WiredWX Hobby Weather ToolsLog in

 


descriptioncomputer infected Emptycomputer infected

more_horiz
Hi,

My computer has been infected with something that keeps wanting me to purchase an antivirus program. It says my computer is under attack. I cannot open the internet or any other programs - have tried malwarebytes, hijack this and ice sword (renaming ice sword to explorer.exe) and the virus keeps blocking the programs. Please help!!

descriptioncomputer infected EmptyRe: computer infected

more_horiz
PS - I have another computer that I can use to view topics and download any necessary software.

descriptioncomputer infected EmptyRe: computer infected

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptioncomputer infected EmptyRe: computer infected

more_horiz
Thank you

I had to run windows in safe mode as the virus kept blocking OTL from opening. Here is the log:

OTL logfile created on: 09/05/2010 11:52:47 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = L:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.36 Gb Total Space | 37.65 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
Drive D: | 170.08 Gb Total Space | 77.18 Gb Free Space | 45.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 7.46 Gb Total Space | 7.46 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/09 11:47:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
PRC - [2009/04/11 07:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 07:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 03:24:02 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
PRC - [2006/10/23 07:29:48 | 000,014,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 11:47:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/04 14:36:32 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/30 01:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/06/02 17:25:40 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/05/21 01:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/04/26 05:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/26 05:36:02 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 21:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/02/21 23:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/22 09:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/18 15:15:32 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/03/29 09:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100505.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/29 09:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100505.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/12/15 20:46:58 | 000,014,120 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2009/12/15 20:46:54 | 000,013,440 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2009/12/15 20:46:54 | 000,011,048 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2009/11/20 04:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100422.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/10/19 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/26 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/07 18:33:08 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/30 07:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\coh_mon.sys -- (COH_Mon)
DRV - [2008/07/30 01:53:12 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/30 01:53:10 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/30 01:53:10 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/06/06 03:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/06/02 17:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/20 11:01:00 | 002,143,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/26 00:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008/02/26 00:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2008/02/01 02:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/02/01 02:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/02/01 02:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/12/19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/08/09 01:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/30 04:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1008&m=aspire_m3201
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/31 16:55:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/08 21:48:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/08 21:48:40 | 000,000,000 | ---D | M]

[2009/01/04 21:22:37 | 000,000,682 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\1bz9zqzd.default\searchplugins\ask.xml
[2009/04/29 22:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [lchtaouw] C:\Users\Steve\AppData\Local\loosibwkt\wiomdtdtssd.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a5fa56d-e0d2-11dd-a240-002268058368}\Shell - "" = AutoRun
O33 - MountPoints2\{2a5fa56d-e0d2-11dd-a240-002268058368}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ea0f1e90-da62-11dd-a381-002268058368}\Shell\Open\command - "" = J:\resycled\ntldr.com -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/08 15:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/05 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\loosibwkt
[2010/05/05 20:38:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\5374F755B73305D0FFD916E09818D53E
[2010/05/05 20:38:45 | 000,182,784 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\regedit.exe
[2010/04/28 22:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/04/27 22:16:15 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\survival photos
[2010/04/14 09:47:13 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 09:47:13 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 09:47:11 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 09:47:09 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 09:47:09 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/12 15:01:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\My Notebook Content
[2010/04/12 15:01:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\SMART Technologies Inc
[2010/04/12 15:01:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\LabVIEW Data
[2010/04/12 15:01:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\SMART Notebook
[2010/04/12 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\SMART Technologies
[2010/04/12 15:01:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\SMART Technologies
[2010/04/12 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2010/04/12 13:58:09 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SMART Technologies
[2010/04/12 13:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2010/04/12 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SMART Technologies Inc
[2010/04/12 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ASDAN
[2010/04/12 13:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Technologies
[2010/04/12 13:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies
[2010/04/12 13:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2010/04/12 13:26:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Promethean
[2010/04/12 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\ACTIV Software
[2010/04/11 16:24:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\New Folder
[2008/07/22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/05/09 11:52:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/09 11:50:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/09 11:50:42 | 003,932,160 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT
[2010/05/09 11:50:42 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/09 11:50:42 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/09 11:50:23 | 002,424,349 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/05/09 11:50:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BEDB7FF9-D259-4D89-A365-289B8D67F01F}.job
[2010/05/09 11:49:18 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/09 11:47:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/05/09 11:47:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/09 11:47:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/08 16:21:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2925684347-1456232138-262944525-1000UA.job
[2010/05/08 16:16:30 | 000,703,078 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/08 16:16:30 | 000,608,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/08 16:16:30 | 000,108,838 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/05 20:49:47 | 000,000,001 | ---- | M] () -- C:\Users\Steve\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/05/05 20:38:45 | 000,182,784 | ---- | M] (Macromedia, Inc.) -- C:\Windows\System32\regedit.exe
[2010/05/04 18:21:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2925684347-1456232138-262944525-1000Core.job
[2010/04/30 07:06:34 | 002,435,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 20:21:18 | 000,002,046 | ---- | M] () -- C:\Users\Steve\Desktop\Google Chrome.lnk
[2010/04/28 18:00:10 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Steve.job
[2010/04/26 22:32:40 | 000,010,383 | ---- | M] () -- C:\Users\Steve\Desktop\You are in the queue in the star cafe and another student pushes in front of you.docx
[2010/04/26 20:41:13 | 000,065,167 | ---- | M] () -- C:\Users\Steve\Desktop\poems for core skills.pptx
[2010/04/26 20:28:29 | 000,144,768 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/04/26 20:27:48 | 000,008,224 | ---- | M] () -- C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/16 12:06:46 | 000,002,627 | ---- | M] () -- C:\Users\Steve\Desktop\Microsoft Office Word 2007.lnk
[2010/04/15 17:23:31 | 000,011,566 | ---- | M] () -- C:\Users\Steve\Desktop\prep for work e3.docx
[2010/04/14 16:35:07 | 000,014,740 | ---- | M] () -- C:\Users\Steve\Desktop\Somewhere over the rainbow.docx
[2010/04/12 13:56:37 | 000,002,163 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2010/04/12 12:24:30 | 000,024,424 | ---- | M] () -- C:\Users\Steve\Desktop\term dates 10 11.docx
[2010/04/12 12:22:33 | 000,057,319 | ---- | M] () -- C:\Users\Steve\Desktop\term dates 09 10.docx
[2010/04/11 22:57:13 | 002,816,544 | ---- | M] () -- C:\Users\Steve\Desktop\drever gbc take 2.mp3

========== Files Created - No Company Name ==========

[2010/05/05 20:49:47 | 000,000,001 | ---- | C] () -- C:\Users\Steve\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/04/26 21:19:26 | 000,010,383 | ---- | C] () -- C:\Users\Steve\Desktop\You are in the queue in the star cafe and another student pushes in front of you.docx
[2010/04/26 20:41:12 | 000,065,167 | ---- | C] () -- C:\Users\Steve\Desktop\poems for core skills.pptx
[2010/04/15 17:23:30 | 000,011,566 | ---- | C] () -- C:\Users\Steve\Desktop\prep for work e3.docx
[2010/04/13 23:15:39 | 000,002,627 | ---- | C] () -- C:\Users\Steve\Desktop\Microsoft Office Word 2007.lnk
[2010/04/12 15:00:20 | 000,000,118 | ---- | C] () -- C:\Users\Steve\ACTIVstudioError.log
[2010/04/12 13:56:37 | 000,002,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2010/04/12 12:24:30 | 000,024,424 | ---- | C] () -- C:\Users\Steve\Desktop\term dates 10 11.docx
[2010/04/12 12:22:33 | 000,057,319 | ---- | C] () -- C:\Users\Steve\Desktop\term dates 09 10.docx
[2010/04/11 22:57:05 | 002,816,544 | ---- | C] () -- C:\Users\Steve\Desktop\drever gbc take 2.mp3
[2010/04/09 18:17:43 | 000,002,046 | ---- | C] () -- C:\Users\Steve\Desktop\Google Chrome.lnk
[2010/04/09 18:16:38 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2925684347-1456232138-262944525-1000UA.job
[2010/04/09 18:16:37 | 000,000,854 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2925684347-1456232138-262944525-1000Core.job
[2009/09/11 19:51:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/12 17:31:16 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/06/11 21:58:30 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/05/11 23:09:58 | 000,000,080 | ---- | C] () -- C:\Windows\DeliveryReader.INI
[2009/05/08 18:09:05 | 003,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/05/08 18:09:05 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/05/08 18:09:05 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/05/08 18:09:05 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/03/12 23:17:31 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/01/04 21:41:04 | 000,000,426 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/15 04:23:35 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/10/15 04:23:34 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/04/09 07:14:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/16 00:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/03/16 00:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/03/15 23:36:54 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/03/15 23:33:51 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/18 15:15:32 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2005/04/27 12:40:30 | 000,002,572 | ---- | C] () -- C:\Windows\WINDVDBOOTRECDOE.sys
[2004/12/19 14:29:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/19 14:17:10 | 000,614,400 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2002/10/06 19:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/05 00:04:24 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002/10/05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/05 00:04:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/05/16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A1063995
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DD4DD9B9
< End of report >

descriptioncomputer infected EmptyRe: computer infected

more_horiz
here is the 'extras' log:

OTL Extras logfile created on: 09/05/2010 11:52:47 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = L:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.36 Gb Total Space | 37.65 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
Drive D: | 170.08 Gb Total Space | 77.18 Gb Free Space | 45.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 7.46 Gb Total Space | 7.46 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\System32\regedit.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" (Macromedia, Inc.)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C5B1AD42-61DF-4440-9AD0-ECC94C615597}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CA986600-9AB7-4324-924D-B96FD273FE73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E25BAAEA-6823-4D2B-870F-5753CF3808DD}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015DB201-1D03-41FE-AC09-C2802388BE12}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{0F6EF0CF-A02D-417E-9B6F-3D9F3ABF8385}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{114BACD5-1138-4A21-9B7B-723BFFDACE9E}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe |
"{12D7C6E8-E5B6-4385-AC83-93FDF708F6EE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{1A0359EB-0C85-45A0-AE6C-B64543F8BA76}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33A87B6A-DC9B-482F-AEF8-2877B508ED0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{383E6277-9593-4728-9ABD-5FDFE53CBF10}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{3CEBD57C-EF7A-4714-BAC1-5460D733F450}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{44CCD4B9-467C-4983-A441-81B8FD62F7FA}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"{4A2BDA1B-BABB-4122-A232-62F2F421432B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{5594115A-58CF-4B18-B6F7-BBCB4857430F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{57A9E168-0C13-4F19-986E-4CE53B9BB501}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{59CFCB8E-85A5-4AB5-BEA4-FC13902C70AA}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{699DC6EF-CC18-4673-B1B9-B7E64B101139}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{6DE7A2C6-5E83-4ED0-8315-EA4B1D7F63E2}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{6FC2E2B4-5551-4AB0-953C-749B3B6BB581}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"{71D95905-A024-4AB6-AD35-C5E2C3E52D55}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe |
"{724E97DA-3A35-4AB1-B9AD-C118C0E2F747}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8E70A364-0F2D-4638-B5F3-944F83736E28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8FEC6DA2-F4A2-406D-8B19-7855530BC683}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{902E033B-6D85-4071-9ADB-D7E892A483B5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{92827FDC-4F8D-4C47-8E96-311C796C7EC3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A23DD098-10CD-4566-AD62-16225E5FF12C}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{AE25F898-9B59-4D80-A624-170C1C921267}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B9B309F2-789B-421D-93D1-BCD611D5F99F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BBF0FF2D-5E21-4468-8C99-9B4E4B251B2A}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"{C5F34C38-0DAD-415F-A341-78EFF1A76F36}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CCC61CF5-3C3E-49C7-BD3F-19A8D4B660FE}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{D3BCE428-BA34-4EE8-A5D6-842C3620D4D4}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{D60C65F9-B1FC-4A5F-93C7-3D650A77480D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D8B4657B-C542-4E7A-913F-7C3F970EDECA}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe |
"{DA748330-B6B1-4B51-ACF0-92EC3435CED7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DB1B1CD6-5DCE-46D3-8BC0-56D365B5D968}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DCE5BB6B-210E-4C26-8171-0E16DB113DE4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E240B5E8-EC97-4926-9834-ED0E9894C852}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{E27A2F09-8A23-424D-94F1-82DE4639C583}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe |
"{E2C215F4-37AD-4ADD-9E07-996149881F5D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E2F6157E-2CB2-4AB2-A0E6-0187F3DEA0A0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{E37C083B-F95D-4125-82C9-079302D2B749}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{F2F6D2C8-B5A1-448F-8E7D-1371FEB5A597}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F5A83C1C-BD16-43AA-8BDE-97CAE92BD3CA}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{FF035939-87C0-43C7-B1F2-84E4F2AF100F}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0025DA8D-F344-E316-885A-2D71C66B0FB1}" = Catalyst Control Center Localization Norwegian
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01B0503D-45A2-CCA2-44DF-C716B80B7EB6}" = Catalyst Control Center Graphics Light
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0C74BC57-4128-D428-D4A5-267F66C80C7C}" = CCC Help German
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14592A8E-4DA6-4338-A9D5-E16449647EC3}" = Championship Manager 2010 (September Data Patch)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1AEB447A-34B8-7DB5-67B8-1E54DADD6572}" = Catalyst Control Center Localization Polish
"{1B897B3A-57C2-DF09-C6CC-E6B9FA0AC44F}" = CCC Help Thai
"{2037D7FD-6401-DDC7-A499-2FDF9ADCD04F}" = CCC Help Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{21AD8584-EDAC-7D00-71CC-79D111C5B27B}" = CCC Help Italian
"{2295D7EE-0575-D2CC-E52A-102F2AF01169}" = CCC Help Russian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{2623A1E3-478A-4F4A-A522-3A3D784A0C9C}" = SMART Product Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2ED84754-62AA-80F6-E434-9C03FF1D4221}" = Catalyst Control Center Localization Korean
"{30965141-4363-2683-885F-4A35810A382B}" = CCC Help Portuguese
"{311D49FD-6B52-D68F-CFBC-796F22554404}" = Catalyst Control Center Localization Dutch
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3AD4FFEC-0DEC-5037-C92F-C294FEA8F320}" = Catalyst Control Center Localization Hungarian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C71054A-352C-4ABD-5643-4C8F8617AE08}" = CCC Help Danish
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{3FE1C3BB-91B1-119B-47FE-49143E2AD10B}" = CCC Help Spanish
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{48EF56FD-3B28-DEB7-7C63-85908395E6A6}" = Catalyst Control Center Localization Spanish
"{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4F896C8E-8AEF-4C27-31CD-56E6E200FAB4}" = CCC Help Dutch
"{53C436CD-155C-6159-D12B-55967DAB8887}" = CCC Help Norwegian
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5CA7899B-FFEC-4254-A05B-448420831F37}" = Championship Manager 2010
"{5E396C14-A2E0-3F7B-42FE-15569155234A}" = CCC Help Chinese Standard
"{60245C29-8A73-CF88-275F-A79BA580E748}" = CCC Help Korean
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68F2FB07-4F60-734A-46FD-493A109D1514}" = CCC Help English
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B870C06-EA15-4D5A-AECF-02546455A5C5}" = LiveUpload to Facebook
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FD29E18-619D-259B-948F-3A65967486A3}" = ccc-core-static
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FB2697-2C28-9572-6452-F2418A33834E}" = Catalyst Control Center Localization Russian
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CC14E1A-17B4-27A6-2086-2A52BCC16A16}" = Catalyst Control Center Localization Italian
"{7D30776C-F30F-4207-6A82-EF0E1D6DCD23}" = CCC Help Chinese Traditional
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8011B8CD-CD37-5B5D-4423-78D358B70C21}" = ccc-utility
"{804AB28B-F929-370A-B3AB-5BB99DFD73DF}" = Catalyst Control Center Localization Chinese Standard
"{80B4503F-FC06-4802-BEA1-99FEB88D9EF5}" = SymNet
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84E98285-BEC0-8C52-EB74-10C281737023}" = Catalyst Control Center Localization Portuguese
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{862673D1-8F64-A109-47A9-CD5CFAABBD2A}" = Catalyst Control Center Localization Finnish
"{89EFA70F-87DF-4B19-6366-77B9D693C20E}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DB9E645-E6DB-A4BB-B18A-265435D13274}" = Catalyst Control Center Graphics Full Existing
"{8E62F311-A40C-A7B3-C595-FE1E17D838F8}" = Skins
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DD5DE-0798-883F-8B23-55D3843F3E59}" = Catalyst Control Center Localization Turkish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{92933B9E-3273-9DD6-7F47-EB6DD029C6AC}" = Catalyst Control Center Localization Chinese Traditional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{954513A8-AAE3-97E9-1FB8-A1D70FD1A549}" = CCC Help Greek
"{9738C893-02C6-6694-DD7B-D50CC8D57248}" = Catalyst Control Center Core Implementation
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF93979-12BD-D361-0624-9025215FD8B5}" = CCC Help Finnish
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4BEC8AC-0E57-E1F8-C3C5-01ED0F27ECB9}" = Catalyst Control Center Localization French
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A91FB756-A9B5-7A88-7637-21B3061B97A7}" = Catalyst Control Center Graphics Full New
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC4451B3-1CC2-7C5D-F0EC-AD2DADE9DFF2}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC9450D2-2344-132D-AAA8-DB418BC6F3E5}" = CCC Help Hungarian
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F6A8F0-927A-D0CC-D1CB-FCEBD7528799}" = Catalyst Control Center Localization Czech
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0AF881D-EB63-A1D6-F29A-1EAD7BAEDB95}" = Catalyst Control Center Localization Japanese
"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C75252FF-A765-B58A-44D1-D10C24E69E59}" = Catalyst Control Center Localization Thai
"{CAAF4EB9-68E8-6BC9-ADC2-24491B70A84D}" = Catalyst Control Center Graphics Previews Vista
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC25FBAD-153D-0EB7-5EC5-0DE97A7A8788}" = Catalyst Control Center Localization Danish
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}" = CONNECT Player Language Pack
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EA34B5D9-A3C9-333A-B1CD-ABCC975FB5EF}" = CCC Help French
"{EBCDE4F2-C6F7-1188-DDE7-15966902EC6A}" = Catalyst Control Center Localization Swedish
"{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}" = CONNECT Player
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1705BC9-D392-4502-9130-224BF0760952}" = Activstudio Flipchart Viewer v3.0.2436
"{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
"{F66208C6-E88B-27B6-9C49-09E78739F017}" = Catalyst Control Center Localization German
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F9E0767F-6DB6-9B56-3BEF-50BAFC430934}" = Catalyst Control Center Localization Greek
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FCB5EE95-A308-F826-9C6B-18DD2EEA1992}" = CCC Help Polish
"{FE8A68F6-3C7C-D143-F898-C6C1F26CB41E}" = CCC Help Czech
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer
"AVI Movie Player" = AVI Movie Player
"CONNECTAutoUpdate" = CONNECT Auto Update
"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Picasa 3" = Picasa 3
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"SerifDrawPlus40" = Serif DrawPlus 4.0
"SopCast" = SopCast 3.0.3
"Spotify" = Spotify
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/04/2010 15:03:43 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/04/2010 04:09:22 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/04/2010 10:21:05 | Computer Name = Steve-PC | Source = Google Update | ID = 20
Description =

Error - 13/04/2010 11:21:15 | Computer Name = Steve-PC | Source = Google Update | ID = 20
Description =

Error - 13/04/2010 19:26:51 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/04/2010 04:41:41 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/04/2010 05:11:20 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/04/2010 14:37:17 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/04/2010 18:48:28 | Computer Name = Steve-PC | Source = EventSystem | ID = 4621
Description =

Error - 16/04/2010 04:21:52 | Computer Name = Steve-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 19/06/2009 15:34:03 | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/07/2009 13:54:05 | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 598
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/05/2010 06:53:27 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

descriptioncomputer infected EmptyRe: computer infected

more_horiz
Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKCU..\Run: [lchtaouw] C:\Users\Steve\AppData\Local\loosibwkt\wiomdtdtssd.exe ()
    O33 - MountPoints2\{ea0f1e90-da62-11dd-a381-002268058368}\Shell\Open\command - "" = J:\resycled\ntldr.com -- File not found
    [2010/05/05 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\loosibwkt
    [2010/05/05 20:38:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\5374F755B73305D0FFD916E09818D53E
    [2010/05/05 20:38:45 | 000,182,784 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\regedit.exe
    [2010/05/05 20:49:47 | 000,000,001 | ---- | M] () -- C:\Users\Steve\oashdihasidhasuidhiasdhiashdiuasdhasd



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptioncomputer infected EmptyRe: computer infected

more_horiz
Hi

Whilst in Safe mode I managed to locate the folder that contained the virus and deleted it. When I restarted the computer the virus did not come up as before. I ran Malwarebytes and Super Anti-spyware which seemed to clean up the rest of it. The computer is now working fine but I'm unsure whether it has completely go rid of the infection. How can I check this? I have used OLT and pasted the log below. Thank you for your help

==== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lchtaouw deleted successfully.
File C:\Users\Steve\AppData\Local\loosibwkt\wiomdtdtssd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea0f1e90-da62-11dd-a381-002268058368}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea0f1e90-da62-11dd-a381-002268058368}\ not found.
File J:\resycled\ntldr.com not found.
Folder C:\Users\Steve\AppData\Local\loosibwkt\ not found.
C:\Users\Steve\AppData\Roaming\5374F755B73305D0FFD916E09818D53E folder moved successfully.
File C:\Windows\System32\regedit.exe not found.
C:\Users\Steve\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05092010_161514

descriptioncomputer infected EmptyRe: computer infected

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptioncomputer infected EmptyRe: computer infected

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum