7 hours and Kapersky has not updated yet, so I have stopped it. Have checked with Norton and SuperAntispyware. Both have found nothing. What should I do now?
OTS logfile created on: 31/10/2010 19:04:17 - Run 1 OTS by OldTimer - Version 3.1.40.0 Folder = C:\Users\Vista User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free 9.00 Gb Paging File | 8.00 Gb Available in Paging File | 87.00% Paging File free Paging file location(s): c:\pagefile.sys 3113 4219d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51.99 Gb Total Space | 11.79 Gb Free Space | 22.68% Space Free | Partition Type: NTFS Drive D: | 51.98 Gb Total Space | 37.24 Gb Free Space | 71.65% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VISTAUSER-PC Current User Name: Vista User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Vista User\Desktop\OTS.exe -> [2010/10/31 19:00:54 | 000,641,536 | ---- | M] (OldTimer Tools) rtkbtmnt.exe -> C:\Users\VISTAU~1\AppData\Local\Temp\RtkBtMnt.exe -> [2010/10/30 15:56:45 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) symcpcculaunchsvc.exe -> C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe -> [2010/09/25 08:52:37 | 000,115,056 | ---- | M] (Symantec Corporation) psiservice_2.exe -> c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) ccsvchst.exe -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe -> [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) sesvc.exe -> C:\Program Files\ShadowExplorer\sesvc.exe -> [2010/01/23 14:18:54 | 000,009,216 | ---- | M] (www.shadowexplorer.com) googlequicksearchbox.exe -> C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe -> [2009/12/11 18:51:43 | 000,122,880 | ---- | M] (Google Inc.) ccsvchst.exe -> C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe -> [2009/08/24 22:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2008/07/11 17:06:38 | 000,223,984 | ---- | M] (Yahoo! Inc.) acrotray.exe -> C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) coreliomonitor.exe -> C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe -> [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () edsservice.exe -> C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -> [2007/01/02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) capuserv.exe -> C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -> [2007/01/02 16:46:52 | 000,024,576 | ---- | M] () epowersvc.exe -> C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -> [2007/01/02 09:33:24 | 000,135,168 | ---- | M] (acer) enet service.exe -> C:\Acer\Empowering Technology\eNet\eNet Service.exe -> [2006/12/28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) erecoveryservice.exe -> C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) elockserv.exe -> C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -> [2006/12/22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) lmanager.exe -> C:\Program Files\Launch Manager\LManager.exe -> [2006/12/21 00:02:14 | 000,659,456 | ---- | M] (Dritek System Inc.) mobilityservice.exe -> C:\Acer\Mobility Center\MobilityService.exe -> [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2006/11/09 18:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) psiservice.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Modules - Safe List] ots.exe -> C:\Users\Vista User\Desktop\OTS.exe -> [2010/10/31 19:00:54 | 000,641,536 | ---- | M] (OldTimer Tools) asoehook.dll -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll -> [2010/09/20 19:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) msvcr90.dll -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll -> [2009/07/12 08:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) msvcp90.dll -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll -> [2009/07/12 08:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) [Win32 Services - Safe List] (XAudioService) XAudioService [Auto | Stopped] -> -> File not found (nosGetPlusHelper) nosGetPlusHelper [Unknown | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper_3001.dll -> File not found (NMIndexingService) NMIndexingService [On_Demand | Stopped] -> C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -> File not found (Norton PC Checkup Application Launcher) Norton PC Checkup Application Launcher [Auto | Running] -> C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe -> [2010/09/25 08:52:37 | 000,115,056 | ---- | M] (Symantec Corporation) (MsMpSvc) Microsoft Antimalware Service [Disabled | Stopped] -> C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) (WPFFontCache_v0400) Windows Presentation Foundation Font Cache 4.0.0.0 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -> [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) (NIS) Norton Internet Security [Unknown | Running] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -> [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) (sesvc) ShadowExplorer Service [Auto | Running] -> C:\Program Files\ShadowExplorer\sesvc.exe -> [2010/01/23 14:18:54 | 000,009,216 | ---- | M] (www.shadowexplorer.com) (FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) (PCCUJobMgr) Common Client Job Manager Service [Unknown | Running] -> C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe -> [2009/08/24 22:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) (WinDefend) Windows Defender [Disabled | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) (eDataSecurity Service) eDataSecurity Service [Auto | Running] -> C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -> [2007/01/02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) (eSettingsService) eSettings Service [Auto | Running] -> C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -> [2007/01/02 16:46:52 | 000,024,576 | ---- | M] () (WMIService) ePower Service [Auto | Running] -> C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -> [2007/01/02 09:33:24 | 000,135,168 | ---- | M] (acer) (eNet Service) eNet Service [Auto | Running] -> C:\Acer\Empowering Technology\eNet\eNet Service.exe -> [2006/12/28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) (eRecoveryService) eRecovery Service [Auto | Running] -> C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) (eLockService) eLock Service [Auto | Running] -> C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -> [2006/12/22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) (MobilityService) MobilityService [Auto | Running] -> C:\Acer\Mobility Center\MobilityService.exe -> [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () (ProtexisLicensing) ProtexisLicensing [Auto | Running] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Driver Services - Safe List] (ZTEusbser6k) ZTE Diagnostic Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbser6k.sys -> File not found (ZTEusbnmea) ZTE NMEA Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbnmea.sys -> File not found (ZTEusbmdm6k) ZTE Proprietary USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys -> File not found (XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\DRIVERS\xaudio.sys -> File not found (upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -> File not found (UIUSys) Conexant Setup API [Kernel | Disabled | Stopped] -> C:\Windows\System32\DRIVERS\UIUSYS.SYS -> File not found (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nwlnkfwd.sys -> File not found (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nwlnkflt.sys -> File not found (mdmxsdk) mdmxsdk [Kernel | Auto | Stopped] -> C:\Windows\System32\DRIVERS\mdmxsdk.sys -> File not found (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ipinip.sys -> File not found (hwusbfake) Huawei DataCard USB Fake [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ewusbfake.sys -> File not found (hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ewusbmdm.sys -> File not found (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\HSXHWAZL.sys -> File not found (EraserUtilDrvI7) EraserUtilDrvI7 [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys -> File not found (catchme) catchme [Kernel | On_Demand | Stopped] -> C:\Users\VISTAU~1\AppData\Local\Temp\catchme.sys -> File not found (blbdrive) blbdrive [Kernel | Disabled | Stopped] -> C:\Windows\System32\drivers\blbdrive.sys -> File not found (IDSVix86) IDSVix86 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101028.001\IDSvix86.sys -> [2010/10/19 20:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101031.002\NAVEX15.SYS -> [2010/09/30 16:09:19 | 001,371,184 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101031.002\NAVENG.SYS -> [2010/09/30 16:09:19 | 000,086,064 | ---- | M] (Symantec Corporation) (BHDrvx86) BHDrvx86 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -> [2010/08/31 22:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/05/27 08:03:50 | 000,371,248 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/05/27 08:03:50 | 000,102,448 | ---- | M] (Symantec Corporation) (SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SYMTDIv) Symantec Vista Network Dispatch Driver [Kernel | System | Running] -> C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -> [2010/05/06 04:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) (SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\SymIMV.sys -> [2010/05/06 04:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) (SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -> [2010/04/29 05:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) (SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -> [2010/04/22 03:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) (SRTSP) Symantec Real Time Storage Protection [File_System | System | Running] -> C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -> [2010/04/22 02:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) (SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -> [2010/04/22 02:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) (MpNWMon) Microsoft Malware Protection Network Driver [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\MpNWMon.sys -> [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) (ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -> [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) (SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SYMEVENT.SYS -> [2010/02/12 16:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) (SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -> [2009/10/15 03:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) (mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mcdbus.sys -> [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvmfdx32.sys -> [2007/11/18 03:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) (nvstor) nvstor [Kernel | Boot | Running] -> C:\Windows\system32\drivers\nvstor.sys -> [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) (PSDNServ) PSDNSERVER [Kernel | Boot | Running] -> C:\Windows\system32\drivers\PSDNServ.sys -> [2007/01/02 18:59:24 | 000,016,680 | ---- | M] (HiTRUST) (psdvdisk) psdvdisk [Kernel | Boot | Running] -> C:\Windows\system32\drivers\psdvdisk.sys -> [2007/01/02 18:59:20 | 000,060,712 | ---- | M] (HiTRUST) (PSDFilter) PSDFilter [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\psdfilter.sys -> [2007/01/02 18:59:18 | 000,020,264 | ---- | M] (HiTRUST) (int15) int15 [Kernel | Auto | Running] -> C:\Windows\System32\drivers\int15.sys -> [2007/01/02 16:43:34 | 000,076,584 | ---- | M] () (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2006/12/20 20:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) (BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2006/12/19 19:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) (BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2006/12/19 19:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) (nvstor32) nvstor32 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\nvstor32.sys -> [2006/12/11 09:34:22 | 000,097,576 | ---- | M] (NVIDIA Corporation) (NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NTIDrvr.sys -> [2006/12/07 12:04:45 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2006/11/09 03:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) (DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\DKbFltr.sys -> [2006/11/03 04:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTDPV3.SYS -> [2006/11/02 07:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTAZL3.SYS -> [2006/11/02 07:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTCNXT3.SYS -> [2006/11/02 07:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) (RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) (athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\athr.sys -> [2006/11/02 07:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2006/10/23 19:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) (ialm) ialm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2006/10/19 02:10:57 | 001,380,864 | ---- | M] (Intel Corporation) (nvsmu) nvsmu [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvsmu.sys -> [2006/09/15 16:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) (UBHelper) UBHelper [Kernel | Boot | Running] -> C:\Windows\System32\drivers\UBHelper.sys -> [2006/08/29 02:30:04 | 000,013,952 | ---- | M] () (tifm21) tifm21 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tifm21.sys -> [2006/07/06 21:44:00 | 000,168,448 | ---- | M] (Texas Instruments) (Cam5607) Acer OrbiCam [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BisonC07.sys -> [2005/11/29 22:20:00 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://en.uk.acer.yahoo.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://uk.mg40.mail.yahoo.com/dc/launch?.gx=1&.rand=bhc5b30d493of -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Vista User\AppData\Roaming\Mozilla\FireFox\Profiles\9nao40ic.default\prefs.js -> browser.search.defaultenginename -> "Yahoo" -> browser.search.defaulturl -> "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=" -> browser.search.param.yahoo-fr -> "moz2-ytff-tyc" -> browser.search.param.yahoo-fr-cjkt -> "moz2-ytff-tyc" -> browser.search.selectedEngine -> "Yahoo" -> browser.startup.homepage -> "http://uk.yahoo.com/" -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 -> extensions.enabledItems -> {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4 -> extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 -> extensions.enabledItems -> 6 -> extensions.enabledItems -> 2 -> extensions.enabledItems -> 44 -> extensions.enabledItems -> {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 -> extensions.enabledItems -> {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 -> extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 -> keyword.URL -> "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=" -> < FireFox Settings [User.js] > -> C:\Users\Vista User\AppData\Roaming\Mozilla\FireFox\Profiles\9nao40ic.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN\] -> [2010/05/26 19:46:22 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\COFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\COFFPLGN\] -> [2010/02/12 16:54:46 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/10/29 09:41:18 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/10/29 09:41:18 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Vista User\AppData\Roaming\mozilla\Extensions -> [2008/11/25 14:20:50 | 000,000,000 | ---D | M] -> C:\Users\Vista User\AppData\Roaming\mozilla\Extensions\home2@tomtom.com -> [2008/11/25 14:20:50 | 000,000,000 | ---D | M] -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions -> [2010/10/31 10:50:48 | 000,000,000 | ---D | M] No name found -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} -> [2010/04/29 16:55:08 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/06/28 16:07:51 | 000,000,000 | ---D | M] Google Toolbar for Firefox -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2010/10/13 13:21:11 | 000,000,000 | ---D | M] Yahoo! Toolbar -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/10/19 17:46:42 | 000,000,000 | ---D | M] Adobe DLM (powered by getPlus(R)) -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2009/09/15 10:29:12 | 000,000,000 | ---D | M] -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\toolbar_extras@uk.yahoo.com -> [2008/12/17 15:39:37 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> MyStart Search.xml -> C:\Users\Vista User\AppData\Roaming\Mozilla\FireFox\Profiles\9nao40ic.default\searchplugins\MyStart Search.xml -> [2009/08/31 15:58:34 | 000,002,149 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2010/10/22 11:30:24 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/04/29 16:54:08 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/02 10:08:12 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/22 11:30:24 | 000,000,000 | ---D | M] < HOSTS File > ([2010/10/30 02:06:04 | 000,623,384 | ---- | M] - 16500 lines) -> C:\Windows\System32\drivers\etc\HOSTS -> First 25 entries... Reset Hosts 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net #[server down?] 127.0.0.1 m.fr.a2dfp.net #[server down?] 127.0.0.1 ad.a8.net #[server down?] 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] 127.0.0.1 ads.active.com 127.0.0.1 am1.activemeter.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 10:46:28 | 000,882,416 | ---- | M] (Yahoo! Inc.) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2004/12/14 01:56:50 | 000,063,136 | ---- | M] (Adobe Systems Incorporated) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll [Symantec NCO BHO] -> [2010/09/03 23:31:29 | 000,396,144 | R--- | M] (Symantec Corporation) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll [Symantec Intrusion Prevention] -> [2010/05/14 01:41:20 | 000,079,224 | R--- | M] (Symantec Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/10/26 13:59:36 | 000,297,648 | ---- | M] (Google Inc.) {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006/12/18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [Google Toolbar Notifier BHO] -> [2010/10/26 14:00:10 | 000,843,832 | ---- | M] (Google Inc.) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 10:46:28 | 000,160,496 | ---- | M] (Yahoo! Inc) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/10/26 13:59:36 | 000,297,648 | ---- | M] (Google Inc.) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated) "{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" [HKLM] -> C:\Windows\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> [2007/01/02 18:51:56 | 000,151,552 | ---- | M] (HiTRUST) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll [Norton Toolbar] -> [2010/09/03 23:31:29 | 000,396,144 | R--- | M] (Symantec Corporation) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2008/07/28 10:46:28 | 000,882,416 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" [HKLM] -> C:\Windows\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> [2007/01/02 18:51:56 | 000,151,552 | ---- | M] (HiTRUST) WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/10/26 13:59:36 | 000,297,648 | ---- | M] (Google Inc.) WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated) WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll [Norton Toolbar] -> [2010/09/03 23:31:29 | 000,396,144 | R--- | M] (Symantec Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acrobat Assistant 7.0" -> C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) "Corel File Shell Monitor" -> C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe] -> [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () "Google Quick Search Box" -> C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe ["C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun] -> [2009/12/11 18:51:43 | 000,122,880 | ---- | M] (Google Inc.) "LManager" -> C:\Program Files\Launch Manager\LManager.exe [C:\PROGRA~1\LAUNCH~1\LManager.exe] -> [2006/12/21 00:02:14 | 000,659,456 | ---- | M] (Dritek System Inc.) "Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/04/29 14:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) "NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2006/12/20 20:50:00 | 007,766,016 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2006/12/20 20:50:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) "NvSvc" -> C:\Windows\System32\nvsvc.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> [2006/12/20 20:50:00 | 000,090,191 | ---- | M] (NVIDIA Corporation) "RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2006/11/09 18:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) "YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2008/07/11 17:06:38 | 000,223,984 | ---- | M] (Yahoo! Inc.) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup] -> [2005/08/11 15:30:30 | 000,249,856 | ---- | M] (Macrovision Corporation) "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/10/30 21:12:36 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) "swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2008/11/25 16:40:23 | 000,039,408 | ---- | M] (Google Inc.) "YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2008/07/11 17:06:38 | 000,223,984 | ---- | M] (Yahoo! Inc.) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> http://pcpitstop.com/betapit/PCPitStop.CAB [PCPitstop Utility] -> {1C11B948-582A-433F-A98D-A8C4D5CC64F2} [HKLM] -> http://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab [20-20 3D Viewer] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} [HKLM] -> http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab [Cult3D ActiveX Player] -> {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab [DLM Control] -> {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} [HKLM] -> http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll [CSEQueryObject Object] -> {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} [HKLM] -> http://216.249.24.62/code/iPIX-ImageWell-ipix.cab [iPIX Media Send Class] -> {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/da2/PCPitStop2.cab [PCPitstop Exam] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.254 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7689D157-F0B9-48DA-8B0C-235DB4510B51}\\DhcpNameServer -> 192.168.1.254 (Broadcom 802.11g Network Adapter) -> {ED5973AF-F337-492D-9BDD-9273F4F194FE}\\DhcpNameServer -> 192.168.10.1 (NVIDIA nForce Networking Controller) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles "MaxScriptStatements" -> Reg Error: Invalid data type. "Use My Stylesheet" -> Reg Error: Invalid data type. < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2006/12/07 12:05:10 | 000,000,074 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> Reg Error: Key error. -> File not found .exe [@ = exefile] -> Reg Error: Key error. -> File not found [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Vista User\Desktop\OTS.exe -> [2010/10/31 19:00:51 | 000,641,536 | ---- | C] (OldTimer Tools) TFC.exe -> C:\Users\Vista User\Desktop\TFC.exe -> [2010/10/30 15:50:29 | 000,446,464 | ---- | C] (OldTimer Tools) HOSTS -> C:\Users\Vista User\Documents\HOSTS -> [2010/10/30 14:38:29 | 000,000,000 | ---D | C] OTL.exe -> C:\Users\Vista User\Desktop\OTL.exe -> [2010/10/30 11:43:32 | 000,575,488 | ---- | C] (OldTimer Tools) combofix -> C:\Users\Vista User\Documents\combofix -> [2010/10/30 10:48:07 | 000,000,000 | ---D | C] $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/10/30 10:41:00 | 000,000,000 | -HSD | C] temp -> C:\Windows\temp -> [2010/10/30 10:40:55 | 000,000,000 | ---D | C] NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/10/30 10:24:31 | 000,031,232 | ---- | C] (NirSoft) SWREG.exe -> C:\Windows\SWREG.exe -> [2010/10/30 10:24:30 | 000,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2010/10/30 10:24:30 | 000,136,704 | ---- | C] (SteelWerX) ERDNT -> C:\Windows\ERDNT -> [2010/10/30 10:24:11 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2010/10/30 10:23:12 | 000,000,000 | ---D | C] SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/10/30 10:22:46 | 000,212,480 | ---- | C] (SteelWerX) 32788R22FWJFW -> C:\32788R22FWJFW -> [2010/10/30 10:22:40 | 000,000,000 | ---D | C] hijack this -> C:\Users\Vista User\Desktop\hijack this -> [2010/10/26 18:45:24 | 000,000,000 | ---D | C] gameux.dll -> C:\Windows\System32\gameux.dll -> [2010/10/26 18:43:52 | 001,696,256 | ---- | C] (Microsoft Corporation) GameUXLegacyGDFs.dll -> C:\Windows\System32\GameUXLegacyGDFs.dll -> [2010/10/26 18:43:51 | 004,240,384 | ---- | C] (Microsoft) Apphlpdm.dll -> C:\Windows\System32\Apphlpdm.dll -> [2010/10/26 18:43:51 | 000,028,672 | ---- | C] (Microsoft Corporation) PCPitstop -> C:\ProgramData\PCPitstop -> [2010/10/26 12:02:22 | 000,000,000 | ---D | C] PCPitstop -> C:\Program Files\PCPitstop -> [2010/10/26 12:02:21 | 000,000,000 | ---D | C] MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2010/10/25 17:30:55 | 000,222,080 | ---- | C] (Microsoft Corporation) Microsoft Security Essentials -> C:\Program Files\Microsoft Security Essentials -> [2010/10/25 17:27:45 | 000,000,000 | ---D | C] Map Overlays -> C:\Users\Vista User\Documents\Map Overlays -> [2010/10/25 16:42:10 | 000,000,000 | ---D | C] Hitman Pro 3.5 -> C:\Program Files\Hitman Pro 3.5 -> [2010/10/22 15:19:25 | 000,000,000 | ---D | C] Hitman Pro -> C:\ProgramData\Hitman Pro -> [2010/10/22 15:18:45 | 000,000,000 | ---D | C] javaws.exe -> C:\Windows\System32\javaws.exe -> [2010/10/22 11:30:21 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) javaw.exe -> C:\Windows\System32\javaw.exe -> [2010/10/22 11:30:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) java.exe -> C:\Windows\System32\java.exe -> [2010/10/22 11:30:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) Windows Easy Transfer 7 -> C:\Program Files\Windows Easy Transfer 7 -> [2010/10/21 11:21:28 | 000,000,000 | ---D | C] www.shadowexplorer.com -> C:\Users\Vista User\AppData\Local\www.shadowexplorer.com -> [2010/10/20 17:25:02 | 000,000,000 | ---D | C] ShadowExplorer -> C:\Program Files\ShadowExplorer -> [2010/10/20 17:07:10 | 000,000,000 | ---D | C] Malwarebytes -> C:\Users\Vista User\AppData\Roaming\Malwarebytes -> [2010/10/20 15:32:03 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/10/20 15:31:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/10/20 15:31:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/10/20 15:31:51 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/10/20 15:31:51 | 000,000,000 | ---D | C] NPE -> C:\Users\Vista User\AppData\Local\NPE -> [2010/10/19 14:01:42 | 000,000,000 | ---D | C] vlc -> C:\Users\Vista User\AppData\Roaming\vlc -> [2010/10/18 16:59:47 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Users\Vista User\AppData\Roaming\SUPERAntiSpyware.com -> [2010/10/16 13:48:19 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/10/16 13:48:19 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/10/16 13:48:11 | 000,000,000 | ---D | C] wmploc.DLL -> C:\Windows\System32\wmploc.DLL -> [2010/10/15 09:37:06 | 008,147,456 | ---- | C] (Microsoft Corporation) netevent.dll -> C:\Windows\System32\netevent.dll -> [2010/10/15 09:36:42 | 000,017,920 | ---- | C] (Microsoft Corporation) t2embed.dll -> C:\Windows\System32\t2embed.dll -> [2010/10/15 09:36:26 | 000,157,184 | ---- | C] (Microsoft Corporation) win32k.sys -> C:\Windows\System32\win32k.sys -> [2010/10/15 09:36:23 | 002,038,272 | ---- | C] (Microsoft Corporation) mfc40.dll -> C:\Windows\System32\mfc40.dll -> [2010/10/15 09:36:19 | 000,954,752 | ---- | C] (Microsoft Corporation) mfc40u.dll -> C:\Windows\System32\mfc40u.dll -> [2010/10/15 09:36:19 | 000,954,288 | ---- | C] (Microsoft Corporation) msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2010/10/15 09:36:14 | 000,602,112 | ---- | C] (Microsoft Corporation) html.iec -> C:\Windows\System32\html.iec -> [2010/10/15 09:36:14 | 000,385,024 | ---- | C] (Microsoft Corporation) licmgr10.dll -> C:\Windows\System32\licmgr10.dll -> [2010/10/15 09:36:14 | 000,043,520 | ---- | C] (Microsoft Corporation) inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2010/10/15 09:36:13 | 001,469,440 | ---- | C] (Microsoft Corporation) mstime.dll -> C:\Windows\System32\mstime.dll -> [2010/10/15 09:36:13 | 000,611,840 | ---- | C] (Microsoft Corporation) iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2010/10/15 09:36:08 | 000,387,584 | ---- | C] (Microsoft Corporation) ieui.dll -> C:\Windows\System32\ieui.dll -> [2010/10/15 09:36:08 | 000,164,352 | ---- | C] (Microsoft Corporation) mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2010/10/15 09:36:07 | 001,638,912 | ---- | C] (Microsoft Corporation) iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2010/10/15 09:36:07 | 000,184,320 | ---- | C] (Microsoft Corporation) ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2010/10/15 09:36:07 | 000,173,056 | ---- | C] (Microsoft Corporation) ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2010/10/15 09:36:07 | 000,133,632 | ---- | C] (Microsoft Corporation) iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2010/10/15 09:36:07 | 000,109,056 | ---- | C] (Microsoft Corporation) iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2010/10/15 09:36:07 | 000,071,680 | ---- | C] (Microsoft Corporation) iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2010/10/15 09:36:07 | 000,055,808 | ---- | C] (Microsoft Corporation) msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2010/10/15 09:36:07 | 000,055,296 | ---- | C] (Microsoft Corporation) jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2010/10/15 09:36:07 | 000,025,600 | ---- | C] (Microsoft Corporation) msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2010/10/15 09:36:07 | 000,013,312 | ---- | C] (Microsoft Corporation) msshsq.dll -> C:\Windows\System32\msshsq.dll -> [2010/10/15 09:36:04 | 000,231,424 | ---- | C] (Microsoft Corporation) wmpmde.dll -> C:\Windows\System32\wmpmde.dll -> [2010/10/15 09:36:02 | 000,867,328 | ---- | C] (Microsoft Corporation) syncdb -> C:\Windows\System32\syncdb -> [2010/10/14 18:54:50 | 000,000,000 | ---D | C] Mswinsck.OCX -> C:\Windows\System32\Mswinsck.OCX -> [2010/10/13 11:11:02 | 000,108,336 | ---- | C] (Microsoft Corporation) MSINET.OCX -> C:\Windows\System32\MSINET.OCX -> [2010/10/13 11:11:01 | 000,132,880 | ---- | C] (Microsoft Corporation) regid.1986-12.com.adobe -> C:\ProgramData\regid.1986-12.com.adobe -> [2010/10/11 12:24:56 | 000,000,000 | ---D | C] Adobe -> C:\Users\Vista User\Documents\Adobe -> [2010/10/11 12:24:51 | 000,000,000 | ---D | C] vso -> C:\Program Files\vso -> [2010/10/08 20:31:45 | 000,000,000 | ---D | C] Video to DVD Burner -> C:\Users\Vista User\Documents\Video to DVD Burner -> [2010/10/06 18:19:47 | 000,000,000 | ---D | C] tv license -> C:\Users\Vista User\Documents\tv license -> [2010/10/05 19:52:30 | 000,000,000 | ---D | C] pcouffin.sys -> C:\Users\Vista User\AppData\Roaming\pcouffin.sys -> [2008/12/13 15:25:16 | 000,047,360 | ---- | C] (VSO Software) Interop.Shell32.dll -> C:\Windows\System32\Interop.Shell32.dll -> [2006/12/07 12:18:24 | 000,053,248 | ---- | C] ( ) [Files/Folders - Modified Within 30 Days] GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000Core.job -> [2010/10/31 19:04:57 | 000,000,874 | ---- | M] () OTS.exe -> C:\Users\Vista User\Desktop\OTS.exe -> [2010/10/31 19:00:54 | 000,641,536 | ---- | M] (OldTimer Tools) GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/10/31 18:59:00 | 000,000,884 | ---- | M] () nvModes.dat -> C:\Users\Vista User\AppData\Roaming\nvModes.dat -> [2010/10/31 18:57:24 | 000,013,260 | ---- | M] () nvModes.001 -> C:\Users\Vista User\AppData\Roaming\nvModes.001 -> [2010/10/31 18:57:24 | 000,013,260 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/10/31 18:57:11 | 000,067,584 | --S- | M] () Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2010/10/31 18:50:31 | 000,000,868 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000UA.job -> [2010/10/31 18:50:24 | 000,000,926 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/10/31 15:49:47 | 000,003,168 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/10/31 15:49:46 | 000,003,168 | -H-- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/10/31 12:59:00 | 000,000,880 | ---- | M] () SecurityCheck.exe -> C:\Users\Vista User\Desktop\SecurityCheck.exe -> [2010/10/31 10:42:09 | 000,869,086 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/10/31 10:39:00 | 000,609,196 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/10/31 10:39:00 | 000,108,672 | ---- | M] () hosts.ics -> C:\Windows\System32\drivers\etc\hosts.ics -> [2010/10/31 10:36:25 | 000,000,436 | ---- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/10/31 10:33:47 | 2951,397,376 | -HS- | M] () TFC.exe -> C:\Users\Vista User\Desktop\TFC.exe -> [2010/10/30 15:51:05 | 000,446,464 | ---- | M] (OldTimer Tools) KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2010/10/30 14:55:12 | 000,007,048 | -HS- | M] () OTL.exe -> C:\Users\Vista User\Desktop\OTL.exe -> [2010/10/30 11:43:34 | 000,575,488 | ---- | M] (OldTimer Tools) HOSTS.MVP -> C:\Windows\System32\drivers\etc\HOSTS.MVP -> [2010/10/30 02:06:04 | 000,623,384 | ---- | M] () HOSTS -> C:\Windows\System32\drivers\etc\HOSTS -> [2010/10/30 02:06:04 | 000,623,384 | ---- | M] () ComboFix.exe -> C:\Users\Vista User\Desktop\ComboFix.exe -> [2010/10/29 17:33:24 | 003,894,257 | R--- | M] () RKUnhookerLE.EXE -> C:\Users\Vista User\Desktop\RKUnhookerLE.EXE -> [2010/10/29 09:45:16 | 000,133,632 | ---- | M] () MBR.exe -> C:\Windows\MBR.exe -> [2010/10/28 17:21:27 | 000,084,992 | ---- | M] () Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/10/25 17:27:46 | 000,000,906 | ---- | M] () hitmanpro35.sys -> C:\Windows\System32\drivers\hitmanpro35.sys -> [2010/10/22 15:19:27 | 000,016,968 | ---- | M] () d3d9caps.dat -> C:\Users\Vista User\AppData\Local\d3d9caps.dat -> [2010/10/20 11:15:53 | 000,001,356 | ---- | M] () MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2010/10/19 20:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) Command Prompt.lnk -> C:\Users\Vista User\Desktop\Command Prompt.lnk -> [2010/10/19 16:51:30 | 000,001,659 | ---- | M] () http___us.norton.com_support_premium_services_malware_removal_guide.pdf -> C:\Users\Vista User\Documents\http___us.norton.com_support_premium_services_malware_removal_guide.pdf -> [2010/10/19 16:15:40 | 001,641,025 | ---- | M] () VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2010/10/18 16:59:37 | 000,000,695 | ---- | M] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/10/16 09:25:39 | 000,306,144 | ---- | M] () MRT.INI -> C:\Windows\System32\MRT.INI -> [2010/10/16 08:59:06 | 000,000,118 | ---- | M] () mfc703.dll -> C:\Windows\System32\mfc703.dll -> [2010/10/11 16:37:13 | 000,116,736 | RHS- | M] () Adobe Acrobat Speed Launcher.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [2010/10/09 09:14:19 | 000,002,437 | ---- | M] () Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2010/10/08 19:34:54 | 000,001,691 | ---- | M] () [Files - No Company Name] SecurityCheck.exe -> C:\Users\Vista User\Desktop\SecurityCheck.exe -> [2010/10/31 10:42:06 | 000,869,086 | ---- | C] () PEV.exe -> C:\Windows\PEV.exe -> [2010/10/30 10:24:31 | 000,256,512 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2010/10/30 10:24:31 | 000,084,992 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2010/10/30 10:24:30 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2010/10/30 10:24:30 | 000,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2010/10/30 10:24:30 | 000,068,096 | ---- | C] () ComboFix.exe -> C:\Users\Vista User\Desktop\ComboFix.exe -> [2010/10/29 17:33:09 | 003,894,257 | R--- | C] () RKUnhookerLE.EXE -> C:\Users\Vista User\Desktop\RKUnhookerLE.EXE -> [2010/10/29 09:45:14 | 000,133,632 | ---- | C] () Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/10/25 17:27:46 | 000,000,906 | ---- | C] () hitmanpro35.sys -> C:\Windows\System32\drivers\hitmanpro35.sys -> [2010/10/22 15:19:27 | 000,016,968 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2010/10/20 11:29:45 | 2951,397,376 | -HS- | C] () Command Prompt.lnk -> C:\Users\Vista User\Desktop\Command Prompt.lnk -> [2010/10/19 16:51:30 | 000,001,659 | ---- | C] () http___us.norton.com_support_premium_services_malware_removal_guide.pdf -> C:\Users\Vista User\Documents\http___us.norton.com_support_premium_services_malware_removal_guide.pdf -> [2010/10/19 16:15:39 | 001,641,025 | ---- | C] () VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2010/10/18 16:59:36 | 000,000,695 | ---- | C] () MRT.INI -> C:\Windows\System32\MRT.INI -> [2010/10/16 08:59:06 | 000,000,118 | ---- | C] () mfc703.dll -> C:\Windows\System32\mfc703.dll -> [2010/10/11 16:37:13 | 000,116,736 | RHS- | C] () Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2010/10/08 19:34:52 | 000,001,691 | ---- | C] () jhvr_b24.ini -> C:\Windows\jhvr_b24.ini -> [2010/05/20 10:36:17 | 000,003,689 | ---- | C] () impborl.dll -> C:\Windows\impborl.dll -> [2010/02/24 17:02:06 | 000,012,288 | ---- | C] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2009/09/12 09:18:54 | 000,000,258 | RHS- | C] () EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/08/19 09:16:35 | 000,117,248 | ---- | C] () OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () .zreglib -> C:\ProgramData\.zreglib -> [2009/03/23 17:40:10 | 000,000,041 | -HS- | C] () UserTile.png -> C:\Users\Vista User\AppData\Roaming\UserTile.png -> [2009/02/10 21:14:42 | 000,024,206 | ---- | C] () msrctp.ini -> C:\Windows\System32\msrctp.ini -> [2009/01/10 18:06:40 | 000,000,003 | ---- | C] () d3d9caps.dat -> C:\Users\Vista User\AppData\Local\d3d9caps.dat -> [2008/12/20 18:12:04 | 000,001,356 | ---- | C] () pcouffin.log -> C:\Users\Vista User\AppData\Roaming\pcouffin.log -> [2008/12/13 15:25:56 | 000,000,034 | ---- | C] () pcouffin.cat -> C:\Users\Vista User\AppData\Roaming\pcouffin.cat -> [2008/12/13 15:25:16 | 000,007,887 | ---- | C] () pcouffin.inf -> C:\Users\Vista User\AppData\Roaming\pcouffin.inf -> [2008/12/13 15:25:16 | 000,001,144 | ---- | C] () KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2008/11/26 14:37:19 | 000,011,270 | -HS- | C] () EBFCAC4176.sys -> C:\ProgramData\EBFCAC4176.sys -> [2008/11/26 14:37:19 | 000,000,168 | RHS- | C] () KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/11/26 11:23:28 | 000,007,048 | -HS- | C] () 9DC5C30FED.sys -> C:\Windows\System32\9DC5C30FED.sys -> [2008/11/26 11:23:28 | 000,000,168 | RHS- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Vista User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/11/25 21:59:21 | 000,010,752 | ---- | C] () ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2008/11/25 20:26:18 | 000,000,056 | -H-- | C] () hpzinstall.log -> C:\ProgramData\hpzinstall.log -> [2008/11/25 15:54:56 | 000,004,488 | ---- | C] () M2000T07.ini -> C:\Windows\M2000T07.ini -> [2008/11/18 16:52:11 | 000,015,190 | ---- | C] () int15.sys -> C:\Windows\System32\drivers\int15.sys -> [2008/11/18 11:21:55 | 000,076,584 | ---- | C] () int15_64.sys -> C:\Windows\System32\drivers\int15_64.sys -> [2008/11/18 11:21:55 | 000,015,656 | ---- | C] () NATTraversal.dll -> C:\Windows\System32\NATTraversal.dll -> [2008/11/18 11:20:08 | 000,065,536 | ---- | C] () Acer.ini -> C:\Windows\Acer.ini -> [2008/11/18 11:05:49 | 000,000,037 | ---- | C] () nvModes.001 -> C:\Users\Vista User\AppData\Roaming\nvModes.001 -> [2008/11/18 11:05:09 | 000,013,260 | ---- | C] () nvModes.dat -> C:\Users\Vista User\AppData\Roaming\nvModes.dat -> [2008/11/18 11:05:02 | 000,013,260 | ---- | C] () NotesExtmngr.dll -> C:\Windows\System32\NotesExtmngr.dll -> [2007/01/02 18:54:14 | 000,266,240 | ---- | C] () NotesActnMenu.dll -> C:\Windows\System32\NotesActnMenu.dll -> [2007/01/02 18:53:54 | 000,204,800 | ---- | C] () MSNSpook.dll -> C:\Windows\System32\MSNSpook.dll -> [2007/01/02 18:53:20 | 000,086,016 | ---- | C] () MsnChatHook_org.dll -> C:\Windows\System32\MsnChatHook_org.dll -> [2007/01/02 18:52:40 | 000,037,376 | ---- | C] () BatchCrypto.dll -> C:\Windows\System32\BatchCrypto.dll -> [2007/01/02 18:52:28 | 000,028,672 | ---- | C] () APISlice.dll -> C:\Windows\System32\APISlice.dll -> [2007/01/02 18:52:26 | 000,073,728 | ---- | C] () ShowErrMsg.dll -> C:\Windows\System32\ShowErrMsg.dll -> [2007/01/02 18:52:18 | 000,063,488 | ---- | C] () MailFormat_U.dll -> C:\Windows\System32\MailFormat_U.dll -> [2006/12/25 15:44:48 | 000,022,016 | ---- | C] () NTIBUN4.dll -> C:\Windows\System32\NTIBUN4.dll -> [2006/12/07 13:44:32 | 000,001,024 | RH-- | C] () ScrollBarLib.dll -> C:\Windows\System32\ScrollBarLib.dll -> [2006/12/07 12:18:26 | 000,331,776 | ---- | C] () UBHelper.sys -> C:\Windows\System32\drivers\UBHelper.sys -> [2006/12/07 12:05:27 | 000,013,952 | ---- | C] () _psisdecd.dll -> C:\Windows\System32\_psisdecd.dll -> [2006/12/07 12:04:14 | 000,198,144 | ---- | C] () iconv.dll -> C:\Windows\iconv.dll -> [2006/12/02 07:24:39 | 000,872,448 | ---- | C] () libxml2.dll -> C:\Windows\libxml2.dll -> [2006/12/02 07:24:39 | 000,743,424 | ---- | C] () Capsule.dll -> C:\Windows\Capsule.dll -> [2006/12/02 07:24:39 | 000,204,800 | ---- | C] () PreLaunch.ini -> C:\Windows\PreLaunch.ini -> [2006/12/02 07:24:39 | 000,000,042 | ---- | C] () WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2006/12/02 07:24:38 | 001,060,424 | ---- | C] () sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2006/11/02 10:25:21 | 000,061,440 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () multiplex_vcd.dll -> C:\Windows\System32\multiplex_vcd.dll -> [2001/12/26 23:12:30 | 000,065,536 | ---- | C] () Hmpg12.dll -> C:\Windows\System32\Hmpg12.dll -> [2001/09/04 06:46:38 | 000,110,592 | ---- | C] () HMPV2_ENC.dll -> C:\Windows\System32\HMPV2_ENC.dll -> [2001/07/30 23:33:56 | 000,118,784 | ---- | C] () HMPV2_ENC_MMX.dll -> C:\Windows\System32\HMPV2_ENC_MMX.dll -> [2001/07/24 05:04:36 | 000,118,784 | ---- | C] () [Alternate Data Streams] @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0B9D8E22 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:242231A9 < End of report >
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper]
YY -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll [Symantec NCO BHO]
YY -> {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper]
YY -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [Google Toolbar Notifier BHO]
YY -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar]
YY -> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF]
YY -> "{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" [HKLM] -> C:\Windows\System32\eDStoolbar.dll [Acer eDataSecurity Management]
YY -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll [Norton Toolbar]
YY -> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YY -> ShellBrowser\\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" [HKLM] -> C:\Windows\System32\eDStoolbar.dll [Acer eDataSecurity Management]
YY -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar]
YY -> WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF]
YY -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll [Norton Toolbar]
[Files - No Company Name]
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Vista User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
OTS logfile created on: 01/11/2010 10:18:24 - Run 2 OTS by OldTimer - Version 3.1.40.0 Folder = C:\Users\Vista User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free 9.00 Gb Paging File | 8.00 Gb Available in Paging File | 87.00% Paging File free Paging file location(s): c:\pagefile.sys 3113 4219d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51.99 Gb Total Space | 11.61 Gb Free Space | 22.33% Space Free | Partition Type: NTFS Drive D: | 51.98 Gb Total Space | 37.24 Gb Free Space | 71.65% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VISTAUSER-PC Current User Name: Vista User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Vista User\Desktop\OTS.exe -> [2010/10/31 19:00:54 | 000,641,536 | ---- | M] (OldTimer Tools) rtkbtmnt.exe -> C:\Users\VISTAU~1\AppData\Local\Temp\RtkBtMnt.exe -> [2010/10/30 15:56:45 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) plugin-container.exe -> C:\Program Files\Mozilla Firefox\plugin-container.exe -> [2010/10/29 09:41:16 | 000,016,856 | ---- | M] (Mozilla Corporation) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/10/29 09:41:14 | 000,912,344 | ---- | M] (Mozilla Corporation) symcpcculaunchsvc.exe -> C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe -> [2010/09/25 08:52:37 | 000,115,056 | ---- | M] (Symantec Corporation) googletalkplugin.exe -> C:\Users\Vista User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe -> [2010/09/21 10:33:36 | 000,083,440 | ---- | M] (Google) psiservice_2.exe -> c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) ccsvchst.exe -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe -> [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) sesvc.exe -> C:\Program Files\ShadowExplorer\sesvc.exe -> [2010/01/23 14:18:54 | 000,009,216 | ---- | M] (www.shadowexplorer.com) googlequicksearchbox.exe -> C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe -> [2009/12/11 18:51:43 | 000,122,880 | ---- | M] (Google Inc.) ccsvchst.exe -> C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe -> [2009/08/24 22:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2008/07/11 17:06:38 | 000,223,984 | ---- | M] (Yahoo! Inc.) acrotray.exe -> C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) coreliomonitor.exe -> C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe -> [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () edsservice.exe -> C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -> [2007/01/02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) capuserv.exe -> C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -> [2007/01/02 16:46:52 | 000,024,576 | ---- | M] () epowersvc.exe -> C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -> [2007/01/02 09:33:24 | 000,135,168 | ---- | M] (acer) enet service.exe -> C:\Acer\Empowering Technology\eNet\eNet Service.exe -> [2006/12/28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) erecoveryservice.exe -> C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) elockserv.exe -> C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -> [2006/12/22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) lmanager.exe -> C:\Program Files\Launch Manager\LManager.exe -> [2006/12/21 00:02:14 | 000,659,456 | ---- | M] (Dritek System Inc.) mobilityservice.exe -> C:\Acer\Mobility Center\MobilityService.exe -> [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2006/11/09 18:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) psiservice.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Modules - Safe List] ots.exe -> C:\Users\Vista User\Desktop\OTS.exe -> [2010/10/31 19:00:54 | 000,641,536 | ---- | M] (OldTimer Tools) asoehook.dll -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll -> [2010/09/20 19:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) msvcr90.dll -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll -> [2009/07/12 08:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) msvcp90.dll -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll -> [2009/07/12 08:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) [Win32 Services - Safe List] (XAudioService) XAudioService [Auto | Stopped] -> -> File not found (nosGetPlusHelper) nosGetPlusHelper [Unknown | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper_3001.dll -> File not found (NMIndexingService) NMIndexingService [On_Demand | Stopped] -> C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -> File not found (Norton PC Checkup Application Launcher) Norton PC Checkup Application Launcher [Auto | Running] -> C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe -> [2010/09/25 08:52:37 | 000,115,056 | ---- | M] (Symantec Corporation) (MsMpSvc) Microsoft Antimalware Service [Disabled | Stopped] -> C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) (WPFFontCache_v0400) Windows Presentation Foundation Font Cache 4.0.0.0 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -> [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) (NIS) Norton Internet Security [Unknown | Running] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -> [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) (sesvc) ShadowExplorer Service [Auto | Running] -> C:\Program Files\ShadowExplorer\sesvc.exe -> [2010/01/23 14:18:54 | 000,009,216 | ---- | M] (www.shadowexplorer.com) (FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) (PCCUJobMgr) Common Client Job Manager Service [Unknown | Running] -> C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe -> [2009/08/24 22:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) (WinDefend) Windows Defender [Disabled | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) (eDataSecurity Service) eDataSecurity Service [Auto | Running] -> C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -> [2007/01/02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) (eSettingsService) eSettings Service [Auto | Running] -> C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -> [2007/01/02 16:46:52 | 000,024,576 | ---- | M] () (WMIService) ePower Service [Auto | Running] -> C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -> [2007/01/02 09:33:24 | 000,135,168 | ---- | M] (acer) (eNet Service) eNet Service [Auto | Running] -> C:\Acer\Empowering Technology\eNet\eNet Service.exe -> [2006/12/28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) (eRecoveryService) eRecovery Service [Auto | Running] -> C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) (eLockService) eLock Service [Auto | Running] -> C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -> [2006/12/22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) (MobilityService) MobilityService [Auto | Running] -> C:\Acer\Mobility Center\MobilityService.exe -> [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () (ProtexisLicensing) ProtexisLicensing [Auto | Running] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Driver Services - Safe List] (ZTEusbser6k) ZTE Diagnostic Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbser6k.sys -> File not found (ZTEusbnmea) ZTE NMEA Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbnmea.sys -> File not found (ZTEusbmdm6k) ZTE Proprietary USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys -> File not found (XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\DRIVERS\xaudio.sys -> File not found (upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -> File not found (UIUSys) Conexant Setup API [Kernel | Disabled | Stopped] -> C:\Windows\System32\DRIVERS\UIUSYS.SYS -> File not found (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nwlnkfwd.sys -> File not found (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nwlnkflt.sys -> File not found (mdmxsdk) mdmxsdk [Kernel | Auto | Stopped] -> C:\Windows\System32\DRIVERS\mdmxsdk.sys -> File not found (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ipinip.sys -> File not found (hwusbfake) Huawei DataCard USB Fake [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ewusbfake.sys -> File not found (hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ewusbmdm.sys -> File not found (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\HSXHWAZL.sys -> File not found (EraserUtilDrvI7) EraserUtilDrvI7 [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys -> File not found (catchme) catchme [Kernel | On_Demand | Stopped] -> C:\Users\VISTAU~1\AppData\Local\Temp\catchme.sys -> File not found (blbdrive) blbdrive [Kernel | Disabled | Stopped] -> C:\Windows\System32\drivers\blbdrive.sys -> File not found (IDSVix86) IDSVix86 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101028.001\IDSvix86.sys -> [2010/10/19 20:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101031.002\NAVEX15.SYS -> [2010/09/30 16:09:19 | 001,371,184 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101031.002\NAVENG.SYS -> [2010/09/30 16:09:19 | 000,086,064 | ---- | M] (Symantec Corporation) (BHDrvx86) BHDrvx86 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -> [2010/08/31 22:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/05/27 08:03:50 | 000,371,248 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/05/27 08:03:50 | 000,102,448 | ---- | M] (Symantec Corporation) (SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SYMTDIv) Symantec Vista Network Dispatch Driver [Kernel | System | Running] -> C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -> [2010/05/06 04:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) (SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\SymIMV.sys -> [2010/05/06 04:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) (SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -> [2010/04/29 05:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) (SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -> [2010/04/22 03:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) (SRTSP) Symantec Real Time Storage Protection [File_System | System | Running] -> C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -> [2010/04/22 02:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) (SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -> [2010/04/22 02:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) (MpNWMon) Microsoft Malware Protection Network Driver [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\MpNWMon.sys -> [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) (ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -> [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) (SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SYMEVENT.SYS -> [2010/02/12 16:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) (SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -> [2009/10/15 03:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) (mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mcdbus.sys -> [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvmfdx32.sys -> [2007/11/18 03:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) (nvstor) nvstor [Kernel | Boot | Running] -> C:\Windows\system32\drivers\nvstor.sys -> [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) (PSDNServ) PSDNSERVER [Kernel | Boot | Running] -> C:\Windows\system32\drivers\PSDNServ.sys -> [2007/01/02 18:59:24 | 000,016,680 | ---- | M] (HiTRUST) (psdvdisk) psdvdisk [Kernel | Boot | Running] -> C:\Windows\system32\drivers\psdvdisk.sys -> [2007/01/02 18:59:20 | 000,060,712 | ---- | M] (HiTRUST) (PSDFilter) PSDFilter [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\psdfilter.sys -> [2007/01/02 18:59:18 | 000,020,264 | ---- | M] (HiTRUST) (int15) int15 [Kernel | Auto | Running] -> C:\Windows\System32\drivers\int15.sys -> [2007/01/02 16:43:34 | 000,076,584 | ---- | M] () (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2006/12/20 20:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) (BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2006/12/19 19:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) (BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2006/12/19 19:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) (nvstor32) nvstor32 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\nvstor32.sys -> [2006/12/11 09:34:22 | 000,097,576 | ---- | M] (NVIDIA Corporation) (NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NTIDrvr.sys -> [2006/12/07 12:04:45 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2006/11/09 03:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) (DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\DKbFltr.sys -> [2006/11/03 04:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTDPV3.SYS -> [2006/11/02 07:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTAZL3.SYS -> [2006/11/02 07:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTCNXT3.SYS -> [2006/11/02 07:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) (RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) (athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\athr.sys -> [2006/11/02 07:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2006/10/23 19:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) (ialm) ialm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2006/10/19 02:10:57 | 001,380,864 | ---- | M] (Intel Corporation) (nvsmu) nvsmu [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvsmu.sys -> [2006/09/15 16:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) (UBHelper) UBHelper [Kernel | Boot | Running] -> C:\Windows\System32\drivers\UBHelper.sys -> [2006/08/29 02:30:04 | 000,013,952 | ---- | M] () (tifm21) tifm21 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tifm21.sys -> [2006/07/06 21:44:00 | 000,168,448 | ---- | M] (Texas Instruments) (Cam5607) Acer OrbiCam [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BisonC07.sys -> [2005/11/29 22:20:00 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://en.uk.acer.yahoo.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://uk.mg40.mail.yahoo.com/dc/launch?.gx=1&.rand=bhc5b30d493of -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Vista User\AppData\Roaming\Mozilla\FireFox\Profiles\9nao40ic.default\prefs.js -> browser.search.defaultenginename -> "Yahoo" -> browser.search.defaulturl -> "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=" -> browser.search.param.yahoo-fr -> "moz2-ytff-tyc" -> browser.search.param.yahoo-fr-cjkt -> "moz2-ytff-tyc" -> browser.search.selectedEngine -> "Yahoo" -> browser.startup.homepage -> "http://uk.yahoo.com/" -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 -> extensions.enabledItems -> {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4 -> extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 -> extensions.enabledItems -> 6 -> extensions.enabledItems -> 2 -> extensions.enabledItems -> 44 -> extensions.enabledItems -> {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 -> extensions.enabledItems -> {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 -> extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 -> keyword.URL -> "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=" -> < FireFox Settings [User.js] > -> C:\Users\Vista User\AppData\Roaming\Mozilla\FireFox\Profiles\9nao40ic.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN\] -> [2010/05/26 19:46:22 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\COFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\COFFPLGN\] -> [2010/02/12 16:54:46 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/10/29 09:41:18 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/10/29 09:41:18 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Vista User\AppData\Roaming\mozilla\Extensions -> [2008/11/25 14:20:50 | 000,000,000 | ---D | M] -> C:\Users\Vista User\AppData\Roaming\mozilla\Extensions\home2@tomtom.com -> [2008/11/25 14:20:50 | 000,000,000 | ---D | M] -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions -> [2010/10/31 10:50:48 | 000,000,000 | ---D | M] No name found -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} -> [2010/04/29 16:55:08 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/06/28 16:07:51 | 000,000,000 | ---D | M] Google Toolbar for Firefox -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2010/10/13 13:21:11 | 000,000,000 | ---D | M] Yahoo! Toolbar -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/10/19 17:46:42 | 000,000,000 | ---D | M] Adobe DLM (powered by getPlus(R)) -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2009/09/15 10:29:12 | 000,000,000 | ---D | M] -> C:\Users\Vista User\AppData\Roaming\mozilla\Firefox\Profiles\9nao40ic.default\extensions\toolbar_extras@uk.yahoo.com -> [2008/12/17 15:39:37 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> MyStart Search.xml -> C:\Users\Vista User\AppData\Roaming\Mozilla\FireFox\Profiles\9nao40ic.default\searchplugins\MyStart Search.xml -> [2009/08/31 15:58:34 | 000,002,149 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2010/10/22 11:30:24 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/04/29 16:54:08 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/02 10:08:12 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/22 11:30:24 | 000,000,000 | ---D | M] < HOSTS File > ([2010/10/30 02:06:04 | 000,623,384 | ---- | M] - 16500 lines) -> C:\Windows\System32\drivers\etc\HOSTS -> First 25 entries... Reset Hosts 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net #[server down?] 127.0.0.1 m.fr.a2dfp.net #[server down?] 127.0.0.1 ad.a8.net #[server down?] 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] 127.0.0.1 ads.active.com 127.0.0.1 am1.activemeter.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2004/12/14 01:56:50 | 000,063,136 | ---- | M] (Adobe Systems Incorporated) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll [Symantec NCO BHO] -> [2010/09/03 23:31:29 | 000,396,144 | R--- | M] (Symantec Corporation) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll [Symantec Intrusion Prevention] -> [2010/05/14 01:41:20 | 000,079,224 | R--- | M] (Symantec Corporation) {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll [Norton Toolbar] -> [2010/09/03 23:31:29 | 000,396,144 | R--- | M] (Symantec Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acrobat Assistant 7.0" -> C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) "Corel File Shell Monitor" -> C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe] -> [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () "Google Quick Search Box" -> C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe ["C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun] -> [2009/12/11 18:51:43 | 000,122,880 | ---- | M] (Google Inc.) "LManager" -> C:\Program Files\Launch Manager\LManager.exe [C:\PROGRA~1\LAUNCH~1\LManager.exe] -> [2006/12/21 00:02:14 | 000,659,456 | ---- | M] (Dritek System Inc.) "Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/04/29 14:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) "NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2006/12/20 20:50:00 | 007,766,016 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2006/12/20 20:50:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) "NvSvc" -> C:\Windows\System32\nvsvc.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> [2006/12/20 20:50:00 | 000,090,191 | ---- | M] (NVIDIA Corporation) "RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2006/11/09 18:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) "YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2008/07/11 17:06:38 | 000,223,984 | ---- | M] (Yahoo! Inc.) < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "OTS" -> C:\Users\Vista User\Desktop\OTS.exe ["C:\Users\Vista User\Desktop\OTS.exe"] -> [2010/10/31 19:00:54 | 000,641,536 | ---- | M] (OldTimer Tools) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup] -> [2005/08/11 15:30:30 | 000,249,856 | ---- | M] (Macrovision Corporation) "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/10/30 21:12:36 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) "swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2008/11/25 16:40:23 | 000,039,408 | ---- | M] (Google Inc.) "YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2008/07/11 17:06:38 | 000,223,984 | ---- | M] (Yahoo! Inc.) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> http://pcpitstop.com/betapit/PCPitStop.CAB [PCPitstop Utility] -> {1C11B948-582A-433F-A98D-A8C4D5CC64F2} [HKLM] -> http://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab [20-20 3D Viewer] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} [HKLM] -> http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab [Cult3D ActiveX Player] -> {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab [DLM Control] -> {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} [HKLM] -> http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll [CSEQueryObject Object] -> {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} [HKLM] -> http://216.249.24.62/code/iPIX-ImageWell-ipix.cab [iPIX Media Send Class] -> {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/da2/PCPitStop2.cab [PCPitstop Exam] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.254 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7689D157-F0B9-48DA-8B0C-235DB4510B51}\\DhcpNameServer -> 192.168.1.254 (Broadcom 802.11g Network Adapter) -> {ED5973AF-F337-492D-9BDD-9273F4F194FE}\\DhcpNameServer -> 192.168.10.1 (NVIDIA nForce Networking Controller) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles "MaxScriptStatements" -> Reg Error: Invalid data type. "Use My Stylesheet" -> Reg Error: Invalid data type. < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2006/12/07 12:05:10 | 000,000,074 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> Reg Error: Key error. -> File not found .exe [@ = exefile] -> Reg Error: Key error. -> File not found [Files/Folders - Created Within 30 Days] _OTS -> C:\_OTS -> [2010/11/01 10:06:30 | 000,000,000 | ---D | C] OTS.exe -> C:\Users\Vista User\Desktop\OTS.exe -> [2010/10/31 19:00:51 | 000,641,536 | ---- | C] (OldTimer Tools) TFC.exe -> C:\Users\Vista User\Desktop\TFC.exe -> [2010/10/30 15:50:29 | 000,446,464 | ---- | C] (OldTimer Tools) HOSTS -> C:\Users\Vista User\Documents\HOSTS -> [2010/10/30 14:38:29 | 000,000,000 | ---D | C] OTL.exe -> C:\Users\Vista User\Desktop\OTL.exe -> [2010/10/30 11:43:32 | 000,575,488 | ---- | C] (OldTimer Tools) combofix -> C:\Users\Vista User\Documents\combofix -> [2010/10/30 10:48:07 | 000,000,000 | ---D | C] $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/10/30 10:41:00 | 000,000,000 | -HSD | C] temp -> C:\Windows\temp -> [2010/10/30 10:40:55 | 000,000,000 | ---D | C] NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/10/30 10:24:31 | 000,031,232 | ---- | C] (NirSoft) SWREG.exe -> C:\Windows\SWREG.exe -> [2010/10/30 10:24:30 | 000,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2010/10/30 10:24:30 | 000,136,704 | ---- | C] (SteelWerX) ERDNT -> C:\Windows\ERDNT -> [2010/10/30 10:24:11 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2010/10/30 10:23:12 | 000,000,000 | ---D | C] SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/10/30 10:22:46 | 000,212,480 | ---- | C] (SteelWerX) 32788R22FWJFW -> C:\32788R22FWJFW -> [2010/10/30 10:22:40 | 000,000,000 | ---D | C] hijack this -> C:\Users\Vista User\Desktop\hijack this -> [2010/10/26 18:45:24 | 000,000,000 | ---D | C] gameux.dll -> C:\Windows\System32\gameux.dll -> [2010/10/26 18:43:52 | 001,696,256 | ---- | C] (Microsoft Corporation) GameUXLegacyGDFs.dll -> C:\Windows\System32\GameUXLegacyGDFs.dll -> [2010/10/26 18:43:51 | 004,240,384 | ---- | C] (Microsoft) Apphlpdm.dll -> C:\Windows\System32\Apphlpdm.dll -> [2010/10/26 18:43:51 | 000,028,672 | ---- | C] (Microsoft Corporation) PCPitstop -> C:\ProgramData\PCPitstop -> [2010/10/26 12:02:22 | 000,000,000 | ---D | C] PCPitstop -> C:\Program Files\PCPitstop -> [2010/10/26 12:02:21 | 000,000,000 | ---D | C] MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2010/10/25 17:30:55 | 000,222,080 | ---- | C] (Microsoft Corporation) Microsoft Security Essentials -> C:\Program Files\Microsoft Security Essentials -> [2010/10/25 17:27:45 | 000,000,000 | ---D | C] Map Overlays -> C:\Users\Vista User\Documents\Map Overlays -> [2010/10/25 16:42:10 | 000,000,000 | ---D | C] Hitman Pro 3.5 -> C:\Program Files\Hitman Pro 3.5 -> [2010/10/22 15:19:25 | 000,000,000 | ---D | C] Hitman Pro -> C:\ProgramData\Hitman Pro -> [2010/10/22 15:18:45 | 000,000,000 | ---D | C] javaws.exe -> C:\Windows\System32\javaws.exe -> [2010/10/22 11:30:21 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) javaw.exe -> C:\Windows\System32\javaw.exe -> [2010/10/22 11:30:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) java.exe -> C:\Windows\System32\java.exe -> [2010/10/22 11:30:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) Windows Easy Transfer 7 -> C:\Program Files\Windows Easy Transfer 7 -> [2010/10/21 11:21:28 | 000,000,000 | ---D | C] www.shadowexplorer.com -> C:\Users\Vista User\AppData\Local\www.shadowexplorer.com -> [2010/10/20 17:25:02 | 000,000,000 | ---D | C] ShadowExplorer -> C:\Program Files\ShadowExplorer -> [2010/10/20 17:07:10 | 000,000,000 | ---D | C] Malwarebytes -> C:\Users\Vista User\AppData\Roaming\Malwarebytes -> [2010/10/20 15:32:03 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/10/20 15:31:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/10/20 15:31:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/10/20 15:31:51 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/10/20 15:31:51 | 000,000,000 | ---D | C] NPE -> C:\Users\Vista User\AppData\Local\NPE -> [2010/10/19 14:01:42 | 000,000,000 | ---D | C] vlc -> C:\Users\Vista User\AppData\Roaming\vlc -> [2010/10/18 16:59:47 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Users\Vista User\AppData\Roaming\SUPERAntiSpyware.com -> [2010/10/16 13:48:19 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/10/16 13:48:19 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/10/16 13:48:11 | 000,000,000 | ---D | C] wmploc.DLL -> C:\Windows\System32\wmploc.DLL -> [2010/10/15 09:37:06 | 008,147,456 | ---- | C] (Microsoft Corporation) netevent.dll -> C:\Windows\System32\netevent.dll -> [2010/10/15 09:36:42 | 000,017,920 | ---- | C] (Microsoft Corporation) t2embed.dll -> C:\Windows\System32\t2embed.dll -> [2010/10/15 09:36:26 | 000,157,184 | ---- | C] (Microsoft Corporation) win32k.sys -> C:\Windows\System32\win32k.sys -> [2010/10/15 09:36:23 | 002,038,272 | ---- | C] (Microsoft Corporation) mfc40.dll -> C:\Windows\System32\mfc40.dll -> [2010/10/15 09:36:19 | 000,954,752 | ---- | C] (Microsoft Corporation) mfc40u.dll -> C:\Windows\System32\mfc40u.dll -> [2010/10/15 09:36:19 | 000,954,288 | ---- | C] (Microsoft Corporation) msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2010/10/15 09:36:14 | 000,602,112 | ---- | C] (Microsoft Corporation) html.iec -> C:\Windows\System32\html.iec -> [2010/10/15 09:36:14 | 000,385,024 | ---- | C] (Microsoft Corporation) licmgr10.dll -> C:\Windows\System32\licmgr10.dll -> [2010/10/15 09:36:14 | 000,043,520 | ---- | C] (Microsoft Corporation) inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2010/10/15 09:36:13 | 001,469,440 | ---- | C] (Microsoft Corporation) mstime.dll -> C:\Windows\System32\mstime.dll -> [2010/10/15 09:36:13 | 000,611,840 | ---- | C] (Microsoft Corporation) iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2010/10/15 09:36:08 | 000,387,584 | ---- | C] (Microsoft Corporation) ieui.dll -> C:\Windows\System32\ieui.dll -> [2010/10/15 09:36:08 | 000,164,352 | ---- | C] (Microsoft Corporation) mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2010/10/15 09:36:07 | 001,638,912 | ---- | C] (Microsoft Corporation) iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2010/10/15 09:36:07 | 000,184,320 | ---- | C] (Microsoft Corporation) ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2010/10/15 09:36:07 | 000,173,056 | ---- | C] (Microsoft Corporation) ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2010/10/15 09:36:07 | 000,133,632 | ---- | C] (Microsoft Corporation) iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2010/10/15 09:36:07 | 000,109,056 | ---- | C] (Microsoft Corporation) iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2010/10/15 09:36:07 | 000,071,680 | ---- | C] (Microsoft Corporation) iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2010/10/15 09:36:07 | 000,055,808 | ---- | C] (Microsoft Corporation) msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2010/10/15 09:36:07 | 000,055,296 | ---- | C] (Microsoft Corporation) jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2010/10/15 09:36:07 | 000,025,600 | ---- | C] (Microsoft Corporation) msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2010/10/15 09:36:07 | 000,013,312 | ---- | C] (Microsoft Corporation) msshsq.dll -> C:\Windows\System32\msshsq.dll -> [2010/10/15 09:36:04 | 000,231,424 | ---- | C] (Microsoft Corporation) wmpmde.dll -> C:\Windows\System32\wmpmde.dll -> [2010/10/15 09:36:02 | 000,867,328 | ---- | C] (Microsoft Corporation) syncdb -> C:\Windows\System32\syncdb -> [2010/10/14 18:54:50 | 000,000,000 | ---D | C] Mswinsck.OCX -> C:\Windows\System32\Mswinsck.OCX -> [2010/10/13 11:11:02 | 000,108,336 | ---- | C] (Microsoft Corporation) MSINET.OCX -> C:\Windows\System32\MSINET.OCX -> [2010/10/13 11:11:01 | 000,132,880 | ---- | C] (Microsoft Corporation) regid.1986-12.com.adobe -> C:\ProgramData\regid.1986-12.com.adobe -> [2010/10/11 12:24:56 | 000,000,000 | ---D | C] Adobe -> C:\Users\Vista User\Documents\Adobe -> [2010/10/11 12:24:51 | 000,000,000 | ---D | C] vso -> C:\Program Files\vso -> [2010/10/08 20:31:45 | 000,000,000 | ---D | C] Video to DVD Burner -> C:\Users\Vista User\Documents\Video to DVD Burner -> [2010/10/06 18:19:47 | 000,000,000 | ---D | C] tv license -> C:\Users\Vista User\Documents\tv license -> [2010/10/05 19:52:30 | 000,000,000 | ---D | C] pcouffin.sys -> C:\Users\Vista User\AppData\Roaming\pcouffin.sys -> [2008/12/13 15:25:16 | 000,047,360 | ---- | C] (VSO Software) Interop.Shell32.dll -> C:\Windows\System32\Interop.Shell32.dll -> [2006/12/07 12:18:24 | 000,053,248 | ---- | C] ( ) [Files/Folders - Modified Within 30 Days] GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000UA.job -> [2010/11/01 10:19:00 | 000,000,926 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/11/01 10:15:16 | 000,609,196 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/11/01 10:15:16 | 000,108,672 | ---- | M] () Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2010/11/01 10:12:42 | 000,000,868 | ---- | M] () nvModes.001 -> C:\Users\Vista User\AppData\Roaming\nvModes.001 -> [2010/11/01 10:12:01 | 000,013,260 | ---- | M] () hosts.ics -> C:\Windows\System32\drivers\etc\hosts.ics -> [2010/11/01 10:10:27 | 000,000,436 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/11/01 10:09:29 | 000,003,168 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/11/01 10:09:29 | 000,003,168 | -H-- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/01 10:09:28 | 000,000,880 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/11/01 10:09:10 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/11/01 10:08:46 | 2951,397,376 | -HS- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/01 09:59:01 | 000,000,884 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1347133558-1696348400-1136593757-1000Core.job -> [2010/10/31 19:04:57 | 000,000,874 | ---- | M] () OTS.exe -> C:\Users\Vista User\Desktop\OTS.exe -> [2010/10/31 19:00:54 | 000,641,536 | ---- | M] (OldTimer Tools) nvModes.dat -> C:\Users\Vista User\AppData\Roaming\nvModes.dat -> [2010/10/31 18:57:24 | 000,013,260 | ---- | M] () SecurityCheck.exe -> C:\Users\Vista User\Desktop\SecurityCheck.exe -> [2010/10/31 10:42:09 | 000,869,086 | ---- | M] () TFC.exe -> C:\Users\Vista User\Desktop\TFC.exe -> [2010/10/30 15:51:05 | 000,446,464 | ---- | M] (OldTimer Tools) KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2010/10/30 14:55:12 | 000,007,048 | -HS- | M] () OTL.exe -> C:\Users\Vista User\Desktop\OTL.exe -> [2010/10/30 11:43:34 | 000,575,488 | ---- | M] (OldTimer Tools) HOSTS.MVP -> C:\Windows\System32\drivers\etc\HOSTS.MVP -> [2010/10/30 02:06:04 | 000,623,384 | ---- | M] () HOSTS -> C:\Windows\System32\drivers\etc\HOSTS -> [2010/10/30 02:06:04 | 000,623,384 | ---- | M] () ComboFix.exe -> C:\Users\Vista User\Desktop\ComboFix.exe -> [2010/10/29 17:33:24 | 003,894,257 | R--- | M] () RKUnhookerLE.EXE -> C:\Users\Vista User\Desktop\RKUnhookerLE.EXE -> [2010/10/29 09:45:16 | 000,133,632 | ---- | M] () MBR.exe -> C:\Windows\MBR.exe -> [2010/10/28 17:21:27 | 000,084,992 | ---- | M] () Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/10/25 17:27:46 | 000,000,906 | ---- | M] () hitmanpro35.sys -> C:\Windows\System32\drivers\hitmanpro35.sys -> [2010/10/22 15:19:27 | 000,016,968 | ---- | M] () d3d9caps.dat -> C:\Users\Vista User\AppData\Local\d3d9caps.dat -> [2010/10/20 11:15:53 | 000,001,356 | ---- | M] () MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2010/10/19 20:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) Command Prompt.lnk -> C:\Users\Vista User\Desktop\Command Prompt.lnk -> [2010/10/19 16:51:30 | 000,001,659 | ---- | M] () http___us.norton.com_support_premium_services_malware_removal_guide.pdf -> C:\Users\Vista User\Documents\http___us.norton.com_support_premium_services_malware_removal_guide.pdf -> [2010/10/19 16:15:40 | 001,641,025 | ---- | M] () VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2010/10/18 16:59:37 | 000,000,695 | ---- | M] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/10/16 09:25:39 | 000,306,144 | ---- | M] () MRT.INI -> C:\Windows\System32\MRT.INI -> [2010/10/16 08:59:06 | 000,000,118 | ---- | M] () mfc703.dll -> C:\Windows\System32\mfc703.dll -> [2010/10/11 16:37:13 | 000,116,736 | RHS- | M] () Adobe Acrobat Speed Launcher.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [2010/10/09 09:14:19 | 000,002,437 | ---- | M] () Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2010/10/08 19:34:54 | 000,001,691 | ---- | M] () [Files - No Company Name] SecurityCheck.exe -> C:\Users\Vista User\Desktop\SecurityCheck.exe -> [2010/10/31 10:42:06 | 000,869,086 | ---- | C] () PEV.exe -> C:\Windows\PEV.exe -> [2010/10/30 10:24:31 | 000,256,512 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2010/10/30 10:24:31 | 000,084,992 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2010/10/30 10:24:30 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2010/10/30 10:24:30 | 000,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2010/10/30 10:24:30 | 000,068,096 | ---- | C] () ComboFix.exe -> C:\Users\Vista User\Desktop\ComboFix.exe -> [2010/10/29 17:33:09 | 003,894,257 | R--- | C] () RKUnhookerLE.EXE -> C:\Users\Vista User\Desktop\RKUnhookerLE.EXE -> [2010/10/29 09:45:14 | 000,133,632 | ---- | C] () Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/10/25 17:27:46 | 000,000,906 | ---- | C] () hitmanpro35.sys -> C:\Windows\System32\drivers\hitmanpro35.sys -> [2010/10/22 15:19:27 | 000,016,968 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2010/10/20 11:29:45 | 2951,397,376 | -HS- | C] () Command Prompt.lnk -> C:\Users\Vista User\Desktop\Command Prompt.lnk -> [2010/10/19 16:51:30 | 000,001,659 | ---- | C] () http___us.norton.com_support_premium_services_malware_removal_guide.pdf -> C:\Users\Vista User\Documents\http___us.norton.com_support_premium_services_malware_removal_guide.pdf -> [2010/10/19 16:15:39 | 001,641,025 | ---- | C] () VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2010/10/18 16:59:36 | 000,000,695 | ---- | C] () MRT.INI -> C:\Windows\System32\MRT.INI -> [2010/10/16 08:59:06 | 000,000,118 | ---- | C] () mfc703.dll -> C:\Windows\System32\mfc703.dll -> [2010/10/11 16:37:13 | 000,116,736 | RHS- | C] () Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2010/10/08 19:34:52 | 000,001,691 | ---- | C] () jhvr_b24.ini -> C:\Windows\jhvr_b24.ini -> [2010/05/20 10:36:17 | 000,003,689 | ---- | C] () impborl.dll -> C:\Windows\impborl.dll -> [2010/02/24 17:02:06 | 000,012,288 | ---- | C] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2009/09/12 09:18:54 | 000,000,258 | RHS- | C] () EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/08/19 09:16:35 | 000,117,248 | ---- | C] () OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () .zreglib -> C:\ProgramData\.zreglib -> [2009/03/23 17:40:10 | 000,000,041 | -HS- | C] () UserTile.png -> C:\Users\Vista User\AppData\Roaming\UserTile.png -> [2009/02/10 21:14:42 | 000,024,206 | ---- | C] () msrctp.ini -> C:\Windows\System32\msrctp.ini -> [2009/01/10 18:06:40 | 000,000,003 | ---- | C] () d3d9caps.dat -> C:\Users\Vista User\AppData\Local\d3d9caps.dat -> [2008/12/20 18:12:04 | 000,001,356 | ---- | C] () pcouffin.log -> C:\Users\Vista User\AppData\Roaming\pcouffin.log -> [2008/12/13 15:25:56 | 000,000,034 | ---- | C] () pcouffin.cat -> C:\Users\Vista User\AppData\Roaming\pcouffin.cat -> [2008/12/13 15:25:16 | 000,007,887 | ---- | C] () pcouffin.inf -> C:\Users\Vista User\AppData\Roaming\pcouffin.inf -> [2008/12/13 15:25:16 | 000,001,144 | ---- | C] () KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2008/11/26 14:37:19 | 000,011,270 | -HS- | C] () EBFCAC4176.sys -> C:\ProgramData\EBFCAC4176.sys -> [2008/11/26 14:37:19 | 000,000,168 | RHS- | C] () KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/11/26 11:23:28 | 000,007,048 | -HS- | C] () 9DC5C30FED.sys -> C:\Windows\System32\9DC5C30FED.sys -> [2008/11/26 11:23:28 | 000,000,168 | RHS- | C] () ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2008/11/25 20:26:18 | 000,000,056 | -H-- | C] () hpzinstall.log -> C:\ProgramData\hpzinstall.log -> [2008/11/25 15:54:56 | 000,004,488 | ---- | C] () M2000T07.ini -> C:\Windows\M2000T07.ini -> [2008/11/18 16:52:11 | 000,015,190 | ---- | C] () int15.sys -> C:\Windows\System32\drivers\int15.sys -> [2008/11/18 11:21:55 | 000,076,584 | ---- | C] () int15_64.sys -> C:\Windows\System32\drivers\int15_64.sys -> [2008/11/18 11:21:55 | 000,015,656 | ---- | C] () NATTraversal.dll -> C:\Windows\System32\NATTraversal.dll -> [2008/11/18 11:20:08 | 000,065,536 | ---- | C] () Acer.ini -> C:\Windows\Acer.ini -> [2008/11/18 11:05:49 | 000,000,037 | ---- | C] () nvModes.001 -> C:\Users\Vista User\AppData\Roaming\nvModes.001 -> [2008/11/18 11:05:09 | 000,013,260 | ---- | C] () nvModes.dat -> C:\Users\Vista User\AppData\Roaming\nvModes.dat -> [2008/11/18 11:05:02 | 000,013,260 | ---- | C] () NotesExtmngr.dll -> C:\Windows\System32\NotesExtmngr.dll -> [2007/01/02 18:54:14 | 000,266,240 | ---- | C] () NotesActnMenu.dll -> C:\Windows\System32\NotesActnMenu.dll -> [2007/01/02 18:53:54 | 000,204,800 | ---- | C] () MSNSpook.dll -> C:\Windows\System32\MSNSpook.dll -> [2007/01/02 18:53:20 | 000,086,016 | ---- | C] () MsnChatHook_org.dll -> C:\Windows\System32\MsnChatHook_org.dll -> [2007/01/02 18:52:40 | 000,037,376 | ---- | C] () BatchCrypto.dll -> C:\Windows\System32\BatchCrypto.dll -> [2007/01/02 18:52:28 | 000,028,672 | ---- | C] () APISlice.dll -> C:\Windows\System32\APISlice.dll -> [2007/01/02 18:52:26 | 000,073,728 | ---- | C] () ShowErrMsg.dll -> C:\Windows\System32\ShowErrMsg.dll -> [2007/01/02 18:52:18 | 000,063,488 | ---- | C] () MailFormat_U.dll -> C:\Windows\System32\MailFormat_U.dll -> [2006/12/25 15:44:48 | 000,022,016 | ---- | C] () NTIBUN4.dll -> C:\Windows\System32\NTIBUN4.dll -> [2006/12/07 13:44:32 | 000,001,024 | RH-- | C] () ScrollBarLib.dll -> C:\Windows\System32\ScrollBarLib.dll -> [2006/12/07 12:18:26 | 000,331,776 | ---- | C] () UBHelper.sys -> C:\Windows\System32\drivers\UBHelper.sys -> [2006/12/07 12:05:27 | 000,013,952 | ---- | C] () _psisdecd.dll -> C:\Windows\System32\_psisdecd.dll -> [2006/12/07 12:04:14 | 000,198,144 | ---- | C] () iconv.dll -> C:\Windows\iconv.dll -> [2006/12/02 07:24:39 | 000,872,448 | ---- | C] () libxml2.dll -> C:\Windows\libxml2.dll -> [2006/12/02 07:24:39 | 000,743,424 | ---- | C] () Capsule.dll -> C:\Windows\Capsule.dll -> [2006/12/02 07:24:39 | 000,204,800 | ---- | C] () PreLaunch.ini -> C:\Windows\PreLaunch.ini -> [2006/12/02 07:24:39 | 000,000,042 | ---- | C] () WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2006/12/02 07:24:38 | 001,060,424 | ---- | C] () sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2006/11/02 10:25:21 | 000,061,440 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () multiplex_vcd.dll -> C:\Windows\System32\multiplex_vcd.dll -> [2001/12/26 23:12:30 | 000,065,536 | ---- | C] () Hmpg12.dll -> C:\Windows\System32\Hmpg12.dll -> [2001/09/04 06:46:38 | 000,110,592 | ---- | C] () HMPV2_ENC.dll -> C:\Windows\System32\HMPV2_ENC.dll -> [2001/07/30 23:33:56 | 000,118,784 | ---- | C] () HMPV2_ENC_MMX.dll -> C:\Windows\System32\HMPV2_ENC_MMX.dll -> [2001/07/24 05:04:36 | 000,118,784 | ---- | C] () [Alternate Data Streams] @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0B9D8E22 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:242231A9 < End of report >
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 500 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware