WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

winhelp.exe detected as trojan horse by resident shield from avg

Started by jirvin_4505 , Aug 16 2010 09:25 PM

This topic is locked

36 replies to this topic

#1 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 16 August 2010 - 09:25 PM

C:\Users\jeff\AppData\Local\Windows\winhelp.exe
detected as trojan horse by resident shield from avg
computer running slow

Unable to remove file with AVG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:16:19 PM, on 17/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\jeff\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\jeff\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_5735
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...p;m=aspire_5735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_5735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...p;m=aspire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: winhelp.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 14967 bytes

Advertisements

Register to Remove

#2 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 17 August 2010 - 11:44 AM

Hi,

My name is NoodleTech. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

As I'm still in training at What The Tech, all my posts needs to be checked by an expert first. This may cause a delay, but I will do my best to keep it as short as possible.

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#3 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 17 August 2010 - 02:14 PM

Let's get started. Please follow the directions below.

SPYBOT TEATIMER

Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click on Tools, then click on the Resident Icon in the list.
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
Click on the "System Startup" icon in the List
Uncheck the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done and reboot your computer.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.)

Download OTL to your desktop.
Right click the icon, then click "Run as administrator" to run the program. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.

NEXT

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Right click the exe file and click "Run as administrator."
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#4 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 17 August 2010 - 04:01 PM

Thankyou for helping me NoodleTech. re spybot tea timer I understand the unchecking. Did you want me to run spybot? thenks jefff

#5 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 17 August 2010 - 04:11 PM

No problem jirvin_4505

No there is no need to run Spybot. The reason I had you disable it was because Spybot can interfere with the tools we use. Please run OTL and GMER and post the logs.

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#6 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 17 August 2010 - 04:33 PM

When i select system starup in Spybot I get a list of files in the RHS which one is TeaTimer? from spybot window..... --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-07-19 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2010-06-29 Includes\Adware.sbi 2010-07-27 Includes\AdwareC.sbi 2010-01-25 Includes\Cookies.sbi 2009-11-03 Includes\Dialer.sbi 2010-07-27 Includes\DialerC.sbi 2010-01-25 Includes\HeavyDuty.sbi 2009-05-27 Includes\Hijackers.sbi 2010-07-27 Includes\HijackersC.sbi 2010-06-29 Includes\iPhone.sbi 2010-08-02 Includes\Keyloggers.sbi 2010-08-02 Includes\KeyloggersC.sbi 2004-11-29 Includes\LSP.sbi 2010-06-01 Includes\Malware.sbi 2010-08-10 Includes\MalwareC.sbi 2010-05-18 Includes\PUPS.sbi 2010-07-20 Includes\PUPSC.sbi 2010-01-25 Includes\Revision.sbi 2009-01-13 Includes\Security.sbi 2010-07-27 Includes\SecurityC.sbi 2008-06-03 Includes\Spybots.sbi 2008-06-03 Includes\SpybotsC.sbi 2010-06-29 Includes\Spyware.sbi 2010-07-27 Includes\SpywareC.sbi 2010-03-08 Includes\Tracks.uti 2010-08-04 Includes\Trojans.sbi 2010-07-28 Includes\TrojansC-02.sbi 2010-07-28 Includes\TrojansC-03.sbi 2010-07-28 Includes\TrojansC-04.sbi 2010-08-10 Includes\TrojansC-05.sbi 2010-08-06 Includes\TrojansC.sbi 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll Located: HK_LM:Run, Adobe Reader Speed Launcher command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe size: 39792 MD5: 392845E8D49B5F0E81AAC4D795000A8C Located: HK_LM:Run, ArcadeDeluxeAgent command: "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" file: C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe size: 147456 MD5: 6650569A682D8E4F98D774D8B1D9C70F Located: HK_LM:Run, AVG9_TRAY command: C:\PROGRA~1\AVG\AVG9\avgtray.exe file: C:\PROGRA~1\AVG\AVG9\avgtray.exe size: 2065760 MD5: E9B04FD2921ACE22CA17FA7D5131F491 Located: HK_LM:Run, Bing Bar command: "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" file: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe size: 243544 MD5: 8CE40F2502848AC95354A46107B792A2 Located: HK_LM:Run, BkupTray command: "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" file: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe size: 34040 MD5: 6882D187F65ECA79110848A68FDEB2BF Located: HK_LM:Run, CLMLServer command: "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" file: C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe size: 167936 MD5: 7C5927B256B7CC04540B56AA3FDCCE36 Located: HK_LM:Run, eDataSecurity Loader command: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe file: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe size: 526896 MD5: A9E634BBEDC2B41162767ED7F7DD9646 Located: HK_LM:Run, ePower_DMC command: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe file: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe size: 409600 MD5: A580E4309E636A93B89E89712FF0959D Located: HK_LM:Run, eRecoveryService command: file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, Google Desktop Search command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe size: 30192 MD5: 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F Located: HK_LM:Run, HotKeysCmds command: C:\Windows\system32\hkcmd.exe file: C:\Windows\system32\hkcmd.exe size: 170520 MD5: 2DEF9EEA8F37FB2770359DA35C609142 Located: HK_LM:Run, IgfxTray command: C:\Windows\system32\igfxtray.exe file: C:\Windows\system32\igfxtray.exe size: 150040 MD5: F6474B8FC4744A7E467370C3B66EF9FC Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 141608 MD5: 869A67EE7C237DD9F9104854CAE0A9CD Located: HK_LM:Run, LManager command: C:\PROGRA~1\LAUNCH~1\LManager.exe file: C:\PROGRA~1\LAUNCH~1\LManager.exe size: 809480 MD5: 2B8EDA2A4D0358A4DC52039676A2D5E5 Located: HK_LM:Run, Microsoft Default Manager command: "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume file: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe size: 288088 MD5: 9ED4F1D990A3D16112155EA2D50E7975 Located: HK_LM:Run, My Web Search Bar Search Scope Monitor command: "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h file: C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe size: 24688 MD5: 12D29863ADBFC002386B63CDD9BB0FB9 Located: HK_LM:Run, MyWebSearch Email Plugin command: C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe file: C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe size: 32838 MD5: 9ABBE6F791C0B599A7128C9ACA27C094 Located: HK_LM:Run, Persistence command: C:\Windows\system32\igfxpers.exe file: C:\Windows\system32\igfxpers.exe size: 145944 MD5: 5EA38E789957EF8386C8458438BFF90B Located: HK_LM:Run, PlayMovie command: "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" file: C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe size: 167936 MD5: 9E83742461CFFF48E2885E68B4519CB2 Located: HK_LM:Run, PLFSetI command: C:\Windows\PLFSetI.exe file: C:\Windows\PLFSetI.exe size: 200704 MD5: 2AC7F8B8BF0D5D327A3A2A00453222C4 Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime file: C:\Program Files\QuickTime\QTTask.exe size: 421888 MD5: ED7A6D40B20DC34BE06F4AE196AE7D50 Located: HK_LM:Run, RtHDVCpl command: RtHDVCpl.exe file: C:\Windows\RtHDVCpl.exe size: 6183456 MD5: 86171114D84AFBD3DFCE930E320C1BBF Located: HK_LM:Run, Skytel command: Skytel.exe file: C:\Windows\Skytel.exe size: 1826816 MD5: C8612E58FB7FCFA5EEA4E39F7B8CBC17 Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre6\bin\jusched.exe" file: C:\Program Files\Java\jre6\bin\jusched.exe size: 148888 MD5: A2D390F1F2408B94EF34BFE3A00C29D3 Located: HK_LM:Run, SynTPEnh command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe size: 1049896 MD5: 5C080C61235C74568C2978FC7E602AE0 Located: HK_LM:Run, Windows Defender command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide file: C:\Program Files\Windows Defender\MSASCui.exe size: 1008184 MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E Located: HK_LM:Run, WPCUMI command: C:\Windows\system32\WpcUmi.exe file: C:\Windows\system32\WpcUmi.exe size: 176128 MD5: C456658AF90F42BE3CDF1048F9CDB5CA Located: HK_CU:Run, Sidebar where: S-1-5-19... command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem file: C:\Program Files\Windows Sidebar\Sidebar.exe size: 1233920 MD5: 9E35FF7F943AE0FB89192BFE058B7FD4 Located: HK_CU:Run, WindowsWelcomeCenter where: S-1-5-19... command: rundll32.exe oobefldr.dll,ShowWelcomeCenter file: C:\Windows\system32\oobefldr.dll size: 2153472 MD5: 16FC5B430123238E522B18E63C257AF8 Located: HK_CU:Run, Sidebar where: S-1-5-20... command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem file: C:\Program Files\Windows Sidebar\Sidebar.exe size: 1233920 MD5: 9E35FF7F943AE0FB89192BFE058B7FD4 Located: HK_CU:Run, WindowsWelcomeCenter where: S-1-5-20... command: rundll32.exe oobefldr.dll,ShowWelcomeCenter file: C:\Windows\system32\oobefldr.dll size: 2153472 MD5: 16FC5B430123238E522B18E63C257AF8 Located: HK_CU:Run, AirVideoServer where: S-1-5-21-3661149326-868180191-1871719551-1000... command: C:\Program Files\AirVideoServer\AirVideoServer.exe file: C:\Program Files\AirVideoServer\AirVideoServer.exe size: 4818760 MD5: 115CE2DAC08D7A3D9885A8EC1283E007 Located: HK_CU:Run, ehTray.exe where: S-1-5-21-3661149326-868180191-1871719551-1000... command: C:\Windows\ehome\ehTray.exe file: C:\Windows\ehome\ehTray.exe size: 125952 MD5: BF08674925F151BD4537B89A493E3E0C Located: HK_CU:Run, swg where: S-1-5-21-3661149326-868180191-1871719551-1000... command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe size: 68856 MD5: E616A6A6E91B0A86F2F6217CDE835FFE Located: HK_CU:Run, WMPNSCFG where: S-1-5-21-3661149326-868180191-1871719551-1000... command: C:\Program Files\Windows Media Player\WMPNSCFG.exe file: C:\Program Files\Windows Media Player\WMPNSCFG.exe size: 202240 MD5: 35937EAD711207544E219C2A19A78A7D Located: Startup (common), TMMonitor.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe file: C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe size: 258048 MD5: 35551974A4AB920EB5FD0D8BABB23E25 Located: Startup (user), Logitech Touch Mouse Server.lnk where: C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe file: C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe size: 228352 MD5: A055249280A1CD89A6791E9DB5488231 Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk where: C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE size: 97680 MD5: 32C26797AB646074A2BB562F9D10ADB5 Located: WinLogon, igfxcui command: igfxdev.dll file: igfxdev.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! cheers jeff

#7 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 17 August 2010 - 04:38 PM

addit....I was up to step 4,5 ># Click on the "System Startup" icon in the List ># Uncheck the "TeaTimer" box and "OK" any prompts.

#8 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 17 August 2010 - 04:39 PM

2009-03-05 TeaTimer.exe (1.6.6.32) Can you uncheck that?

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#9 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 17 August 2010 - 04:48 PM

No I cannot uncheck this -I think it is a listing of the current build of spybot my selection box's start with... Located: HK_LM:Run, Adobe Reader Speed Launcher command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe size: 39792 MD5: 392845E8D49B5F0E81AAC4D795000A8C

#10 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 17 August 2010 - 07:52 PM

Since i couldnt find the check box for teatimer in the startup i went ahead and rebooted and have run OTL

OTL logfile created on: 18/08/2010 11:05:13 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\jeff\Downloads\virus programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 18.21 Gb Free Space | 16.32% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 12.08 Gb Free Space | 10.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 672.57 Gb Free Space | 72.20% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFF-PC
Current User Name: jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\jeff\Downloads\virus programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AirVideoServer\AirVideoServer.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
PRC - C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (MyWebSearch.com)
PRC - C:\Users\jeff\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\jeff\Downloads\virus programs\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (silabser) -- C:\Windows\System32\drivers\silabser.sys (Silicon Laboratories)
DRV - (silabenm) -- C:\Windows\System32\drivers\silabenm.sys (Silicon Laboratories, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech )
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...p;m=aspire_5735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_5735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...p;m=aspire_5735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://au.mc458.mail...ms/usercp.php?"
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.87683
FF - prefs.js..extensions.enabledItems: mp4downloader@jeff.net:1.2.11
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: statusbar@toodledo.com:1.70
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..keyword.URL: "http://www.mywebsear...kwd&searchfor="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\ [2010/01/03 22:15:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/06/20 19:29:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/04 03:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/07 12:05:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/12 08:15:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/02 15:11:59 | 000,000,000 | ---D | M]

[2010/07/08 23:47:39 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Mozilla\Extensions
[2010/07/08 23:47:39 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/17 16:25:50 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions
[2010/05/03 22:25:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/21 12:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/06/02 11:01:59 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/25 11:59:34 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/06/21 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\DefaultManager@Microsoft
[2010/05/08 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\mp4downloader@jeff.net
[2010/06/03 00:15:10 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\statusbar@toodledo.com
[2009/06/14 18:15:15 | 000,009,941 | ---- | M] () -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\searchplugins\mywebsearch.xml
[2010/03/19 13:44:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/01 19:02:38 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 12:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1b8affb9-3cea-11df-a5c3-001d72db1f3a}\Shell\AutoRun\command - "" = F:\LOPNA\AZIZ\LAX.exe -- File not found
O33 - MountPoints2\{1b8affb9-3cea-11df-a5c3-001d72db1f3a}\Shell\open\command - "" = F:\LOPNA\AZIZ\LAX.exe -- File not found
O33 - MountPoints2\{43a23dfa-8b50-11de-9570-001d72db1f3a}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O33 - MountPoints2\{ed5c5b34-bf6d-11dd-a542-001d72db1f3a}\Shell\AutoRun\command - "" = G:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 11:38:33 | 000,000,000 | ---D | C] -- C:\Users\jeff\AppData\Local\abbqencej
[2010/08/14 11:38:32 | 000,000,000 | ---D | C] -- C:\Users\jeff\AppData\Local\Windows
[2010/08/14 11:38:15 | 000,000,000 | ---D | C] -- C:\Users\jeff\AppData\Local\Windows Server
[2010/08/11 20:03:31 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 20:03:07 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 20:03:07 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/08/11 20:03:06 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/08/11 20:02:54 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 20:02:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 20:02:31 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 20:02:31 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/11 11:49:29 | 000,000,000 | ---D | C] -- C:\Users\jeff\AppData\Roaming\TuneUpMedia
[2010/08/10 08:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/05 00:16:31 | 000,000,000 | ---D | C] -- C:\Users\jeff\Documents\CloneSpy
[2010/08/05 00:16:31 | 000,000,000 | ---D | C] -- C:\Users\jeff\AppData\Roaming\CloneSpy
[2010/08/05 00:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\CloneSpy
[2010/08/04 13:54:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/08/04 12:38:32 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/04 12:38:23 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/04 12:38:09 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/04 12:38:03 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/04 12:38:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/04 12:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/04 12:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/03 12:40:34 | 000,000,000 | ---D | C] -- C:\Users\jeff\AppData\Local\AirVideoServer
[2010/08/03 12:40:28 | 000,000,000 | -H-D | C] -- C:\jexepackres
[2010/08/03 12:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\AirVideoServer
[2010/07/20 19:05:23 | 000,000,000 | ---D | C] -- C:\Users\jeff\Documents\work
[2009/01/04 09:44:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jeff\AppData\Roaming\pcouffin.sys
[2008/10/11 11:37:32 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/08/18 11:08:01 | 002,621,440 | -HS- | M] () -- C:\Users\jeff\ntuser.dat
[2010/08/18 10:51:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/18 10:41:36 | 000,000,000 | ---- | M] () -- C:\Users\jeff\AppData\Local\prvlcl.dat
[2010/08/18 10:40:49 | 000,000,897 | ---- | M] () -- C:\Users\jeff\Desktop\virus cleaning - Shortcut.lnk
[2010/08/18 10:40:35 | 000,000,938 | ---- | M] () -- C:\Users\jeff\Desktop\OTL - Shortcut.lnk
[2010/08/18 10:40:12 | 000,000,800 | ---- | M] () -- C:\Users\jeff\Desktop\pp7lxc2u - Shortcut.lnk
[2010/08/18 10:39:52 | 000,051,200 | ---- | M] () -- C:\Users\jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 10:30:03 | 000,005,972 | ---- | M] () -- C:\Users\jeff\AppData\Local\d3d9caps.dat
[2010/08/18 10:29:59 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/18 10:29:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/08/18 10:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 10:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 10:29:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/18 10:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/18 10:29:19 | 2072,891,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/18 10:27:21 | 000,524,288 | -HS- | M] () -- C:\Users\jeff\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/18 10:27:21 | 000,065,536 | -HS- | M] () -- C:\Users\jeff\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/18 10:26:41 | 004,181,260 | -H-- | M] () -- C:\Users\jeff\AppData\Local\IconCache.db
[2010/08/18 08:16:05 | 063,551,383 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/17 13:02:27 | 000,000,810 | ---- | M] () -- C:\Users\jeff\Desktop\HiJackThis - Shortcut.lnk
[2010/08/16 11:45:54 | 000,517,325 | ---- | M] () -- C:\Users\jeff\Documents\three bill cancellation aug 2010.pdf
[2010/08/12 08:18:30 | 000,297,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 13:52:05 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/08/11 12:35:36 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/08/10 08:02:29 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/05 10:02:55 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/05 10:02:55 | 000,596,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/05 10:02:55 | 000,102,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/05 07:59:05 | 000,000,271 | ---- | M] () -- C:\Users\jeff\Desktop\wep icecream.rtf
[2010/08/05 00:16:21 | 000,000,808 | ---- | M] () -- C:\Users\jeff\Desktop\CloneSpy.lnk
[2010/08/04 12:38:36 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/04 12:38:36 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/04 12:38:30 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/04 12:38:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/04 12:38:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/04 12:38:03 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/04 08:35:30 | 000,071,280 | ---- | M] () -- C:\Users\jeff\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/03 12:39:52 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\Air Video Server.lnk

========== Files Created - No Company Name ==========

[2010/08/18 10:40:49 | 000,000,897 | ---- | C] () -- C:\Users\jeff\Desktop\virus cleaning - Shortcut.lnk
[2010/08/18 10:40:35 | 000,000,938 | ---- | C] () -- C:\Users\jeff\Desktop\OTL - Shortcut.lnk
[2010/08/18 10:40:12 | 000,000,800 | ---- | C] () -- C:\Users\jeff\Desktop\pp7lxc2u - Shortcut.lnk
[2010/08/17 13:02:27 | 000,000,810 | ---- | C] () -- C:\Users\jeff\Desktop\HiJackThis - Shortcut.lnk
[2010/08/16 11:45:54 | 000,517,325 | ---- | C] () -- C:\Users\jeff\Documents\three bill cancellation aug 2010.pdf
[2010/08/11 12:35:36 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2010/08/10 08:02:29 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/09 14:13:53 | 000,000,000 | ---- | C] () -- C:\Users\jeff\AppData\Local\prvlcl.dat
[2010/08/05 00:16:21 | 000,000,808 | ---- | C] () -- C:\Users\jeff\Desktop\CloneSpy.lnk
[2010/08/04 12:38:36 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/04 12:38:02 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/04 12:38:01 | 063,551,383 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/03 12:39:52 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\Air Video Server.lnk
[2010/06/02 11:15:57 | 000,000,036 | ---- | C] () -- C:\Users\jeff\AppData\Local\housecall.guid.cache
[2010/04/15 00:36:13 | 166,241,740 | -H-- | C] () -- C:\Users\jeff\AppData\Roaming\Fine_Woodworking_2009.exe
[2009/09/24 12:52:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/06 17:09:30 | 000,023,888 | ---- | C] () -- C:\Users\jeff\AppData\Roaming\UserTile.png
[2009/02/01 16:53:06 | 000,005,100 | ---- | C] () -- C:\Users\jeff\AppData\Roaming\wklnhst.dat
[2009/01/04 09:45:34 | 000,000,034 | ---- | C] () -- C:\Users\jeff\AppData\Roaming\pcouffin.log
[2009/01/04 09:44:30 | 000,087,608 | ---- | C] () -- C:\Users\jeff\AppData\Roaming\inst.exe
[2009/01/04 09:44:30 | 000,007,887 | ---- | C] () -- C:\Users\jeff\AppData\Roaming\pcouffin.cat
[2009/01/04 09:44:30 | 000,001,144 | ---- | C] () -- C:\Users\jeff\AppData\Roaming\pcouffin.inf
[2008/12/14 23:36:49 | 000,005,972 | ---- | C] () -- C:\Users\jeff\AppData\Local\d3d9caps.dat
[2008/12/14 08:29:00 | 000,000,116 | ---- | C] () -- C:\Windows\Pam.ini
[2008/11/23 04:13:20 | 000,051,200 | ---- | C] () -- C:\Users\jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 11:22:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/10/11 10:55:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/10/11 10:53:35 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/10/11 10:53:35 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/10/11 10:52:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/04/30 19:56:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/30 19:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/30 19:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 18:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 18:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 18:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 18:09:01 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/27 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/08/29 18:16:58 | 000,452,096 | ---- | C] () -- C:\Windows\System32\hidcrtp.dll
[2001/07/31 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/07/12 13:40:28 | 000,000,000 | -HSD | M] -- C:\Users\jeff\AppData\Roaming\.#
[2008/04/30 19:52:47 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Acer GameZone Console
[2009/04/26 08:25:23 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Big Fish Games
[2010/08/05 00:16:42 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\CloneSpy
[2009/10/06 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\DVDFab
[2009/03/16 06:38:47 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\GrabPro
[2009/12/08 10:24:25 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\HandBrake
[2008/12/12 08:44:03 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\InterTrust
[2009/04/26 07:49:38 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\iWin
[2010/07/24 06:07:28 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\LimeWire
[2010/03/14 14:25:31 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\MyVirtualHome
[2010/03/25 15:00:22 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\OpenCandy
[2010/05/14 22:24:07 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Orbit
[2009/04/06 13:37:41 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\PlayFirst
[2010/06/21 01:14:29 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\RapidTyping
[2009/11/25 21:07:19 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Red Kawa
[2009/11/25 21:00:20 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Regensoft
[2009/02/01 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Template
[2010/08/14 11:56:03 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\TuneUpMedia
[2009/08/27 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Uniblue
[2010/08/15 07:34:41 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\uTorrent
[2009/07/27 16:38:58 | 000,000,000 | ---D | M] -- C:\Users\jeff\AppData\Roaming\Vso
[2010/08/18 10:27:48 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/06 09:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/18 10:29:19 | 2072,891,392 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/14 08:28:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/14 08:28:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/18 10:29:18 | 2386,681,856 | -HS- | M] () -- C:\pagefile.sys
[2008/10/07 04:03:52 | 000,003,195 | -HS- | M] () -- C:\Patch.rev
[2008/04/30 18:32:45 | 000,000,148 | RHS- | M] () -- C:\preload.rev
[2008/10/11 10:52:45 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 22:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 22:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 22:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/14 08:13:10 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 07:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 12:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2006/09/18 10:57:22 | 000,019,456 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\SSGB1pc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 12:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/12 08:29:35 | 000,000,350 | -HS- | M] () -- C:\Users\jeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-11 17:19:17

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8
< End of report >

Advertisements

Register to Remove

#11 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 17 August 2010 - 07:57 PM

Now the extras file

BTW in OTL is the files within 30 days OK - it was the default startup?

Also I notice some internet access error s at the end of this report. My internet is slowed at moment will be back up to speed soon. Let me know if you want a rerun?

OTL Extras logfile created on: 18/08/2010 11:05:13 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\jeff\Downloads\virus programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 18.21 Gb Free Space | 16.32% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 12.08 Gb Free Space | 10.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 672.57 Gb Free Space | 72.20% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFF-PC
Current User Name: jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0685095B-A73B-4AC8-BEB6-0D24D6A20B4F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{07B34CE5-90CF-46CF-ABCD-20CFC2ECD58A}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{09DF040C-0ECB-44CB-BAD1-1A42178CFBDB}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3\totalmedia.exe |
"{0B538B91-DA99-4709-B4D4-0B6AC6ADA895}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0F388B47-814E-4F3F-82B2-859760D32881}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{11DEA914-A8BE-4DA3-BF40-31BB8E027AE8}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{1C65A0D9-F940-4663-9FEB-5289907DAE59}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{1F57E95E-8F22-4106-BF40-7707DE921E04}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{23B9661F-DEC1-47DE-B865-A8FD0C18D065}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2C411C84-53D6-4469-905E-392FC486B67F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2C8B0C46-55B1-42A0-BDA3-F6BBD25A89C5}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{49A54919-8E66-4728-B4EA-FAA5DB975DCB}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{50D7FB1E-66D8-435A-98F7-DFFA0E9B02E7}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{55E5AC1D-E66C-4A6D-AB6E-40A1926AA6D5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5B94FB7E-4F9E-4B8F-BE1F-9FE57EAFC1EE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5ECBFA39-2321-4A39-948C-8E4F00D90766}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3\totalmedia.exe |
"{60DCF1A0-C430-4C6E-9572-7FDD23389609}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6318E1A7-BFAC-4FCD-BCA8-68BCAB0AF00B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{782B1532-616A-4555-933B-0D7A609CB435}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{86642836-96E4-4D8D-A3BF-4E98B12BDCD2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{89858D2F-08E8-4409-BB87-EA32304FD8AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C561BC1-72AB-4EE3-9EBF-9A8CB317C26B}" = protocol=6 | dir=out | app=c:\program files\airvideoserver\airvideoserver.exe |
"{A4A230D8-3309-46A5-9896-1A2A466106F6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B589181A-88D6-45B8-A6CC-4B93B6321450}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B7C588D9-E9B5-49CD-AC84-F54093A9E44E}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{B95B34C7-5FE9-4AF2-88EF-9AE40DC66D48}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA5EEAC4-BBD4-4655-BAE8-94F3EE16812F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BB3136DD-7D40-404D-A9E1-B2F3DDD5DC88}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{C01D65D6-CB15-4C86-98DF-278BFD121982}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3DF1A94-8367-4A1B-8F39-72A902CE8144}" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{CBFCEE09-B268-40D0-9B98-8253B9881C48}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D5A0E150-9516-42DF-B866-BED21BA3EFA0}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{EA2749AF-00ED-474C-93C1-6114DE31BD08}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{FDD80544-A479-4469-BEA7-D955F7369DDD}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"TCP Query User{1966EDC4-17F1-4CA5-BCC9-D885EE0FBB02}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{6FA22F43-A635-4399-BC82-CD473B7A903A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7ACEB933-289A-4F3E-B57E-470318706E0D}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{F38988EC-C989-4551-B693-1999AC298D6F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{169E2338-F97F-420E-B029-98C44721DEF2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5AA63AB9-E2DF-4092-9EB9-3D6CAF8BBE72}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7E5EE26F-D54C-491A-9B7A-C513E4801CE8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A24C2450-9A51-42A5-8DE1-1CE3AC729403}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14E5C47A-0AC5-4B02-8150-7BFA82A725EF}" = StudyDog Basic Classroom - Level 3
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF7DC11-FD66-4FF3-A6C0-6DF8D5FA829C}" = ArcSoft TotalMedia 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{31F94D26-7DA9-4CE9-87B2-5031A07C8CDF}" = ServoCommand
"{464288F4-991B-470D-ABC0-B79F4A08011F}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{4AEF84D8-A2B5-4A6F-A11B-4E9F70290682}" = MyVirtualHome
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{A458050C-7A91-47CF-8F03-32A6DE42A6E2}" = StudyDog Basic Classroom - Level 1
"{A46C54BE-1BD6-41FA-90BC-EB46E497E884}" = StudyDog Basic Classroom - Level 2
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{EB7FEAB4-4E28-4A17-B49F-AE83772B5654}" = StudyDog Level 1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"7-Zip" = 7-Zip 4.61 beta
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Air Video Server" = Air Video Server 2.2.7-update1
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Checkers 1.3" = Checkers 1.3
"CleanUp!" = CleanUp!
"CloneSpy" = CloneSpy 2.51
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.2
"DVDFab 6_is1" = DVDFab 6.0.2.2 (June 26, 2009)
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"Handbrake" = Handbrake 0.9.4
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPP-21" = HPP-21
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LimeWire" = LimeWire 5.5.10
"LManager" = Launch Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MyWebSearch bar Uninstall" = My Web Search
"Orbit_is1" = Orbit Downloader
"PREWRITING & COMPUTER SKILLS" = PREWRITING & COMPUTER SKILLS
"Profils" = Profils (remove only)
"RapidTyping" = RapidTyping
"Riva FLV Player_is1" = Riva FLV Player
"Samsung ML-1710 Series" = Samsung ML-1710 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TraCFoil_is1" = TraCFoil V 3.4.02 E
"TuneUpMedia" = TuneUp Companion 1.7.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPhone 3GS Converter" = Videora iPhone 3GS Converter 5.03
"vixy converter BETA_is1" = vixy converter uninstall
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper_is1" = WinX DVD Ripper 4.0
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"YouTube Downloader App" = YouTube Downloader App 2.03
"YPOPs_is1" = YPOPs! 0.9.7.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Storm Hawks Sky Race" = Storm Hawks Sky Race
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/08/2010 5:46:31 AM | Computer Name = jeff-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/08/2010 5:46:31 AM | Computer Name = jeff-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/08/2010 5:46:34 AM | Computer Name = jeff-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/08/2010 5:46:34 AM | Computer Name = jeff-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/08/2010 5:46:34 AM | Computer Name = jeff-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/08/2010 5:46:34 AM | Computer Name = jeff-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/08/2010 5:46:35 AM | Computer Name = jeff-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/08/2010 5:46:35 AM | Computer Name = jeff-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/08/2010 6:22:29 AM | Computer Name = jeff-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/08/2010 6:22:33 AM | Computer Name = jeff-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 16/08/2010 10:53:42 PM | Computer Name = jeff-PC | Source = DCOM | ID = 10010
Description =

Error - 16/08/2010 11:08:26 PM | Computer Name = jeff-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/08/2010 11:08:26 PM | Computer Name = jeff-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/08/2010 2:09:58 AM | Computer Name = jeff-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:08:09 PM on 17/08/2010 was unexpected.

Error - 17/08/2010 2:10:16 AM | Computer Name = jeff-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/08/2010 2:10:16 AM | Computer Name = jeff-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/08/2010 8:27:36 PM | Computer Name = jeff-PC | Source = DCOM | ID = 10010
Description =

Error - 17/08/2010 8:29:42 PM | Computer Name = jeff-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/08/2010 8:29:42 PM | Computer Name = jeff-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/08/2010 9:09:19 PM | Computer Name = jeff-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001D72DB1F3A has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

#12 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 18 August 2010 - 02:01 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-18 16:36:04
Windows 6.0.6002 Service Pack 2
Running: pp7lxc2u.exe; Driver: C:\Users\jeff\AppData\Local\Temp\kgtdypob.sys

---- Kernel code sections - GMER 1.0.15 ----

C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xAE33A41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xAE33B000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1156] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 763CB37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#13 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 18 August 2010 - 05:27 PM

Hi jirvin_4505,

The 30 days is fine. No need to rerun OTL. The internet issues don't affect it.

Now let's run combofix.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#14 jirvin_4505

Authentic Member

Authentic Member
26 posts

Posted 18 August 2010 - 06:44 PM

ComboFix 10-08-17.04 - jeff 19/08/2010 10:23:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1976.972 [GMT 10:00]
Running from: c:\users\jeff\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\3.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\3.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\3.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\3.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\3.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\firefox\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\firefox\INSTALL.RDF
c:\program files\MyWebSearch\bar\firefox\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\users\Guest\AppData\Roaming\.#
c:\users\jeff\AppData\Local\Windows Server
c:\users\jeff\AppData\Local\Windows Server\admin.txt
c:\users\jeff\AppData\Local\Windows Server\flags.ini
c:\users\jeff\AppData\Local\Windows Server\hlp.dat
c:\users\jeff\AppData\Local\Windows Server\server.dat
c:\users\jeff\AppData\Local\Windows Server\uses32.dat
c:\users\jeff\AppData\Roaming\.#
c:\users\jeff\AppData\Roaming\.#\MBX@1090@162990.###
c:\users\jeff\AppData\Roaming\.#\MBX@1090@1629C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@1090@1629F0.###
c:\users\jeff\AppData\Roaming\.#\MBX@10B8@1B42990.###
c:\users\jeff\AppData\Roaming\.#\MBX@10B8@1B429C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@10B8@1B429F0.###
c:\users\jeff\AppData\Roaming\.#\MBX@12A8@1722990.###
c:\users\jeff\AppData\Roaming\.#\MBX@12A8@17229C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@12A8@17229F0.###
c:\users\jeff\AppData\Roaming\.#\MBX@1364@1B72990.###
c:\users\jeff\AppData\Roaming\.#\MBX@1364@1B729C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@1364@1B729F0.###
c:\users\jeff\AppData\Roaming\.#\MBX@1C38@1C52990.###
c:\users\jeff\AppData\Roaming\.#\MBX@1C38@1C529C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@1C38@1C529F0.###
c:\users\jeff\AppData\Roaming\.#\MBX@378@1C92990.###
c:\users\jeff\AppData\Roaming\.#\MBX@378@1C929C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@378@1C929F0.###
c:\users\jeff\AppData\Roaming\.#\MBX@B04@242990.###
c:\users\jeff\AppData\Roaming\.#\MBX@B04@2429C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@B04@2429F0.###
c:\users\jeff\AppData\Roaming\.#\MBX@E68@1C52990.###
c:\users\jeff\AppData\Roaming\.#\MBX@E68@1C529C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@E68@1C529F0.###
c:\users\jeff\AppData\Roaming\.#\MBX@F4C@1D72990.###
c:\users\jeff\AppData\Roaming\.#\MBX@F4C@1D729C0.###
c:\users\jeff\AppData\Roaming\.#\MBX@F4C@1D729F0.###
c:\users\jeff\AppData\Roaming\Fine_Woodworking_2009.exe
c:\users\jeff\AppData\Roaming\inst.exe
c:\users\jeff\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\Max\AppData\Roaming\.#
c:\users\Max\AppData\Roaming\.#\MBX@1C3C@1D42990.###
c:\users\Max\AppData\Roaming\.#\MBX@1C3C@1D429C0.###
c:\users\Max\AppData\Roaming\.#\MBX@1C3C@1D429F0.###
c:\users\Xena\AppData\Roaming\.#
c:\windows\system32\f3PSSavr.scr
c:\windows\Temp\log.txt
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-19 00:33 . 2010-08-19 00:33 -------- d-----w- c:\users\Xena\AppData\Local\temp
2010-08-19 00:33 . 2010-08-19 00:33 -------- d-----w- c:\users\Max\AppData\Local\temp
2010-08-19 00:33 . 2010-08-19 00:33 -------- d-----w- c:\users\Jane\AppData\Local\temp
2010-08-19 00:33 . 2010-08-19 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-19 00:33 . 2010-08-19 00:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-18 23:52 . 2010-08-18 23:52 -------- d-----w- c:\users\jeff\AppData\Roaming\AVG9
2010-08-14 02:26 . 2010-08-14 02:26 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-08-14 01:38 . 2010-08-17 02:24 -------- d-----w- c:\users\jeff\AppData\Local\abbqencej
2010-08-14 01:38 . 2010-08-17 07:21 -------- d-----w- c:\users\jeff\AppData\Local\Windows
2010-08-11 10:03 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 10:03 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 10:03 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 10:03 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 10:02 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 10:02 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 10:02 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 10:02 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 10:02 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 10:02 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 10:02 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 10:02 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 01:49 . 2010-08-14 01:56 -------- d-----w- c:\users\jeff\AppData\Roaming\TuneUpMedia
2010-08-09 22:01 . 2010-08-09 22:01 -------- d-----w- c:\program files\iPod
2010-08-09 21:52 . 2010-08-09 21:52 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-09 04:13 . 2010-08-18 23:26 0 ----a-w- c:\users\jeff\AppData\Local\prvlcl.dat
2010-08-05 00:01 . 2010-08-05 00:01 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-08-05 00:01 . 2010-08-05 00:01 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-08-05 00:01 . 2010-08-05 00:01 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-08-05 00:01 . 2010-08-05 00:01 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-08-04 14:16 . 2010-08-04 14:16 -------- d-----w- c:\users\jeff\AppData\Roaming\CloneSpy
2010-08-04 14:16 . 2010-08-04 14:16 -------- d-----w- c:\program files\CloneSpy
2010-08-04 03:54 . 2010-08-04 03:54 -------- d-----w- C:\$AVG
2010-08-04 02:38 . 2010-08-04 02:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-04 02:38 . 2010-08-04 02:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-04 02:38 . 2010-08-04 02:38 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-04 02:38 . 2010-08-04 02:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-04 02:38 . 2010-08-18 22:54 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-04 02:29 . 2010-08-04 02:29 -------- d-----w- c:\program files\AVG
2010-08-04 02:28 . 2010-08-04 02:29 -------- d-----w- c:\programdata\avg9
2010-08-03 17:25 . 2010-08-03 17:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-08-03 02:40 . 2010-08-19 00:16 -------- d-----w- c:\users\jeff\AppData\Local\AirVideoServer
2010-08-03 02:40 . 2010-08-19 00:17 -------- d-----w- C:\jexepackres
2010-08-03 02:39 . 2010-08-03 02:39 -------- d-----w- c:\program files\AirVideoServer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 00:30 . 2008-12-14 13:36 5972 ----a-w- c:\users\jeff\AppData\Local\d3d9caps.dat
2010-08-17 22:17 . 2009-07-18 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-14 21:34 . 2008-11-26 05:03 -------- d-----w- c:\users\jeff\AppData\Roaming\uTorrent
2010-08-14 21:24 . 2009-12-06 23:04 -------- d-----w- c:\users\jeff\AppData\Roaming\vlc
2010-08-14 02:26 . 2009-02-07 07:50 71280 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 17:03 . 2008-04-30 09:38 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 02:35 . 2010-03-19 02:48 -------- d-----w- c:\program files\TuneUpMedia
2010-08-11 02:35 . 2010-03-19 12:33 -------- d-----w- c:\programdata\TuneUpMedia
2010-08-09 22:02 . 2009-10-05 22:39 -------- d-----w- c:\program files\iTunes
2010-08-09 22:01 . 2008-12-01 04:15 -------- d-----w- c:\program files\Common Files\Apple
2010-08-07 02:06 . 2010-06-20 09:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-05 00:20 . 2008-04-30 09:35 -------- d-----w- c:\programdata\McAfee
2010-08-03 22:35 . 2008-11-21 01:26 71280 ----a-w- c:\users\jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-03 17:22 . 2008-04-30 09:39 -------- d-----w- c:\program files\Microsoft Works
2010-07-23 20:07 . 2008-12-21 09:00 -------- d-----w- c:\users\jeff\AppData\Roaming\LimeWire
2010-07-18 08:28 . 2010-07-18 08:28 -------- d-----w- c:\users\jeff\AppData\Roaming\Sonic Solutions
2010-07-08 13:46 . 2008-12-21 08:44 -------- d-----w- c:\program files\LimeWire
2010-06-23 12:25 . 2010-06-23 12:25 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2745.tmp.exe
2010-06-22 01:58 . 2010-06-25 01:59 241664 ----a-w- c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2010-06-22 01:58 . 2010-06-25 01:59 114688 ----a-w- c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2010-06-22 01:58 . 2010-06-25 01:59 90112 ----a-w- c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2010-06-22 01:58 . 2010-06-25 01:59 167936 ----a-w- c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2010-06-20 15:14 . 2010-06-20 15:14 -------- d-----w- c:\users\jeff\AppData\Roaming\RapidTyping
2010-06-20 15:14 . 2010-06-20 15:14 -------- d-----w- c:\programdata\RapidTyping
2010-06-20 09:29 . 2010-06-20 09:26 -------- d-----w- c:\program files\Bing Bar Installer
2010-06-20 09:29 . 2010-06-20 09:29 -------- d-----w- c:\program files\Microsoft
2010-06-20 09:29 . 2010-06-20 09:29 -------- d-----w- c:\program files\MSN Toolbar
2010-06-20 09:25 . 2010-06-20 09:25 -------- d-----w- c:\program files\RapidTyping
2010-06-08 05:19 . 2009-02-01 06:53 5100 ----a-w- c:\users\jeff\AppData\Roaming\wklnhst.dat
2010-05-26 17:06 . 2010-06-09 02:42 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 02:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 10:27 . 2010-05-25 10:27 5694 ----a-r- c:\users\jeff\AppData\Roaming\Microsoft\Installer\{14E5C47A-0AC5-4B02-8150-7BFA82A725EF}\StudyDogClass.exe11_14E5C47A0AC54B0281507BFA82A725EF.exe
2010-05-25 10:27 . 2010-05-25 10:27 5694 ----a-r- c:\users\jeff\AppData\Roaming\Microsoft\Installer\{14E5C47A-0AC5-4B02-8150-7BFA82A725EF}\StudyDogClass.exe1_14E5C47A0AC54B0281507BFA82A725EF.exe
2010-05-25 10:27 . 2010-05-25 10:27 5694 ----a-r- c:\users\jeff\AppData\Roaming\Microsoft\Installer\{14E5C47A-0AC5-4B02-8150-7BFA82A725EF}\StudyDogClass.exe_14E5C47A0AC54B0281507BFA82A725EF.exe
2010-05-25 10:27 . 2010-05-25 10:27 5694 ----a-r- c:\users\jeff\AppData\Roaming\Microsoft\Installer\{14E5C47A-0AC5-4B02-8150-7BFA82A725EF}\ARPPRODUCTICON.exe
2010-08-11 10:42 . 2009-12-09 07:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-11 01:24 . 2008-10-11 01:23 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-21 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-05-20 4818760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-24 228352]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3\TMMonitor.exe [2008-11-23 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(

:c6,7a,d9,bc,f2,f2,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 30192]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-28 17408]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-08-10 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-08-10 63488]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-04 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-04 243024]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-08-04 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-04 308136]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-21 5120]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

.
Contents of the 'Scheduled Tasks' folder

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 00:18]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 00:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&s=2&o=vp32&d=1008&m=aspire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&s=2&o=vp32&d=1008&m=aspire_5735
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.mc458.mail.yahoo.com/mc/showFolder?fid=Inbox&.rand=138647876&da=0#_pg=showFolder;_ylc=X3oDMTBuZ3NuNDI3BF9TAzM5ODMwNjEzOQRhYwNkZWxNc2dz&&filterBy=&fid=Inbox&.rand=27747249&nsc&.jsrand=3824554|http://www.toodledo.com/views/index.php|http://forums.whirlpool.net.au/forum/128?g=176|http://www.google.com/calendar/render|http://www.windsock.net.au/|http://www.rcgroups.com/forums/usercp.php?
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=VWhSibJOuu2.PaWfyseiMQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 10:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-08-19 10:39:34
ComboFix-quarantined-files.txt 2010-08-19 00:39

Pre-Run: 18,647,183,360 bytes free
Post-Run: 18,746,011,648 bytes free

- - End Of File - - C9359E38F570FB1A9D673FA0CEF704DD

#15 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 19 August 2010 - 07:41 PM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522

Firefox::
FF - ProfilePath - c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\9k89rsbv.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=VWhSibJOuu2.PaWfyseiMQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=

Dirlook::
c:\users\jeff\AppData\Local\abbqencej
c:\users\jeff\AppData\Local\Windows

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

Body Background

skin color theme