41FD-B163-7533EC98B9A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1FEE03D0-3994-4D9E-B6D0-7F40D18FD946}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{335AF472-B982-4B5B-9B82-770C5089BC75}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{54201DB0-E6F9-49B3-8A46-B0751F2F170F}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{648A99D3-B63D-4611-8DBF-6779ADF8BF41}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{67B8445A-C469-43FB-AACC-834976115525}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BD3F8F7-9B38-4B41-BD79-5E2AE6BA9522}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7615FA1C-B72D-46D9-A037-0AFC6E735821}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{77DC0173-FE90-4702-8E4F-E9D699C58F28}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7ADA544D-7A68-47B2-88A4-9CB16C7AB540}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7AFA96A5-242D-4E2B-9FA5-E073BC1ED208}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{835F7DFA-7D63-4884-A430-BB825CA807A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85C05C44-4635-4C7C-ACCC-3E3B9FD6BCAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9AA01753-3E54-4F84-B85A-89B417F9A6C2}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{9D60D276-67FF-445C-9A61-894FDC3BC5D3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A05F8040-9237-4F74-8DF7-10C4FCE790D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A70CB201-D171-451F-88A4-5FC4133E88F9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A8315DEA-6221-435A-9D59-ADE3466B7A03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB09E19F-0AFF-4CF6-AF4D-70184B5CBFF5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BB6EE907-FFA6-459B-94A5-9E669AB76EB5}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{C279825E-91D8-408A-B789-E2C90CC44C46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB1E97E0-9EF6-4C88-9B36-B58D1AA926C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2B061BA-82B8-4071-A203-21072DE95E4F}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{E80408C4-8776-4E24-BC4D-4853FF007F64}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA1E36DE-D53A-43B6-BD42-0B1C53FFF439}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECCC643F-4AD1-4F8B-AD1B-7D7E77E08B2A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F07C2801-160B-47F3-A566-86959992FAE0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FA965216-E7D9-4923-91DB-E07FB808D55E}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{FFEB4811-C45E-4A1D-93C9-210D8B1DEF6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{376B619C-A5C6-4AA5-9A7B-6D02A748022F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{467975AE-AF11-491C-98FA-953D88A151B2}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{790ED164-307F-45B8-B5A9-BECEC7F00F4F}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{436535B1-167D-4834-BAF2-0A1D7469B3B7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4AA283AA-E3CF-4C7E-BC23-58AA7C123F97}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{DF5BA7AD-FFD3-4792-8B41-613C79E896EE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{431EC3F3-6111-AFD8-6BDC-FFD0C2AB1EEF}" = ATI Catalyst Control Center Ex
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{886E284F-ED78-4149-9007-9C5CF69A52B9}" = Camtasia Studio 6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A21EA7-8FBC-49BC-8AB4-BA641BD230E2}" = Learn Multiplication
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D901F63D-6342-45A9-90FD-D093772A51ED}" = CorelDRAW 11 SA
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Collab" = Collab
"EPSON Printer and Utilities" = EPSON Printer Software
"ES C41 PSolver" = ES C41 Problem Solver
"FoneSync" = FoneSync
"GridVista" = Acer GridVista
"Guess Who" = Guess Who
"InstallShield_{D901F63D-6342-45A9-90FD-D093772A51ED}" = CorelDRAW SA 11
"JumpStart Advanced 6th Grade" = JumpStart Advanced 6th Grade
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Network Play System (Patching)" = Network Play System (Patching)
"NIS" = Norton Internet Security
"Photo Viewer" = Photo Viewer V208G2
"RealAlt_is1" = Real Alternative 1.48
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Sims" = The Sims
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Redirecting of websites to follow.
thank you very much once again.
RikFlow