Jump to content

Possible infection - Files appearing in Windows Directory


Gren
 Share

Recommended Posts

Hoping this is all nothing but some strange files have started appearing in my Windows directory.

They all come in pairs : a DAT file and an application file - both with the same filename. At least 1 pair of these files appear each day - their time and date is the same as when I log off. They all have a 6 to 8 numerical digit file name (e.g. 3422037 or 44715657). All files are small (8k applications and the DAT files simply contain '<<<<') and show no signs of being accessed after creation. All are unhidden and can be deleted normally.

Looks very dodgy and after one MBAM scan several were picked up as rootkit.agent. Many more though were left behind and several scans since (with MBAM, SAS and A-Squared) reveal nothing. A HijackThis log revealed nothing.....although I'm not sure what I really should be looking for.

Lastly OA and A-Squared guard show no signs of anything untoward happening.

Any thoughts of what this might be?

Link to post
Share on other sites

You need to post the exact file names if you want the best help and hopefully you updated those programs before scanning with them?

Thanks, will do. Am at work now (on another pc) but will post filenames, although they do appear to be randomly generated. Will also provide the HijackThis log and anything from MBAM.

All programs scanned were up to date before scanning.

Link to post
Share on other sites

Filenames (since my last purge of them) :

8250362 DAT & EXE

6300084 DAT & EXE

________________________________________

MBAM Quarantine screenshot attached

__________________________________________

HijackThis Log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:34:53, on 14/03/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\system32\svchost.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\a-squared Anti-Malware\a2guard.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Sticky Password\stpass.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Gren\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

C:\Program Files\BUFFALO\NASNAVI\nassche.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

D:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=

F3 - REG:win.ini: run=

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\OAui.exe"

O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\Windows\TEMP\E_SAB4C.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [stickyPassword] C:\Program Files\Sticky Password\stpass.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [\\LS-CHL964\lp] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\Windows\TEMP\E_S1805.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series (Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\Users\Gren\AppData\Local\Temp\E_SD70C.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

O4 - Startup: NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: eNetHook.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)

O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 14651 bytes

post-35843-1268681295_thumb.png

Link to post
Share on other sites

Any thoughts from anyone?

Just done another MBAM scan and it picked up the latest file as well :

Malwarebytes' Anti-Malware 1.44

Database version: 3874

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

16/03/2010 18:28:29

mbam-log-2010-03-16 (18-28-29).txt

Scan type: Quick Scan

Objects scanned: 131493

Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\1616622.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello Gren

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    mv61xx.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites

Firstly, thanks for your help!

Below are the files from both OTL and GMER. I had to run GMER in safe mode as I got a BSOD every time I ran it normally despit eswitching off all my security programs. Not sure if there is anything else I can do to stop this?

________________________________________________________________________________

_

OTL.TXT

OTL logfile created on: 23/03/2010 07:47:36 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Gren\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free

Paging file location(s): f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 71.84 Gb Total Space | 23.16 Gb Free Space | 32.24% Space Free | Partition Type: NTFS

Drive D: | 72.33 Gb Total Space | 37.49 Gb Free Space | 51.83% Space Free | Partition Type: NTFS

Drive E: | 2.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 4.88 Gb Total Space | 3.61 Gb Free Space | 73.94% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GG-LAPTOP

Current User Name: Gren

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Gren\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)

PRC - C:\Program Files\Tall Emu\Online Armor\oahlp.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)

PRC - C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)

PRC - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

PRC - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

PRC - C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)

PRC - C:\Program Files\Sticky Password\stpass.exe (StickyPassword.com)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe (Smith Micro Software, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Users\Gren\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Gren\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Tall Emu\Online Armor\oawatch.dll (Tall Emu)

MOD - C:\Program Files\a-squared Anti-Malware\a2handler.dll (Emsi Software GmbH)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b3

6\msvcr80.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b3

6\msvcp80.dll (Microsoft Corporation)

MOD - C:\Program Files\Sticky Password\spcapbtn.dll (StickyPassword.com)

MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dbghelp.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d

131\mfc80ENU.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll (Microsoft Corporation)

MOD - C:\Windows\System32\MSNChatHook.dll (HiTRUST Inc.)

MOD - C:\Windows\System32\sysenv.dll (HiTRUST)

MOD - C:\Windows\System32\BatchCrypto.dll ()

MOD - C:\Windows\System32\ShowErrMsg.dll ()

MOD - C:\Windows\System32\eNetHook.dll (acer)

MOD - C:\Windows\System32\CryptoAPI.dll (HiTRUST)

MOD - C:\Windows\System32\keyManager.dll (HiTRSUT)

========== Win32 Services (SafeList) ==========

SRV - (SPTISRV) -- File not found

SRV - (PACSPTISVR) -- File not found

SRV - (MSCSPTISRV) -- File not found

SRV - (gusvc) -- File not found

SRV - (SvcOnlineArmor) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

SRV - (OAcat) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)

SRV - (a2AntiMalware) -- C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)

SRV - (NasPmService) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe (Smith Micro Software, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()

SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)

========== Driver Services (SafeList) ==========

DRV - (OAnet) -- C:\Windows\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)

DRV - (OAmon) -- C:\Windows\System32\drivers\OAmon.sys (Tall Emu)

DRV - (OADevice) -- C:\Windows\System32\drivers\OADriver.sys (Tall Emu)

DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (KeyScrambler) -- C:\Windows\System32\drivers\keyscrambler.sys (QFX Software Corporation)

DRV - (SymAFR) -- C:\Windows\System32\drivers\SymAFR.sys (Windows ® Codename Longhorn DDK provider)

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)

DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)

DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)

DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\Windows\System32\drivers\se44unic.sys (MCCI)

DRV - (se44obex) -- C:\Windows\System32\drivers\se44obex.sys (MCCI)

DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\Windows\System32\drivers\se44nd5.sys (MCCI)

DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\se44mgmt.sys (MCCI)

DRV - (se44mdm) -- C:\Windows\System32\drivers\se44mdm.sys (MCCI)

DRV - (se44mdfl) -- C:\Windows\System32\drivers\se44mdfl.sys (MCCI)

DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\Windows\System32\drivers\se44bus.sys (MCCI)

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\Windows\System32\drivers\lv321av.sys (Logitech Inc.)

DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)

DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)

DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)

DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (UIUSys) -- C:\Windows\System32\drivers\UIUSYS.SYS (Conexant Systems, Inc)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525

FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.4.1.1

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57

FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {54affe52-8223-453b-be1e-2fe2e250045c}:2.0.38

FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.1

FF - prefs.js..extensions.enabledItems: {04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}:4.0.2

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - prefs.js..extensions.enabledItems: {bf70ba50-e70d-11dd-ba2f-0800200c9a66}:1.0.8

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.5

FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.2.09.12.20

FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030

FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/14 20:40:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 13:20:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 13:20:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/05/19 20:12:54 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Extensions

[2008/05/19 20:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/03/23 07:42:45 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions

[2009/08/02 13:18:37 | 000,000,000 | ---D | M] (Azerty III) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}

[2010/01/27 18:56:37 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}

[2008/09/27 12:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

[2009/07/15 06:24:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/14 15:30:44 | 000,000,000 | ---D | M] (Finjan Secure Browsing) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{27a03cf3-856f-46b8-91cb-7289f58c7e6e}(206)

[2010/03/21 18:37:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/02/28 17:31:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(207)

[2008/10/16 16:51:42 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}

[2009/06/04 06:21:49 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2009/12/28 20:49:45 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}

[2008/09/27 12:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}

[2010/02/23 17:34:32 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(208)

[2009/08/14 09:45:14 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}

[2009/07/10 17:01:35 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}

[2010/01/09 10:21:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/01/12 18:59:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2008/03/01 19:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(271)

[2010/03/21 18:37:33 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2008/10/25 08:49:07 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

[2008/09/27 12:05:49 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\gmailthis@lazyrussian.com

[2009/03/28 06:32:47 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\keyscrambler@qfx.software.corporation

[2010/03/14 19:18:55 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\noia2_option@kk.noia

[2009/03/29 11:16:23 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\smartbookmarksbar@remy.juteau

[2010/01/16 20:55:56 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com

[2008/03/03 19:22:34 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch-1.xml

[2008/03/05 07:56:23 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch-2.xml

[2008/03/01 12:42:39 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch.xml

[2010/01/05 21:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/06 13:20:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/10/03 10:20:39 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2007/08/02 17:37:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[2008/01/01 18:42:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2010/01/06 13:19:56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/01/06 13:19:56 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/30 15:29:22 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2010/01/06 13:20:01 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2007/05/10 22:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/07/01 13:17:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/07/01 13:17:04 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/07/01 13:17:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/07/01 13:17:04 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/07/01 13:17:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/07/01 13:17:04 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/07/01 13:17:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/07/01 13:17:04 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/10/21 10:55:39 | 000,193,326 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 babe.the-killer.bz

O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz

O1 - Hosts: 127.0.0.1 babe.k-lined.com

O1 - Hosts: 127.0.0.1 www.babe.k-lined.com

O1 - Hosts: 127.0.0.1 did.i-used.cc

O1 - Hosts: 127.0.0.1 www.did.i-used.cc

O1 - Hosts: 127.0.0.1 coolwwwsearch.com

O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com

O1 - Hosts: 127.0.0.1 coolwebsearch.com

O1 - Hosts: 127.0.0.1 www.coolwebsearch.com

O1 - Hosts: 127.0.0.1 hi.studioaperto.net

O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net

O1 - Hosts: 127.0.0.1 wazzupnet.com

O1 - Hosts: 127.0.0.1 www.wazzupnet.com

O1 - Hosts: 127.0.0.1 gueb.com

O1 - Hosts: 127.0.0.1 www.gueb.com

O1 - Hosts: 127.0.0.1 kabex.com

O1 - Hosts: 127.0.0.1 www.kabex.com

O1 - Hosts: 127.0.0.1 hityou.com

O1 - Hosts: 127.0.0.1 www.hityou.com

O1 - Hosts: 127.0.0.1 miosearch.com

O1 - Hosts: 127.0.0.1 www.miosearch.com

O1 - Hosts: 127.0.0.1 blue-elefant.com

O1 - Hosts: 6848 more lines...

O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll File not found

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\OAui.exe (Tall Emu)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [\\LS-CHL964\lp] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series (Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [stickyPassword] C:\Program Files\Sticky Password\stpass.exe (StickyPassword.com)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Gren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

O4 - Startup: C:\Users\Gren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1238.0601.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1238.0601.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: D:\Pictures\01356_crepuscule_1280x800.jpg

O24 - Desktop BackupWallPaper: D:\Pictures\01356_crepuscule_1280x800.jpg

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007/09/18 23:21:52 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]

O32 - AutoRun File - [2007/09/17 18:48:04 | 000,263,744 | R--- | M] (Firaxis Games) - E:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007/09/20 02:18:35 | 000,006,276 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias [2008/03/21 11:32:28 | 000,000,000 | ---D | M]

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/03/23 07:43:22 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Gren\Desktop\OTL.exe

[2010/03/16 19:38:53 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys

[2010/03/16 18:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/03/14 19:05:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/03/14 19:05:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010/03/14 17:37:47 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/03/14 17:37:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/03/14 17:37:10 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/03/14 17:37:09 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/03/14 17:37:03 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/03/14 17:37:03 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/03/14 17:37:02 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/03/14 17:37:02 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/03/14 17:37:02 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/03/14 17:37:02 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/03/14 17:37:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/03/14 17:37:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/03/14 17:37:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/03/14 17:36:50 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010/03/14 17:36:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2010/03/14 17:36:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2010/03/14 17:36:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2010/03/14 17:36:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2010/03/14 17:03:06 | 000,000,000 | ---D | C] -- C:\Users\Gren\Pavark

[2007/04/07 17:27:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/03/23 07:47:52 | 005,767,168 | -HS- | M] () -- C:\Users\Gren\ntuser.dat

[2010/03/23 07:44:30 | 000,014,872 | ---- | M] () -- D:\Documents\Rootkit Removal.docx

[2010/03/23 07:34:59 | 000,707,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/03/23 07:34:59 | 000,611,610 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/03/23 07:34:59 | 000,110,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/03/23 07:30:00 | 000,035,166 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\nvModes.001

[2010/03/23 07:28:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/23 07:28:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/23 07:28:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/23 07:28:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/23 07:27:55 | 2143,428,608 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/23 07:27:52 | 002,052,139 | ---- | M] () -- C:\Windows\System32\oodbs.lor

[2010/03/21 18:47:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/03/21 18:46:57 | 000,524,288 | -HS- | M] () -- C:\Users\Gren\ntuser.dat{230c4149-f1a6-11de-8466-e6af621d9156}.TMContainer00000000000000000001.regtrans-ms

[2010/03/21 18:46:57 | 000,065,536 | -HS- | M] () -- C:\Users\Gren\ntuser.dat{230c4149-f1a6-11de-8466-e6af621d9156}.TM.blf

[2010/03/21 18:46:42 | 002,114,736 | -H-- | M] () -- C:\Users\Gren\AppData\Local\IconCache.db

[2010/03/21 18:23:09 | 000,035,166 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\nvModes.dat

[2010/03/19 20:18:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

[2010/03/19 18:31:14 | 000,018,897 | ---- | M] () -- D:\Documents\HG Chars.xlsx

[2010/03/19 16:44:01 | 000,012,354 | ---- | M] () -- D:\Documents\Rogue.docx

[2010/03/19 07:50:55 | 000,040,675 | ---- | M] () -- D:\Documents\Item List.xlsx

[2010/03/18 15:41:17 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Gren\Desktop\OTL.exe

[2010/03/15 19:27:43 | 000,125,579 | ---- | M] () -- D:\Documents\MBAM.png

[2010/03/14 19:27:51 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat

[2010/03/14 19:17:52 | 000,120,632 | ---- | M] () -- C:\Users\Gren\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/03/14 19:13:09 | 000,428,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/03/11 19:18:54 | 000,011,308 | ---- | M] () -- D:\Documents\Wizzy.docx

[2010/03/10 21:52:05 | 000,020,633 | ---- | M] () -- D:\Documents\BUR Subraces.xlsx

[2010/03/09 15:21:39 | 000,012,739 | ---- | M] () -- D:\Documents\Dualing Ranger.docx

[2010/03/08 20:35:02 | 000,013,288 | ---- | M] () -- D:\Documents\Bane Knight.docx

[2010/03/04 07:51:15 | 000,011,894 | ---- | M] () -- D:\Documents\dex damage assassin.docx

[2010/03/01 21:09:39 | 000,274,887 | ---- | M] () -- D:\Documents\Civ IV Basic Strategy Guide-4.1.pdf

========== Files Created - No Company Name ==========

[2010/03/23 07:44:29 | 000,014,872 | ---- | C] () -- D:\Documents\Rootkit Removal.docx

[2010/03/19 07:50:55 | 000,040,675 | ---- | C] () -- D:\Documents\Item List.xlsx

[2010/03/19 07:20:57 | 2143,428,608 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/15 19:26:57 | 000,125,579 | ---- | C] () -- D:\Documents\MBAM.png

[2010/03/14 19:27:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/03/11 18:31:09 | 000,011,308 | ---- | C] () -- D:\Documents\Wizzy.docx

[2010/03/08 20:03:30 | 000,002,713 | ---- | C] () -- D:\Documents\Microsoft Office Diagnostics.lnk

[2010/03/04 07:51:14 | 000,011,894 | ---- | C] () -- D:\Documents\dex damage assassin.docx

[2010/03/01 21:09:39 | 000,274,887 | ---- | C] () -- D:\Documents\Civ IV Basic Strategy Guide-4.1.pdf

[2009/05/18 18:06:08 | 000,000,180 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\setup.log

[2009/05/18 18:05:44 | 000,000,760 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\setup_ldm.iss

[2009/05/15 10:36:50 | 000,014,344 | ---- | C] () -- C:\Windows\UN060501.INI

[2009/05/15 10:36:50 | 000,005,434 | ---- | C] () -- C:\Windows\UN070209.INI

[2009/01/23 10:18:38 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini

[2008/07/21 18:04:51 | 000,004,984 | ---- | C] () -- C:\ProgramData\jexqjxsy.dne

[2008/04/28 19:44:25 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008/01/10 17:13:14 | 000,000,680 | ---- | C] () -- C:\Users\Gren\AppData\Local\d3d9caps.dat

[2007/09/29 16:09:33 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI

[2007/09/29 16:03:52 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll

[2007/09/29 16:02:29 | 000,005,817 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2007/09/05 11:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2007/07/20 17:31:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2007/06/28 17:50:35 | 000,244,536 | ---- | C] () -- C:\ProgramData\Svclog.log

[2007/06/23 17:50:14 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI

[2007/05/27 20:08:51 | 000,030,920 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\UserTile.png

[2007/05/08 16:42:09 | 000,077,312 | ---- | C] () -- C:\Windows\ua2.dll

[2007/04/20 15:52:26 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

[2007/04/11 19:11:11 | 000,062,976 | ---- | C] () -- C:\Users\Gren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/09 14:29:12 | 000,247,824 | ---- | C] () -- C:\Windows\System32\prgiso.dll

[2007/04/09 14:29:11 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll

[2007/04/09 14:29:11 | 000,013,840 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll

[2007/04/08 10:51:31 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2007/04/07 17:45:07 | 000,035,166 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\nvModes.001

[2007/04/07 17:37:49 | 000,035,166 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\nvModes.dat

[2007/04/07 17:29:10 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2007/04/07 17:29:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2007/04/07 17:28:43 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2007/04/07 17:27:16 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/04/07 17:24:39 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll

[2007/04/07 17:17:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/04/07 17:13:02 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL

[2007/02/06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/02/06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/02/06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/02/06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/02/06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2007/02/06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/12/25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/09/28 18:17:35 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\2K Games

[2009/07/25 10:38:17 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Amazon

[2009/10/21 09:31:38 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\App Launcher Gadget

[2008/03/09 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Application Data

[2009/06/23 16:29:07 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Ashampoo

[2008/01/16 22:32:33 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Ashampoo Photo Commander 6

[2007/09/29 17:58:20 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Audacity

[2008/02/28 21:18:23 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Cool Record Edit Pro

[2007/09/27 06:41:21 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\DMCache

[2007/07/21 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\GHISLER

[2007/04/14 10:37:17 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\IE7pro

[2009/10/21 12:12:09 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\ImgBurn

[2007/07/06 18:28:28 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Lamantine

[2007/04/08 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Leadertech

[2008/04/10 13:14:30 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\MiniDm

[2007/05/12 09:29:15 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\MusicIP

[2009/12/25 09:41:37 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\NASNaviator2

[2009/04/20 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\OnlineArmor

[2007/07/04 17:18:50 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Seven Zip

[2007/04/20 12:38:02 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\SlySoft

[2007/06/16 07:39:53 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\SoftMaker

[2007/11/19 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Sony

[2009/11/18 13:23:26 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Spotify

[2008/03/01 15:22:33 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Spyware Terminator

[2009/10/21 11:36:46 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\uTorrent

[2010/03/19 20:18:00 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

[2010/03/21 18:47:02 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008/02/14 13:42:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008/02/14 13:42:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008/02/14 13:42:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: ENETHOOK.DLL >

[2006/12/28 19:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Acer\Empowering Technology\eNet\eNetHook.dll

[2006/12/28 19:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Windows\System32\eNetHook.dll

< MD5 for: IASTORV.SYS >

[2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/19 07:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008/01/19 07:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/19 07:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008/01/19 07:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 11:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2009/03/08 11:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2008/01/19 07:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2008/01/19 07:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:EFC3A3C4

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4B7BEAFF

< End of report >

Link to post
Share on other sites

Extras.txt

OTL Extras logfile created on: 23/03/2010 07:47:36 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Gren\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free

Paging file location(s): f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 71.84 Gb Total Space | 23.16 Gb Free Space | 32.24% Space Free | Partition Type: NTFS

Drive D: | 72.33 Gb Total Space | 37.49 Gb Free Space | 51.83% Space Free | Partition Type: NTFS

Drive E: | 2.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 4.88 Gb Total Space | 3.61 Gb Free Space | 73.94% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GG-LAPTOP

Current User Name: Gren

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2798282641-1572862682-3439786118-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0425659A-AC6A-4248-BB00-9E6D050075DB}" = lport=138 | protocol=17 | dir=in | app=system |

"{0595317A-972C-415F-8472-73EE092EEBB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |

"{0B1F9B06-8822-4BF7-AA61-FA792E463E4A}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

"{281EEC08-E360-4211-ACB0-213DE05487D5}" = lport=137 | protocol=17 | dir=in | app=system |

"{35B07445-DAEA-4AC1-9E43-4812A6B5B82E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{36B7BE66-4E2E-48DF-9028-14ACAA7D8BAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3717A849-68EE-4551-9708-B10F1BFF9040}" = rport=137 | protocol=17 | dir=out | app=system |

"{5597E56E-BEA9-44BD-B8C2-5D4458F4C6AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{667BED82-19D8-4B88-AA02-AFEE6A36EC66}" = lport=139 | protocol=6 | dir=in | app=system |

"{7501797D-D66F-4330-81D2-F2CE6A934FB5}" = lport=2869 | protocol=6 | dir=in | app=system |

"{76796806-E311-4DBF-981E-814F1BE3DAA5}" = rport=138 | protocol=17 | dir=out | app=system |

"{8364DF38-7152-468F-8C07-203E1DF65C61}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{88605130-8F30-4615-8464-949A5EB93E1A}" = rport=139 | protocol=6 | dir=out | app=system |

"{915FAE39-A4D7-4649-B57E-8E43C656F9FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A3976625-47D0-47D0-BFA1-722ACF579911}" = rport=445 | protocol=6 | dir=out | app=system |

"{B171665E-6A15-4621-849C-B6188F48BBB3}" = lport=445 | protocol=6 | dir=in | app=system |

"{BB1537C1-8381-450F-A657-03585CA41EB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

"{BE3B7B25-E49A-482C-B8B0-77840CB5AA66}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DF34F2D6-B4C6-4761-B1D9-85AEF72B215D}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03CB667A-11E3-4E0E-A3EE-71204422947B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{0EDB6AF3-A4FD-43C0-867B-2CB53754656A}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |

"{17BE029F-6509-4F8A-8338-BE71A566FF38}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |

"{1D4F0144-D44F-4BA7-BE28-7F985768B725}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |

"{2485CFEA-CCA8-4EC7-88B4-3F6D42A140C7}" = protocol=17 | dir=in | app=c:\users\gren\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |

"{29BB58DD-8B58-43CD-B5C0-6398A75476E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{2BA55B8F-460A-41B5-A0C0-25130D0749E4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2DD4B7C5-DC69-4DC7-81BF-F9129AD75D14}" = protocol=6 | dir=in | app=c:\users\gren\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |

"{37B99AE4-B4DA-4D41-9F63-707B9C58559E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{452A1413-869C-4CE8-8FF1-BB64F23436C2}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |

"{483A5186-74AC-4859-97E7-93D99C0FA0D6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{49D73E78-F237-4212-8314-EA12768F3527}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |

"{4B6B44A5-590B-4F55-9B8F-1594F4690A79}" = protocol=6 | dir=in | app=c:\users\gren\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |

"{54750F83-BF09-4502-9FAD-6875989287A9}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasinst.exe |

"{62BBCEDC-7DAB-4AF5-AC8D-E01F1295DB16}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{71E37970-C152-43F1-8BD3-3155646A8EBA}" = protocol=17 | dir=in | app=c:\program files\comodo\cboclean\boc423.exe |

"{76C79048-4901-48F8-8F7C-3C22FB6EC714}" = protocol=6 | dir=in | app=c:\program files\comodo\cboclean\boc423.exe |

"{77394CFC-CDC7-4517-9915-6EDA2C10CBF7}" = protocol=17 | dir=in | app=c:\users\gren\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |

"{7A10FF1C-AE6A-4F3D-A537-82C629B9B520}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |

"{8389CCF4-72FB-4F87-AAA3-E2F7F2732413}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasinst.exe |

"{83CAF829-D9AA-46FE-9C63-6561D992410F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{86FD09E3-8A59-4F0D-98C4-A0EBCCD6D5D7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{878AFB2A-6545-437C-8B58-411B099700AE}" = protocol=17 | dir=in | app=c:\program files\comodo\cboclean\boc4upd.exe |

"{8B1E6496-EB8D-4603-B86E-F28E09F7E217}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |

"{95F590D1-DAC9-44F3-941F-3C612187B974}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{9C949B7C-B4FC-47C7-8200-5D1422AD6A0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{A3E6E524-4FFE-4249-9D7B-ECF87625F1DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{A54733BB-217B-4F3D-944B-F47C75BFD8B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{AC1E838C-E5A5-4EB7-9879-549786297FBC}" = protocol=6 | dir=in | app=c:\program files\comodo\cboclean\boc4upd.exe |

"{B20FBD78-B414-43AC-880F-B656B6A810ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B7C01304-D242-4488-A6CA-CDF9E967E0B7}" = protocol=17 | dir=in | app=c:\users\gren\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |

"{BF49E6BF-44CD-40D5-82AF-985DD69EA32A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C0F52516-2322-419E-9AAA-09DEF443BE57}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{C44457E6-1594-4D7F-A67C-07F79E130F25}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C5F8E8C5-9B1C-471E-BBFE-3709B7C63814}" = protocol=6 | dir=in | app=c:\users\gren\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |

"{C913E35C-2768-4E17-9455-25AEDC15F514}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{CF749D77-3660-492A-A47B-B2395A82070C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DFA10EAA-9624-4586-9A56-A7A8390244BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E3C9D060-B0E3-49F5-86D2-7B294A88D5AA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{EEF1BF28-4C27-47EA-9502-7F82FD8EA07C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{F0EF7580-B7F7-409D-B1DE-0C2EEEE051ED}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |

"TCP Query User{27F440F8-C52B-44BF-BC80-C526043528C1}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |

"TCP Query User{4D6F6304-CD8F-434F-976E-703999715841}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |

"TCP Query User{56A99E9F-21CD-46A7-BCD3-734ED12900EA}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |

"TCP Query User{7A22C316-B9E0-4946-9E27-C03637620143}C:\program files\internet download manager\idman.exe" = protocol=6 | dir=in | app=c:\program files\internet download manager\idman.exe |

"TCP Query User{868B4C00-DC53-4AF8-99BD-60041CF4246F}C:\neverwinternights\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |

"TCP Query User{A688F16F-67D3-4989-B3B6-58226D3A0DF3}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"TCP Query User{A9688574-BDFD-4A50-ACEF-84E1DF7380B5}C:\neverwinternights\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |

"TCP Query User{CCFEEA84-A6BD-4798-A530-F1AB12EE9FD8}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |

"TCP Query User{E8F34037-C451-4ED9-9A24-BCFAC09BB2FD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |

"UDP Query User{0EB231E9-2292-4DFC-82BD-5B23F47A68AE}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

"UDP Query User{1343255B-BAE7-426B-9B7D-21C287A2AAD9}C:\neverwinternights\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |

"UDP Query User{272C1BF0-39A1-48E0-AF45-E021456D7315}C:\program files\internet download manager\idman.exe" = protocol=17 | dir=in | app=c:\program files\internet download manager\idman.exe |

"UDP Query User{395B1AA3-FB9B-4B90-AE6A-DE39F7D1AD08}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |

"UDP Query User{425A7398-ACA1-4E90-B367-E95368514C3A}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |

"UDP Query User{452FDB16-3ADF-4542-806D-D8A9C4068F37}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"UDP Query User{693B70AA-8552-4813-BAB4-327DF39960E7}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |

"UDP Query User{9DC3A46F-0E97-4E49-B42B-D8D8913E3042}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |

"UDP Query User{BEA1B55D-961F-41FC-85A9-928B7C4145B5}C:\neverwinternights\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5500

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04EB9823-670E-4BAF-832A-8021EED293C9}" = Acer Upgrade Kit

"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis

Link to post
Share on other sites

The files are still appearing. A pair appear after each time I switch off my laptop. Time stamps suggest they are created just as the machine is switching off. They do not appear if I have a BSOD crash or am in safe mode - found this out during the GMER crashing.

Path is simply c:\windows

Can't tell you exact names as I tend to delete them on logging in now (looking back a few posts 2 of them were : 8250362 DAT & EXE, 6300084 DAT & EXE) - they do though seem to be randomly generated numeric only names with always a DAT and a EXE variant. I scan each time with MBAM - sometimes one is flagged sometimes not.

Link to post
Share on other sites

Don't delete them this time around.

Try to get them to reappear then do the following.

I am having you do a custom scan to see what is in the Windows directory.

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom scan's and fixes section paste in the below in bold


    C:\Windows\*.dat

    C:\Windows\*.exe


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file OTL.Txt and post it with your next reply.

Link to post
Share on other sites

Okay, here's the new scan. Left the files there after a reboot and scanned with the 2 new custom entries. The 2 files 8951696.exe & 8951696.dat appear towards the end of the log.

OTL logfile created on: 23/03/2010 13:23:51 - Run 2

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Gren\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free

Paging file location(s): f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 71.84 Gb Total Space | 23.13 Gb Free Space | 32.19% Space Free | Partition Type: NTFS

Drive D: | 72.33 Gb Total Space | 37.48 Gb Free Space | 51.82% Space Free | Partition Type: NTFS

Drive E: | 2.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 4.88 Gb Total Space | 3.61 Gb Free Space | 73.94% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GG-LAPTOP

Current User Name: Gren

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Gren\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)

PRC - C:\Program Files\Tall Emu\Online Armor\oahlp.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)

PRC - C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)

PRC - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

PRC - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

PRC - C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)

PRC - C:\Program Files\Sticky Password\stpass.exe (StickyPassword.com)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe (Smith Micro Software, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Users\Gren\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Gren\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Tall Emu\Online Armor\oawatch.dll (Tall Emu)

MOD - C:\Program Files\a-squared Anti-Malware\a2handler.dll (Emsi Software GmbH)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b3

6\msvcr80.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b3

6\msvcp80.dll (Microsoft Corporation)

MOD - C:\Program Files\Sticky Password\spcapbtn.dll (StickyPassword.com)

MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dbghelp.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d

131\mfc80ENU.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll (Microsoft Corporation)

MOD - C:\Windows\System32\MSNChatHook.dll (HiTRUST Inc.)

MOD - C:\Windows\System32\sysenv.dll (HiTRUST)

MOD - C:\Windows\System32\BatchCrypto.dll ()

MOD - C:\Windows\System32\ShowErrMsg.dll ()

MOD - C:\Windows\System32\eNetHook.dll (acer)

MOD - C:\Windows\System32\CryptoAPI.dll (HiTRUST)

MOD - C:\Windows\System32\keyManager.dll (HiTRSUT)

========== Win32 Services (SafeList) ==========

SRV - (SPTISRV) -- File not found

SRV - (PACSPTISVR) -- File not found

SRV - (MSCSPTISRV) -- File not found

SRV - (gusvc) -- File not found

SRV - (SvcOnlineArmor) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

SRV - (OAcat) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)

SRV - (a2AntiMalware) -- C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)

SRV - (NasPmService) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe (Smith Micro Software, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()

SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)

========== Driver Services (SafeList) ==========

DRV - (OAnet) -- C:\Windows\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)

DRV - (OAmon) -- C:\Windows\System32\drivers\OAmon.sys (Tall Emu)

DRV - (OADevice) -- C:\Windows\System32\drivers\OADriver.sys (Tall Emu)

DRV - (KeyScrambler) -- C:\Windows\System32\drivers\keyscrambler.sys (QFX Software Corporation)

DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SymAFR) -- C:\Windows\System32\drivers\SymAFR.sys (Windows ® Codename Longhorn DDK provider)

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)

DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)

DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)

DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\Windows\System32\drivers\se44unic.sys (MCCI)

DRV - (se44obex) -- C:\Windows\System32\drivers\se44obex.sys (MCCI)

DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\Windows\System32\drivers\se44nd5.sys (MCCI)

DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\se44mgmt.sys (MCCI)

DRV - (se44mdm) -- C:\Windows\System32\drivers\se44mdm.sys (MCCI)

DRV - (se44mdfl) -- C:\Windows\System32\drivers\se44mdfl.sys (MCCI)

DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\Windows\System32\drivers\se44bus.sys (MCCI)

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\Windows\System32\drivers\lv321av.sys (Logitech Inc.)

DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)

DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)

DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)

DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (UIUSys) -- C:\Windows\System32\drivers\UIUSYS.SYS (Conexant Systems, Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8

FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57

FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76

FF - prefs.js..extensions.enabledItems: {54affe52-8223-453b-be1e-2fe2e250045c}:2.0.38

FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.1

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.5

FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.3.10.01.23

FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 13:20:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 13:20:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/05/19 20:12:54 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Extensions

[2010/03/23 10:37:45 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions

[2009/08/02 13:18:37 | 000,000,000 | ---D | M] (Azerty III) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}

[2010/01/27 18:56:37 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}

[2008/09/27 12:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

[2009/07/15 06:24:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/14 15:30:44 | 000,000,000 | ---D | M] (Finjan Secure Browsing) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{27a03cf3-856f-46b8-91cb-7289f58c7e6e}(206)

[2010/03/21 18:37:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/02/28 17:31:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(207)

[2008/10/16 16:51:42 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}

[2009/06/04 06:21:49 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/03/23 10:33:43 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}

[2008/09/27 12:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}

[2010/02/23 17:34:32 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(208)

[2009/08/14 09:45:14 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}

[2009/07/10 17:01:35 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}

[2010/01/09 10:21:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/01/12 18:59:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2008/03/01 19:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(271)

[2010/03/21 18:37:33 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2008/10/25 08:49:07 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

[2008/09/27 12:05:49 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\gmailthis@lazyrussian.com

[2010/03/23 10:37:27 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\keyscrambler@qfx.software.corporation

[2010/03/14 19:18:55 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\noia2_option@kk.noia

[2009/03/29 11:16:23 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\smartbookmarksbar@remy.juteau

[2010/01/16 20:55:56 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com

[2008/03/03 19:22:34 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch-1.xml

[2008/03/05 07:56:23 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch-2.xml

[2008/03/01 12:42:39 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch.xml

[2010/01/05 21:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/01 13:17:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/07/01 13:17:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/07/01 13:17:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/07/01 13:17:04 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/10/21 10:55:39 | 000,193,326 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 babe.the-killer.bz

O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz

O1 - Hosts: 127.0.0.1 babe.k-lined.com

O1 - Hosts: 127.0.0.1 www.babe.k-lined.com

O1 - Hosts: 127.0.0.1 did.i-used.cc

O1 - Hosts: 127.0.0.1 www.did.i-used.cc

O1 - Hosts: 127.0.0.1 coolwwwsearch.com

O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com

O1 - Hosts: 127.0.0.1 coolwebsearch.com

O1 - Hosts: 127.0.0.1 www.coolwebsearch.com

O1 - Hosts: 127.0.0.1 hi.studioaperto.net

O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net

O1 - Hosts: 127.0.0.1 wazzupnet.com

O1 - Hosts: 127.0.0.1 www.wazzupnet.com

O1 - Hosts: 127.0.0.1 gueb.com

O1 - Hosts: 127.0.0.1 www.gueb.com

O1 - Hosts: 127.0.0.1 kabex.com

O1 - Hosts: 127.0.0.1 www.kabex.com

O1 - Hosts: 127.0.0.1 hityou.com

O1 - Hosts: 127.0.0.1 www.hityou.com

O1 - Hosts: 127.0.0.1 miosearch.com

O1 - Hosts: 127.0.0.1 www.miosearch.com

O1 - Hosts: 127.0.0.1 blue-elefant.com

O1 - Hosts: 6848 more lines...

O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll File not found

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\OAui.exe (Tall Emu)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [\\LS-CHL964\lp] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series (Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [stickyPassword] C:\Program Files\Sticky Password\stpass.exe (StickyPassword.com)

O4 - Startup: C:\Users\Gren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

O4 - Startup: C:\Users\Gren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1238.0601.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1238.0601.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: D:\Pictures\01356_crepuscule_1280x800.jpg

O24 - Desktop BackupWallPaper: D:\Pictures\01356_crepuscule_1280x800.jpg

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007/09/18 23:21:52 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]

O32 - AutoRun File - [2007/09/17 18:48:04 | 000,263,744 | R--- | M] (Firaxis Games) - E:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007/09/20 02:18:35 | 000,006,276 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/23 10:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla Firefox

[2010/03/23 07:43:22 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Gren\Desktop\OTL.exe

[2010/03/16 19:38:53 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys

[2010/03/16 18:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/03/14 19:05:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/03/14 19:05:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010/03/14 17:37:47 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/03/14 17:37:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/03/14 17:37:10 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/03/14 17:37:09 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/03/14 17:37:03 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/03/14 17:37:03 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/03/14 17:37:02 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/03/14 17:37:02 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/03/14 17:37:02 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/03/14 17:37:02 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/03/14 17:37:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/03/14 17:37:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/03/14 17:37:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/03/14 17:36:50 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010/03/14 17:36:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2010/03/14 17:36:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2010/03/14 17:36:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2010/03/14 17:36:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2010/03/14 17:03:06 | 000,000,000 | ---D | C] -- C:\Users\Gren\Pavark

[2007/04/07 17:27:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/03/23 13:25:43 | 000,707,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/03/23 13:25:43 | 000,611,610 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/03/23 13:25:43 | 000,110,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/03/23 13:21:44 | 000,035,166 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\nvModes.dat

[2010/03/23 13:21:43 | 000,035,166 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\nvModes.001

[2010/03/23 13:21:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/23 13:21:02 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/23 13:21:02 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/23 13:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/23 13:20:51 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/23 13:20:48 | 002,058,524 | ---- | M] () -- C:\Windows\System32\oodbs.lor

[2010/03/23 13:19:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/03/23 13:19:28 | 005,767,168 | -HS- | M] () -- C:\Users\Gren\ntuser.dat

[2010/03/23 13:19:28 | 000,524,288 | -HS- | M] () -- C:\Users\Gren\ntuser.dat{230c4149-f1a6-11de-8466-e6af621d9156}.TMContainer00000000000000000001.regtrans-ms

[2010/03/23 13:19:28 | 000,065,536 | -HS- | M] () -- C:\Users\Gren\ntuser.dat{230c4149-f1a6-11de-8466-e6af621d9156}.TM.blf

[2010/03/23 13:19:16 | 000,007,680 | ---- | M] () -- C:\Windows\8951696.exe

[2010/03/23 13:19:16 | 000,000,004 | ---- | M] () -- C:\Windows\8951696.dat

[2010/03/23 13:19:00 | 001,744,350 | -H-- | M] () -- C:\Users\Gren\AppData\Local\IconCache.db

[2010/03/23 13:18:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

[2010/03/23 09:16:30 | 000,293,376 | ---- | M] () -- C:\Users\Gren\Desktop\fd6ybovo.exe

[2010/03/23 07:44:30 | 000,014,872 | ---- | M] () -- D:\Documents\Rootkit Removal.docx

[2010/03/19 18:31:14 | 000,018,897 | ---- | M] () -- D:\Documents\HG Chars.xlsx

[2010/03/19 16:44:01 | 000,012,354 | ---- | M] () -- D:\Documents\Rogue.docx

[2010/03/19 07:50:55 | 000,040,675 | ---- | M] () -- D:\Documents\Item List.xlsx

[2010/03/18 15:41:17 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Gren\Desktop\OTL.exe

[2010/03/15 19:27:43 | 000,125,579 | ---- | M] () -- D:\Documents\MBAM.png

[2010/03/14 19:27:51 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat

[2010/03/14 19:17:52 | 000,120,632 | ---- | M] () -- C:\Users\Gren\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/03/14 19:13:09 | 000,428,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/03/11 19:18:54 | 000,011,308 | ---- | M] () -- D:\Documents\Wizzy.docx

[2010/03/10 21:52:05 | 000,020,633 | ---- | M] () -- D:\Documents\BUR Subraces.xlsx

[2010/03/09 15:21:39 | 000,012,739 | ---- | M] () -- D:\Documents\Dualing Ranger.docx

[2010/03/08 20:35:02 | 000,013,288 | ---- | M] () -- D:\Documents\Bane Knight.docx

[2010/03/04 07:51:15 | 000,011,894 | ---- | M] () -- D:\Documents\dex damage assassin.docx

[2010/03/01 21:09:39 | 000,274,887 | ---- | M] () -- D:\Documents\Civ IV Basic Strategy Guide-4.1.pdf

========== Files Created - No Company Name ==========

[2010/03/23 13:19:16 | 000,007,680 | ---- | C] () -- C:\Windows\8951696.exe

[2010/03/23 13:19:16 | 000,000,004 | ---- | C] () -- C:\Windows\8951696.dat

[2010/03/23 10:00:17 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/23 09:16:45 | 000,293,376 | ---- | C] () -- C:\Users\Gren\Desktop\fd6ybovo.exe

[2010/03/23 07:44:29 | 000,014,872 | ---- | C] () -- D:\Documents\Rootkit Removal.docx

[2010/03/19 07:50:55 | 000,040,675 | ---- | C] () -- D:\Documents\Item List.xlsx

[2010/03/15 19:26:57 | 000,125,579 | ---- | C] () -- D:\Documents\MBAM.png

[2010/03/14 19:27:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/03/11 18:31:09 | 000,011,308 | ---- | C] () -- D:\Documents\Wizzy.docx

[2010/03/08 20:03:30 | 000,002,713 | ---- | C] () -- D:\Documents\Microsoft Office Diagnostics.lnk

[2010/03/04 07:51:14 | 000,011,894 | ---- | C] () -- D:\Documents\dex damage assassin.docx

[2010/03/01 21:09:39 | 000,274,887 | ---- | C] () -- D:\Documents\Civ IV Basic Strategy Guide-4.1.pdf

[2009/05/18 18:06:08 | 000,000,180 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\setup.log

[2009/05/18 18:05:44 | 000,000,760 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\setup_ldm.iss

[2009/05/15 10:36:50 | 000,014,344 | ---- | C] () -- C:\Windows\UN060501.INI

[2009/05/15 10:36:50 | 000,005,434 | ---- | C] () -- C:\Windows\UN070209.INI

[2009/01/23 10:18:38 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini

[2008/07/21 18:04:51 | 000,004,984 | ---- | C] () -- C:\ProgramData\jexqjxsy.dne

[2008/04/28 19:44:25 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008/01/10 17:13:14 | 000,000,680 | ---- | C] () -- C:\Users\Gren\AppData\Local\d3d9caps.dat

[2007/09/29 16:09:33 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI

[2007/09/29 16:03:52 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll

[2007/09/29 16:02:29 | 000,005,817 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2007/09/05 11:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2007/07/20 17:31:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2007/06/28 17:50:35 | 000,244,536 | ---- | C] () -- C:\ProgramData\Svclog.log

[2007/06/23 17:50:14 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI

[2007/05/27 20:08:51 | 000,030,920 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\UserTile.png

[2007/05/08 16:42:09 | 000,077,312 | ---- | C] () -- C:\Windows\ua2.dll

[2007/04/20 15:52:26 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

[2007/04/11 19:11:11 | 000,062,976 | ---- | C] () -- C:\Users\Gren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/09 14:29:12 | 000,247,824 | ---- | C] () -- C:\Windows\System32\prgiso.dll

[2007/04/09 14:29:11 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll

[2007/04/09 14:29:11 | 000,013,840 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll

[2007/04/08 10:51:31 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2007/04/07 17:45:07 | 000,035,166 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\nvModes.001

[2007/04/07 17:37:49 | 000,035,166 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\nvModes.dat

[2007/04/07 17:29:10 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2007/04/07 17:29:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2007/04/07 17:28:43 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2007/04/07 17:27:16 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/04/07 17:24:39 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll

[2007/04/07 17:17:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/04/07 17:13:02 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL

[2007/02/06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/02/06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/02/06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/02/06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/02/06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2007/02/06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/12/25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========

< C:\Windows\*.dat >

[2010/03/23 13:19:16 | 000,000,004 | ---- | M] () -- C:\Windows\8951696.dat

[2010/03/23 13:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/23 13:19:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2007/04/20 13:57:05 | 000,000,978 | ---- | M] () -- C:\Windows\eReg.dat

[2007/05/25 18:31:41 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

< C:\Windows\*.exe >

[2010/03/23 13:19:16 | 000,007,680 | ---- | M] () -- C:\Windows\8951696.exe

[2008/01/19 07:33:01 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe

[2007/09/05 12:09:56 | 000,285,224 | ---- | M] (Broadcom Corporation.) -- C:\Windows\BtwIEProxy.exe

[2007/12/26 14:19:14 | 000,127,034 | R--- | M] (BackWeb Technologies Inc. ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe

[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2008/01/19 07:33:11 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe

[2008/01/19 07:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

[2006/11/02 09:45:13 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe

[2007/11/29 01:17:20 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Windows\KHALMNPR.Exe

[2008/01/19 07:33:18 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe

[2008/01/19 07:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\regedit.exe

[2008/03/11 17:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2008/02/13 14:59:22 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE

[2007/11/07 17:31:38 | 001,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe

[2007/11/20 18:15:58 | 001,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe

[2006/11/02 12:34:41 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_16.exe

[2006/11/02 12:34:41 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe

[2009/05/15 10:36:50 | 000,173,360 | ---- | M] (BUFFALO INC.) -- C:\Windows\UN060501.EXE

[2009/05/15 10:36:50 | 000,173,360 | ---- | M] (BUFFALO INC.) -- C:\Windows\UN070209.EXE

[2007/08/08 19:02:00 | 000,235,008 | ---- | M] (COMODO) -- C:\Windows\UNBOC.EXE

[2006/11/18 07:56:54 | 000,159,744 | ---- | M] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE

[2006/09/18 21:43:37 | 000,256,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhelp.exe

[2006/11/02 09:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:EFC3A3C4

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4B7BEAFF

< End of report >

Link to post
Share on other sites

Please submit the following files to one of these online file scanners.

(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\8951696.exe

C:\Windows\8951696.dat

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.

Link to post
Share on other sites

VirusTotal Scan results (VirusTotal claimed to have seen the files before but gave me saved results from files with similar but different names - maybe similar files?. The log below is from a re-analysis) :

File 8951696.exe received on 2010.03.23 17:16:42 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/40 (0%)

Loading server information...

Your file is queued in position: 2.

Estimated start time is between 49 and 70 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Compact

Print results Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.03.23 -

AhnLab-V3 5.0.0.2 2010.03.23 -

AntiVir 8.2.1.196 2010.03.23 -

Antiy-AVL 2.0.3.7 2010.03.23 -

Authentium 5.2.0.5 2010.03.23 -

Avast 4.8.1351.0 2010.03.23 -

Avast5 5.0.332.0 2010.03.23 -

AVG 9.0.0.787 2010.03.23 -

BitDefender 7.2 2010.03.23 -

CAT-QuickHeal 10.00 2010.03.23 -

ClamAV 0.96.0.0-git 2010.03.23 -

Comodo 4358 2010.03.23 -

DrWeb 5.0.1.12222 2010.03.23 -

eTrust-Vet 35.2.7383 2010.03.23 -

F-Prot 4.5.1.85 2010.03.23 -

F-Secure 9.0.15370.0 2010.03.23 -

Fortinet 4.0.14.0 2010.03.22 -

GData 19 2010.03.23 -

Ikarus T3.1.1.80.0 2010.03.23 -

Jiangmin 13.0.900 2010.03.23 -

K7AntiVirus 7.10.1004 2010.03.22 -

Kaspersky 7.0.0.125 2010.03.23 -

McAfee 5929 2010.03.23 -

McAfee+Artemis 5929 2010.03.23 -

McAfee-GW-Edition 6.8.5 2010.03.23 -

Microsoft 1.5605 2010.03.23 -

NOD32 4969 2010.03.23 -

Norman 6.04.10 2010.03.23 -

nProtect 2009.1.8.0 2010.03.23 -

Panda 10.0.2.2 2010.03.23 -

PCTools 7.0.3.5 2010.03.23 -

Rising 22.40.01.04 2010.03.23 -

Sophos 4.51.0 2010.03.23 -

Sunbelt 6031 2010.03.22 -

Symantec 20091.2.0.41 2010.03.23 -

TheHacker 6.5.2.0.242 2010.03.23 -

TrendMicro 9.120.0.1004 2010.03.23 -

VBA32 3.12.12.2 2010.03.23 -

ViRobot 2010.3.23.2240 2010.03.23 -

VirusBuster 5.0.27.0 2010.03.23 -

Additional information

File size: 7680 bytes

MD5...: 67dd28a66550ac5a6f697bad7c314755

SHA1..: 33708264c117f9b932d3f82e053fec7ee0d7c553

SHA256: 26c2a4222fc46a22bfb26e63ba161a179e59c0fe398637e01eaa0b3d52b43d1a

ssdeep: 96:gzViI8lGg167AyCoemwlwifq+sKS3ZtoA9j8qaz0SKbRBJQPrq7SFU:kQlGx1

fKq+0PGAVQPQ

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x2071

timedatestamp.....: 0x4a8bda67 (Wed Aug 19 10:56:39 2009)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x157e 0x1600 5.84 3ce3690672f46b9b8681846d1caad225

.data 0x3000 0x10fb0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.reloc 0x14000 0x220 0x400 2.66 6691c6064d815f8c2653fd27acbf478e

( 1 imports )

> ntdll.dll: RtlAllocateHeap, NtCurrentTeb, RtlFreeHeap, RtlInitUnicodeString, RtlCopyUnicodeString, RtlWriteRegistryValue, memcpy, RtlCompareUnicodeString, RtlQueryRegistryValues, memset, ZwMapViewOfSection, ZwClose, ZwCreateSection, ZwOpenFile, NtDisplayString, swprintf, ZwSetInformationFile, ZwWriteFile, NtWaitForSingleObject, ZwReadFile, ZwCreateFile, ZwUnmapViewOfSection, NtDelayExecution, RtlAnsiStringToUnicodeString, RtlInitAnsiString, NtTerminateProcess, DbgBreakPoint, RtlUnicodeStringToAnsiString, RtlNormalizeProcessParams, RtlAssert

( 0 exports )

RDS...: NSRL Reference Data Set

-

trid..: Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

pdfid.: -

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

File 8951696.dat received on 2010.03.23 17:19:35 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/41 (0%)

Loading server information...

Your file is queued in position: 4.

Estimated start time is between 63 and 90 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Compact

Print results Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.03.23 -

AhnLab-V3 5.0.0.2 2010.03.23 -

AntiVir 8.2.1.196 2010.03.23 -

Antiy-AVL 2.0.3.7 2010.03.23 -

Authentium 5.2.0.5 2010.03.23 -

Avast 4.8.1351.0 2010.03.23 -

Avast5 5.0.332.0 2010.03.23 -

AVG 9.0.0.787 2010.03.23 -

BitDefender 7.2 2010.03.23 -

CAT-QuickHeal 10.00 2010.03.23 -

ClamAV 0.96.0.0-git 2010.03.23 -

Comodo 4358 2010.03.23 -

DrWeb 5.0.1.12222 2010.03.23 -

eSafe 7.0.17.0 2010.03.23 -

eTrust-Vet 35.2.7383 2010.03.23 -

F-Prot 4.5.1.85 2010.03.23 -

F-Secure 9.0.15370.0 2010.03.23 -

Fortinet 4.0.14.0 2010.03.22 -

GData 19 2010.03.23 -

Ikarus T3.1.1.80.0 2010.03.23 -

Jiangmin 13.0.900 2010.03.23 -

K7AntiVirus 7.10.1004 2010.03.22 -

Kaspersky 7.0.0.125 2010.03.23 -

McAfee 5929 2010.03.23 -

McAfee+Artemis 5929 2010.03.23 -

McAfee-GW-Edition 6.8.5 2010.03.23 -

Microsoft 1.5605 2010.03.23 -

NOD32 4969 2010.03.23 -

Norman 6.04.10 2010.03.23 -

nProtect 2009.1.8.0 2010.03.23 -

Panda 10.0.2.2 2010.03.23 -

PCTools 7.0.3.5 2010.03.23 -

Prevx 3.0 2010.03.23 -

Rising 22.40.01.04 2010.03.23 -

Sophos 4.51.0 2010.03.23 -

Sunbelt 6031 2010.03.22 -

Symantec 20091.2.0.41 2010.03.23 -

TheHacker 6.5.2.0.242 2010.03.23 -

TrendMicro 9.120.0.1004 2010.03.23 -

VBA32 3.12.12.2 2010.03.23 -

ViRobot 2010.3.23.2240 2010.03.23 -

Additional information

File size: 4 bytes

MD5...: 83699a49d8884e65d9291885a6448e44

SHA1..: 0d565e626da825a7fa685cc52f7f5015abe65daf

SHA256: 8e60469fd19dc140b90f57137adedc6ac4c71f25f5a01d58a1d1ac32134b9d36

ssdeep: 3:n:n

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Unknown!

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

Link to post
Share on other sites

Jotti Scan (said the same as VirusTotal that the file had been scanned before but gave a different filename) :

otti's malware scan

Filename: 8951696.exe

Status:

Scan finished. 0 out of 20 scanners reported malware.

Scan taken on: Tue 23 Mar 2010 18:22:37 (CET) Permalink

Additional info

File size: 7680 bytes

Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit

MD5: 67dd28a66550ac5a6f697bad7c314755

SHA1: 33708264c117f9b932d3f82e053fec7ee0d7c553

Scanners

[ArcaVir]

2010-03-23 Found nothing

[F-Secure Anti-Virus]

2010-03-23 Found nothing

[A-Squared]

2010-03-23 Found nothing

[G DATA]

2010-03-23 Found nothing

[Avast! antivirus]

2010-03-23 Found nothing

[ikarus]

2010-03-23 Found nothing

[Grisoft AVG Anti-Virus]

2010-03-23 Found nothing

[Kaspersky Anti-Virus]

2010-03-23 Found nothing

[Avira AntiVir]

2010-03-23 Found nothing

[ESET NOD32]

2010-03-23 Found nothing

[softwin BitDefender]

2010-03-23 Found nothing

[Panda Antivirus]

2010-03-22 Found nothing

[ClamAV]

2010-03-23 Found nothing

[Quick Heal]

2010-03-23 Found nothing

[CPsecure]

2010-03-23 Found nothing

[sophos]

2010-03-23 Found nothing

[Dr.Web]

2010-03-23 Found nothing

[VirusBlokAda VBA32]

2010-03-22 Found nothing

[Frisk F-Prot Antivirus]

2010-03-22 Found nothing

[VirusBuster]

2010-03-23 Found nothing

otti's malware scan

Filename: 8951696.dat

Status:

Scan finished. 0 out of 20 scanners reported malware.

Scan taken on: Tue 23 Mar 2010 18:24:15 (CET) Permalink

Additional info

File size: 4 bytes

Filetype: ASCII text, with no line terminators

MD5: 83699a49d8884e65d9291885a6448e44

SHA1: 0d565e626da825a7fa685cc52f7f5015abe65daf

Scanners

[ArcaVir]

2010-03-23 Found nothing

[F-Secure Anti-Virus]

2010-03-23 Found nothing

[A-Squared]

2010-03-23 Found nothing

[G DATA]

2010-03-23 Found nothing

[Avast! antivirus]

2010-03-23 Found nothing

[ikarus]

2010-03-23 Found nothing

[Grisoft AVG Anti-Virus]

2010-03-23 Found nothing

[Kaspersky Anti-Virus]

2010-03-23 Found nothing

[Avira AntiVir]

2010-03-23 Found nothing

[ESET NOD32]

2010-03-23 Found nothing

[softwin BitDefender]

2010-03-23 Found nothing

[Panda Antivirus]

2010-03-22 Found nothing

[ClamAV]

2010-03-23 Found nothing

[Quick Heal]

2010-03-23 Found nothing

[CPsecure]

2010-03-23 Found nothing

[sophos]

2010-03-23 Found nothing

[Dr.Web]

2010-03-23 Found nothing

[VirusBlokAda VBA32]

2010-03-22 Found nothing

[Frisk F-Prot Antivirus]

2010-03-22 Found nothing

[VirusBuster]

2010-03-23 Found nothing

Link to post
Share on other sites

Download Dr.Web CureIt to the desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb_green_arrow.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    drweb_check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    drweb_move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Link to post
Share on other sites

MBAM scan however shows the exe as malware :

Malwarebytes' Anti-Malware 1.44

Database version: 3902

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

23/03/2010 17:31:50

mbam-log-2010-03-23 (17-31-50).txt

Scan type: Quick Scan

Objects scanned: 132659

Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\8951696.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Ok

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom scan's and fixes section paste in the below in bold


    C:\Windows\*.dat

    C:\Windows\*.exe


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file OTL.Txt and post it with your next reply.

Link to post
Share on other sites

OTL.txt file as requested :

OTL logfile created on: 26/03/2010 13:33:00 - Run 3

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Gren\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 51.00% Paging File free

Paging file location(s): f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 71.84 Gb Total Space | 23.42 Gb Free Space | 32.60% Space Free | Partition Type: NTFS

Drive D: | 72.33 Gb Total Space | 37.45 Gb Free Space | 51.77% Space Free | Partition Type: NTFS

Drive E: | 2.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 4.88 Gb Total Space | 3.61 Gb Free Space | 73.94% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GG-LAPTOP

Current User Name: Gren

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Gren\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\ProgramData\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)

PRC - C:\Program Files\Tall Emu\Online Armor\oahlp.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)

PRC - C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)

PRC - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

PRC - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

PRC - C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)

PRC - C:\Program Files\Sticky Password\stpass.exe (StickyPassword.com)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe (Smith Micro Software, Inc.)

PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Users\Gren\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Gren\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Tall Emu\Online Armor\oawatch.dll (Tall Emu)

MOD - C:\Program Files\a-squared Anti-Malware\a2handler.dll (Emsi Software GmbH)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b3

6\msvcr80.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b3

6\msvcp80.dll (Microsoft Corporation)

MOD - C:\Program Files\Sticky Password\spcapbtn.dll (StickyPassword.com)

MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dbghelp.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d

131\mfc80ENU.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll (Microsoft Corporation)

MOD - C:\Windows\System32\MSNChatHook.dll (HiTRUST Inc.)

MOD - C:\Windows\System32\sysenv.dll (HiTRUST)

MOD - C:\Windows\System32\BatchCrypto.dll ()

MOD - C:\Windows\System32\ShowErrMsg.dll ()

MOD - C:\Windows\System32\eNetHook.dll (acer)

MOD - C:\Windows\System32\CryptoAPI.dll (HiTRUST)

MOD - C:\Windows\System32\keyManager.dll (HiTRSUT)

========== Win32 Services (SafeList) ==========

SRV - (SPTISRV) -- File not found

SRV - (PACSPTISVR) -- File not found

SRV - (MSCSPTISRV) -- File not found

SRV - (gusvc) -- File not found

SRV - (SvcOnlineArmor) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

SRV - (OAcat) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)

SRV - (a2AntiMalware) -- C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)

SRV - (NasPmService) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe (Smith Micro Software, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()

SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)

========== Driver Services (SafeList) ==========

DRV - (OAnet) -- C:\Windows\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)

DRV - (OAmon) -- C:\Windows\System32\drivers\OAmon.sys (Tall Emu)

DRV - (OADevice) -- C:\Windows\System32\drivers\OADriver.sys (Tall Emu)

DRV - (KeyScrambler) -- C:\Windows\System32\drivers\keyscrambler.sys (QFX Software Corporation)

DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SymAFR) -- C:\Windows\System32\drivers\SymAFR.sys (Windows ® Codename Longhorn DDK provider)

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)

DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)

DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)

DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\Windows\System32\drivers\se44unic.sys (MCCI)

DRV - (se44obex) -- C:\Windows\System32\drivers\se44obex.sys (MCCI)

DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\Windows\System32\drivers\se44nd5.sys (MCCI)

DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\se44mgmt.sys (MCCI)

DRV - (se44mdm) -- C:\Windows\System32\drivers\se44mdm.sys (MCCI)

DRV - (se44mdfl) -- C:\Windows\System32\drivers\se44mdfl.sys (MCCI)

DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\Windows\System32\drivers\se44bus.sys (MCCI)

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\Windows\System32\drivers\lv321av.sys (Logitech Inc.)

DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)

DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)

DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)

DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (UIUSys) -- C:\Windows\System32\drivers\UIUSYS.SYS (Conexant Systems, Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8

FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57

FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76

FF - prefs.js..extensions.enabledItems: {54affe52-8223-453b-be1e-2fe2e250045c}:2.0.38

FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.1

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.5

FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.3.10.01.23

FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 13:20:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 13:20:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/05/19 20:12:54 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Extensions

[2010/03/25 17:32:27 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions

[2009/08/02 13:18:37 | 000,000,000 | ---D | M] (Azerty III) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}

[2010/01/27 18:56:37 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}

[2008/09/27 12:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

[2009/07/15 06:24:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/14 15:30:44 | 000,000,000 | ---D | M] (Finjan Secure Browsing) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{27a03cf3-856f-46b8-91cb-7289f58c7e6e}(206)

[2010/03/21 18:37:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/02/28 17:31:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(207)

[2008/10/16 16:51:42 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}

[2009/06/04 06:21:49 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/03/23 10:33:43 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}

[2008/09/27 12:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}

[2010/02/23 17:34:32 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(208)

[2009/08/14 09:45:14 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}

[2009/07/10 17:01:35 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}

[2010/01/09 10:21:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/01/12 18:59:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2008/03/01 19:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(271)

[2010/03/21 18:37:33 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2008/10/25 08:49:07 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

[2008/09/27 12:05:49 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\gmailthis@lazyrussian.com

[2010/03/23 10:37:27 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\keyscrambler@qfx.software.corporation

[2010/03/14 19:18:55 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\noia2_option@kk.noia

[2009/03/29 11:16:23 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\smartbookmarksbar@remy.juteau

[2010/01/16 20:55:56 | 000,000,000 | ---D | M] -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com

[2008/03/03 19:22:34 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch-1.xml

[2008/03/05 07:56:23 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch-2.xml

[2008/03/01 12:42:39 | 000,001,878 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\Mozilla\Firefox\Profiles\03qwl526.default\searchplugins\aolsearch.xml

[2010/01/05 21:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/01 13:17:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/07/01 13:17:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/07/01 13:17:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/07/01 13:17:04 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/10/21 10:55:39 | 000,193,326 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 babe.the-killer.bz

O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz

O1 - Hosts: 127.0.0.1 babe.k-lined.com

O1 - Hosts: 127.0.0.1 www.babe.k-lined.com

O1 - Hosts: 127.0.0.1 did.i-used.cc

O1 - Hosts: 127.0.0.1 www.did.i-used.cc

O1 - Hosts: 127.0.0.1 coolwwwsearch.com

O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com

O1 - Hosts: 127.0.0.1 coolwebsearch.com

O1 - Hosts: 127.0.0.1 www.coolwebsearch.com

O1 - Hosts: 127.0.0.1 hi.studioaperto.net

O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net

O1 - Hosts: 127.0.0.1 wazzupnet.com

O1 - Hosts: 127.0.0.1 www.wazzupnet.com

O1 - Hosts: 127.0.0.1 gueb.com

O1 - Hosts: 127.0.0.1 www.gueb.com

O1 - Hosts: 127.0.0.1 kabex.com

O1 - Hosts: 127.0.0.1 www.kabex.com

O1 - Hosts: 127.0.0.1 hityou.com

O1 - Hosts: 127.0.0.1 www.hityou.com

O1 - Hosts: 127.0.0.1 miosearch.com

O1 - Hosts: 127.0.0.1 www.miosearch.com

O1 - Hosts: 127.0.0.1 blue-elefant.com

O1 - Hosts: 6848 more lines...

O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll File not found

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\OAui.exe (Tall Emu)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [\\LS-CHL964\lp] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series (Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [stickyPassword] C:\Program Files\Sticky Password\stpass.exe (StickyPassword.com)

O4 - Startup: C:\Users\Gren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

O4 - Startup: C:\Users\Gren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1238.0601.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1238.0601.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: D:\Pictures\01356_crepuscule_1280x800.jpg

O24 - Desktop BackupWallPaper: D:\Pictures\01356_crepuscule_1280x800.jpg

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007/09/18 23:21:52 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]

O32 - AutoRun File - [2007/09/17 18:48:04 | 000,263,744 | R--- | M] (Firaxis Games) - E:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007/09/20 02:18:35 | 000,006,276 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/26 13:24:40 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

[2010/03/23 18:27:09 | 000,000,000 | ---D | C] -- C:\Users\Gren\DoctorWeb

[2010/03/23 10:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla Firefox

[2010/03/23 07:43:22 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Gren\Desktop\OTL.exe

[2010/03/16 19:38:53 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys

[2010/03/16 18:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/03/14 19:05:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/03/14 19:05:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010/03/14 17:37:47 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/03/14 17:37:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/03/14 17:37:10 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/03/14 17:37:09 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/03/14 17:37:03 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/03/14 17:37:03 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/03/14 17:37:02 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/03/14 17:37:02 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/03/14 17:37:02 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/03/14 17:37:02 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/03/14 17:37:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/03/14 17:37:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/03/14 17:37:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/03/14 17:36:50 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010/03/14 17:36:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2010/03/14 17:36:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2010/03/14 17:36:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2010/03/14 17:36:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2007/04/07 17:27:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/03/26 13:34:29 | 000,707,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/03/26 13:34:29 | 000,611,610 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/03/26 13:34:29 | 000,110,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/03/26 13:34:23 | 005,767,168 | -HS- | M] () -- C:\Users\Gren\ntuser.dat

[2010/03/26 13:28:16 | 000,035,166 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\nvModes.dat

[2010/03/26 13:28:15 | 000,035,166 | ---- | M] () -- C:\Users\Gren\AppData\Roaming\nvModes.001

[2010/03/26 13:27:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/26 13:27:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/26 13:27:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/26 13:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/26 13:26:46 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/26 13:26:44 | 002,064,909 | ---- | M] () -- C:\Windows\System32\oodbs.lor

[2010/03/26 13:25:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/03/26 13:24:33 | 000,524,288 | -HS- | M] () -- C:\Users\Gren\ntuser.dat{230c4149-f1a6-11de-8466-e6af621d9156}.TMContainer00000000000000000001.regtrans-ms

[2010/03/26 13:24:33 | 000,065,536 | -HS- | M] () -- C:\Users\Gren\ntuser.dat{230c4149-f1a6-11de-8466-e6af621d9156}.TM.blf

[2010/03/26 13:24:13 | 000,007,680 | ---- | M] () -- C:\Windows\76206660.exe

[2010/03/26 13:24:13 | 000,000,004 | ---- | M] () -- C:\Windows\76206660.dat

[2010/03/26 13:23:43 | 002,288,473 | -H-- | M] () -- C:\Users\Gren\AppData\Local\IconCache.db

[2010/03/26 13:23:27 | 000,018,920 | ---- | M] () -- D:\Documents\HG Chars.xlsx

[2010/03/26 13:18:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

[2010/03/26 07:11:56 | 000,111,911 | ---- | M] () -- D:\Documents\DrWebSrn2.jpg

[2010/03/26 07:11:30 | 000,107,481 | ---- | M] () -- D:\Documents\DrWebSrn.jpg

[2010/03/23 09:16:30 | 000,293,376 | ---- | M] () -- C:\Users\Gren\Desktop\fd6ybovo.exe

[2010/03/23 07:44:30 | 000,014,872 | ---- | M] () -- D:\Documents\Rootkit Removal.docx

[2010/03/19 16:44:01 | 000,012,354 | ---- | M] () -- D:\Documents\Rogue.docx

[2010/03/19 07:50:55 | 000,040,675 | ---- | M] () -- D:\Documents\Item List.xlsx

[2010/03/18 15:41:17 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Gren\Desktop\OTL.exe

[2010/03/15 19:27:43 | 000,125,579 | ---- | M] () -- D:\Documents\MBAM.png

[2010/03/14 19:27:51 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat

[2010/03/14 19:17:52 | 000,120,632 | ---- | M] () -- C:\Users\Gren\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/03/14 19:13:09 | 000,428,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/03/11 19:18:54 | 000,011,308 | ---- | M] () -- D:\Documents\Wizzy.docx

[2010/03/10 21:52:05 | 000,020,633 | ---- | M] () -- D:\Documents\BUR Subraces.xlsx

[2010/03/09 15:21:39 | 000,012,739 | ---- | M] () -- D:\Documents\Dualing Ranger.docx

[2010/03/08 20:35:02 | 000,013,288 | ---- | M] () -- D:\Documents\Bane Knight.docx

[2010/03/04 07:51:15 | 000,011,894 | ---- | M] () -- D:\Documents\dex damage assassin.docx

[2010/03/01 21:09:39 | 000,274,887 | ---- | M] () -- D:\Documents\Civ IV Basic Strategy Guide-4.1.pdf

========== Files Created - No Company Name ==========

[2010/03/26 13:24:13 | 000,007,680 | ---- | C] () -- C:\Windows\76206660.exe

[2010/03/26 13:24:13 | 000,000,004 | ---- | C] () -- C:\Windows\76206660.dat

[2010/03/26 07:11:46 | 000,111,911 | ---- | C] () -- D:\Documents\DrWebSrn2.jpg

[2010/03/26 07:11:04 | 000,107,481 | ---- | C] () -- D:\Documents\DrWebSrn.jpg

[2010/03/23 10:00:17 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/23 09:16:45 | 000,293,376 | ---- | C] () -- C:\Users\Gren\Desktop\fd6ybovo.exe

[2010/03/23 07:44:29 | 000,014,872 | ---- | C] () -- D:\Documents\Rootkit Removal.docx

[2010/03/19 07:50:55 | 000,040,675 | ---- | C] () -- D:\Documents\Item List.xlsx

[2010/03/15 19:26:57 | 000,125,579 | ---- | C] () -- D:\Documents\MBAM.png

[2010/03/14 19:27:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/03/11 18:31:09 | 000,011,308 | ---- | C] () -- D:\Documents\Wizzy.docx

[2010/03/08 20:03:30 | 000,002,713 | ---- | C] () -- D:\Documents\Microsoft Office Diagnostics.lnk

[2010/03/04 07:51:14 | 000,011,894 | ---- | C] () -- D:\Documents\dex damage assassin.docx

[2010/03/01 21:09:39 | 000,274,887 | ---- | C] () -- D:\Documents\Civ IV Basic Strategy Guide-4.1.pdf

[2009/05/18 18:06:08 | 000,000,180 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\setup.log

[2009/05/18 18:05:44 | 000,000,760 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\setup_ldm.iss

[2009/05/15 10:36:50 | 000,014,344 | ---- | C] () -- C:\Windows\UN060501.INI

[2009/05/15 10:36:50 | 000,005,434 | ---- | C] () -- C:\Windows\UN070209.INI

[2009/01/23 10:18:38 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini

[2008/07/21 18:04:51 | 000,004,984 | ---- | C] () -- C:\ProgramData\jexqjxsy.dne

[2008/04/28 19:44:25 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008/01/10 17:13:14 | 000,000,680 | ---- | C] () -- C:\Users\Gren\AppData\Local\d3d9caps.dat

[2007/09/29 16:09:33 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI

[2007/09/29 16:03:52 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll

[2007/09/29 16:02:29 | 000,005,817 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2007/09/05 11:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2007/07/20 17:31:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2007/06/28 17:50:35 | 000,244,536 | ---- | C] () -- C:\ProgramData\Svclog.log

[2007/06/23 17:50:14 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI

[2007/05/27 20:08:51 | 000,030,920 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\UserTile.png

[2007/05/08 16:42:09 | 000,077,312 | ---- | C] () -- C:\Windows\ua2.dll

[2007/04/20 15:52:26 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

[2007/04/11 19:11:11 | 000,062,976 | ---- | C] () -- C:\Users\Gren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/09 14:29:12 | 000,247,824 | ---- | C] () -- C:\Windows\System32\prgiso.dll

[2007/04/09 14:29:11 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll

[2007/04/09 14:29:11 | 000,013,840 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll

[2007/04/08 10:51:31 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2007/04/07 17:45:07 | 000,035,166 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\nvModes.001

[2007/04/07 17:37:49 | 000,035,166 | ---- | C] () -- C:\Users\Gren\AppData\Roaming\nvModes.dat

[2007/04/07 17:29:10 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2007/04/07 17:29:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2007/04/07 17:28:43 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2007/04/07 17:27:16 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/04/07 17:24:39 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll

[2007/04/07 17:17:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/04/07 17:13:02 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL

[2007/02/06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/02/06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/02/06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/02/06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/02/06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2007/02/06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/12/25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========

< C:\Windows\*.dat >

[2010/03/26 13:24:13 | 000,000,004 | ---- | M] () -- C:\Windows\76206660.dat

[2010/03/26 13:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/26 13:25:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2007/04/20 13:57:05 | 000,000,978 | ---- | M] () -- C:\Windows\eReg.dat

[2007/05/25 18:31:41 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

< C:\Windows\*.exe >

[2010/03/26 13:24:13 | 000,007,680 | ---- | M] () -- C:\Windows\76206660.exe

[2008/01/19 07:33:01 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe

[2007/09/05 12:09:56 | 000,285,224 | ---- | M] (Broadcom Corporation.) -- C:\Windows\BtwIEProxy.exe

[2007/12/26 14:19:14 | 000,127,034 | R--- | M] (BackWeb Technologies Inc. ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe

[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2008/01/19 07:33:11 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe

[2008/01/19 07:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

[2006/11/02 09:45:13 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe

[2007/11/29 01:17:20 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Windows\KHALMNPR.Exe

[2008/01/19 07:33:18 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe

[2008/01/19 07:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\regedit.exe

[2008/03/11 17:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2008/02/13 14:59:22 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE

[2007/11/07 17:31:38 | 001,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe

[2007/11/20 18:15:58 | 001,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe

[2006/11/02 12:34:41 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_16.exe

[2006/11/02 12:34:41 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe

[2009/05/15 10:36:50 | 000,173,360 | ---- | M] (BUFFALO INC.) -- C:\Windows\UN060501.EXE

[2009/05/15 10:36:50 | 000,173,360 | ---- | M] (BUFFALO INC.) -- C:\Windows\UN070209.EXE

[2007/08/08 19:02:00 | 000,235,008 | ---- | M] (COMODO) -- C:\Windows\UNBOC.EXE

[2006/11/18 07:56:54 | 000,159,744 | ---- | M] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE

[2006/09/18 21:43:37 | 000,256,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhelp.exe

[2006/11/02 09:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:EFC3A3C4

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4B7BEAFF

< End of report >

Link to post
Share on other sites

I would like for you to submit those files for me to take a peek at.

Navigate to these locations and upload the following files.

C:\Windows\76206660.exe

C:\Windows\76206660.dat

Click Here to upload the files please.

====================

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/03/26 13:24:13 | 000,007,680 | ---- | M] () -- C:\Windows\76206660.exe
    [2010/03/26 13:24:13 | 000,000,004 | ---- | M] () -- C:\Windows\76206660.dat

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

=======================

Please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

OTL Log below as requested.

Just a couple of pieces of info first :

After changing the 'custon scan/fixes' entries you gave me to reflect the new file names/dates etc I ran OTL. As I still had all my security (Online Armor and A-Squared) up the process hung but not before OA blocked a new Autorun request from a new exe in the windows directory which had just appeared as the files were being killed - seems this is how it works, a new file is created that autoruns each reboot. Unfortunately OTL hung so had to run it with all security turned off. The next try without security up though does seem to have worked with no numerically titled file sin the Windows directory after the logon.

All processes killed

========== OTL ==========

C:\Windows\1113035.exe moved successfully.

C:\Windows\29515389.exe moved successfully.

C:\Windows\3132468.exe moved successfully.

C:\Windows\1113035.dat moved successfully.

C:\Windows\29515389.dat moved successfully.

C:\Windows\3132468.dat moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 53409 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Gren

->Temp folder emptied: 335367 bytes

->Temporary Internet Files folder emptied: 5954185 bytes

->Java cache emptied: 1011192 bytes

->FireFox cache emptied: 34447868 bytes

->Flash cache emptied: 1062 bytes

User: Gren2

->Temp folder emptied: 797488 bytes

->Temporary Internet Files folder emptied: 1023219 bytes

->Flash cache emptied: 1089 bytes

User: Greta

->Temp folder emptied: 319526 bytes

->Temporary Internet Files folder emptied: 49272089 bytes

->FireFox cache emptied: 11016297 bytes

->Flash cache emptied: 1961768 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 565712 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 49632 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 11403055 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 113.00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 03282010_115600

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Rebooted 5 times with no files appearing. MBAM clean (see below) and ESET scan also came back negative. Assume you meant the free online one?

Am hoping that all is clear now. Thnaks very much for all your time and help. Did you get time to look at the files I uploaded? Just interested to find out what it was and was trying to do.

Malwarebytes' Anti-Malware 1.44

Database version: 3923

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

28/03/2010 16:58:33

mbam-log-2010-03-28 (16-58-33).txt

Scan type: Quick Scan

Objects scanned: 133270

Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=019fdb6a3e9f334a9afd0da85c636c4d

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-03-28 06:14:15

# local_time=2010-03-28 07:14:15 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=256 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 100 14328206 107325007 0 0

# compatibility_mode=6401 16777213 66 100 0 8398085 0 0

# compatibility_mode=8192 67108863 100 0 317 317 0 0

# compatibility_mode=9730 16764925 100 100 4083 71030967 0 0

# scanned=351603

# found=0

# cleaned=0

# scan_time=7776

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.