GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

trz####.tmp files are taking over my computer!

View previous topic View next topic Go down

trz####.tmp files are taking over my computer!

Post by Jyrroe on Tue Sep 21, 2010 3:15 pm

I've had some virus problems lately but over night it got worse. When I stared up my compuer this morning, some of my desktop icon were missing and there were some files there called "trz[4 random alphanumeric characters].tmp". Right now I have Windows 7 x64 so I've copied some of my files to a portable hard drive, intending to wipe my computer and start over with Win 7, but apparently this virus is hiding somewhere in my files, because now I'm seeing missing files and trz####.tmp files all over my portable HDD too. I searched "trz" on it and came up with 237 results - on the portable hard drive alone - and it's growing in numbers, all of them created within the last hour.

I don't care about the virus on my computer anymore, since I'm wiping it, but how can I stop it from eating all my files before I end up just carrying this thing over to Win 7?

It's already deleted the .dll's for most of my games so I can't run any of them now, there go all my save files, and some of my documents are being eaten too.

HELP!

~Jy

[EDIT:] Before this morning the virus consisted primarily of the internet redirecting to random other web pages, either when clicking a link on Google or occassionally when opening any window at all. It would also occassionally open Google in new window for no reason.


Last edited by Jyrroe on Tue Sep 21, 2010 3:56 pm; edited 1 time in total (Reason for editing : Providing additional information on the topic.)

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Tue Sep 21, 2010 4:36 pm

Hi.

Welcome to GeekPolice.net!

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Tue Sep 21, 2010 5:01 pm

Thanks a lot - I'm running the scan now but I've got to head to school so I'll have the results posted when I get back tonight (around 7 PM server time).

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Tue Sep 21, 2010 5:10 pm

Alright, I await your reply. Smile


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Wed Sep 22, 2010 1:42 am

[[OTL.Txt]]

OTL logfile created on: 21/09/2010 12:53:05 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.36 Gb Total Space | 31.78 Gb Free Space | 28.03% Space Free | Partition Type: NTFS
Drive D: | 170.08 Gb Total Space | 111.34 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 423.82 Gb Free Space | 90.99% Space Free | Partition Type: NTFS

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/21 12:52:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/09/21 07:54:11 | 000,116,224 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\miepe.exe
PRC - [2010/09/14 18:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/24 21:21:44 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- D:\Programs\DAEMON Tools\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/26 20:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- D:\Programs\WeatherEye\WeatherEye.exe
PRC - [2009/08/20 21:31:24 | 000,032,838 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2009/08/20 21:31:24 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/08/20 21:31:24 | 000,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2009/08/03 23:22:44 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/08/03 23:22:44 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/04/11 02:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/21 16:11:36 | 000,184,320 | ---- | M] () -- D:\Programs\AMT Media Manager\AMTDeviceService.exe
PRC - [2009/01/19 12:14:44 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/01/19 12:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2008/07/29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/06/02 09:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/06/02 09:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/06/02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/20 06:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/25 21:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/25 21:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/25 21:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2007/07/26 11:10:34 | 000,794,624 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe
PRC - [2006/10/23 01:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- D:\3DSMax9\mentalray\satellite\raysat_3dsmax9_32server.exe


========== Modules (SafeList) ==========

MOD - [2010/09/21 12:52:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/09 16:48:20 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3746.dll -- (Akamai)
SRV - [2010/07/23 16:27:47 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/24 21:21:44 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/11/01 18:16:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/20 21:31:24 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/07/22 23:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2009/01/19 12:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/07/29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/06/02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/25 21:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/25 21:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- D:\3DSMax9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/25 19:29:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/10/06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/08/30 06:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/18 15:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/07/29 17:53:12 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/29 17:53:10 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/29 17:53:10 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/06/02 09:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/20 06:01:00 | 002,143,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/16 14:31:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/25 16:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008/02/25 16:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2008/01/30 05:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 05:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/27 22:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/12/19 02:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/07/17 23:18:46 | 000,357,376 | R--- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/29 23:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://ca.yahoo.com/"
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.9.11
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.1
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.1
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0
FF - prefs.js..keyword.URL: ""


FF - HKLM\software\mozilla\Firefox\Extensions\\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}: C:\Windows\system32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\ [2010/07/17 12:21:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 10:39:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 10:39:58 | 000,000,000 | ---D | M]

[2009/12/21 09:47:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/12/21 09:47:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/11/22 11:13:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/09/21 10:45:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions
[2010/06/30 08:57:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/01 22:51:11 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2009/08/04 09:53:08 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2010/07/28 16:17:34 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/08/28 09:56:44 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/08/04 09:54:51 | 000,000,000 | ---D | M] (Miint) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2010/04/17 10:15:50 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2010/06/30 08:57:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\cfxe@Triton
[2010/06/30 08:57:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\cfxHelper@Triton
[2010/04/17 10:15:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\glowygreen-ff3-30@glowplug.bitasylum.net
[2010/09/13 22:32:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\personas@christopher.beard
[2010/03/10 09:10:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\runtime@panda3d.org
[2010/02/01 22:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/02/01 22:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\790fczqk.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2009/12/21 10:00:18 | 000,005,413 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\790fczqk.default\searchplugins\fast-browser-search.xml
[2009/11/26 11:07:48 | 000,001,109 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\790fczqk.default\searchplugins\wowd-search.xml
[2010/09/21 10:39:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/20 21:31:24 | 000,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

O1 HOSTS File: ([2008/12/07 16:16:18 | 000,001,305 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:  
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Wowd Page Grabber) - {99756919-C498-4D97-9E20-2076DE0E42B9} - C:\Program Files\Wowd\ext\eiexxpw.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMTDeviceService] D:\Programs\AMT Media Manager\AMTDeviceService.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [iihefdsys] File not found
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Odevojoqo] C:\Windows\System32\config\systemprofile\AppData\Local\uyupeter.DLL (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{A1BEEF18-926B-82F6-3BBB-3A32F8584B7E}] C:\Users\User\AppData\Roaming\Kineo\piima.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programs\DAEMON Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] D:\Programs\EA Download Manager\EADM\Core.exe File not found
O4 - HKCU..\Run: [ljiijkaudio] C:\Windows\System32\kheccy.dll (foobar2000.org)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [nnopnnsys] File not found
O4 - HKCU..\Run: [tcidihdq] C:\Users\User\AppData\Local\ddlgaeoig\lkbuatntssd.exe File not found
O4 - HKCU..\Run: [WeatherEye] D:\Programs\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miepe.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\program files\microsoft\desktoplayer.exe File not found
O20 - HKLM Winlogon: UserInit - (c:\windows\temp\pdfupd.exe) - c:\Windows\Temp\pdfupd.exe ()
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Authentication Packages - (cbyxwv.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/20 15:44:13 | 000,000,031 | -HS- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{8b73c11a-5267-11df-a6db-002268394236}\Shell - "" = AutoRun
O33 - MountPoints2\{8b73c11a-5267-11df-a6db-002268394236}\Shell\AutoRun\command - "" = L:\MediaManager.exe -- File not found
O33 - MountPoints2\{c767def2-38d3-11df-914e-002268394236}\Shell - "" = AutoRun
O33 - MountPoints2\{c767def2-38d3-11df-914e-002268394236}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {23516747-2DD5-EB43-1176-3D3E8104BE05} - Themes Setup
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5CA2E17B-4E3D-74A6-7EBE-B4B107B68EBA} - Microsoft Windows Media Player 11.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A0455D09-0136-6AD4-5645-86130DB3A0A6} - Internet Explorer
ActiveX: {A4977364-92DF-EFEE-CB15-A9A4D35FBA2A} - Java (Sun)
ActiveX: {BEEBBA99-8F14-A078-F522-ED2724DB9144} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EE20BC48-5AD9-DC56-1E09-A84E0DC99810} - Themes Setup
ActiveX: {EE29AD1F-318F-F946-6AF3-311CE8B694C8} - Java (Sun)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/09/21 12:52:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/09/21 07:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\rsa
[2010/09/21 06:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\sys231
[2010/09/19 19:05:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Utci
[2010/09/19 19:05:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Axygdo
[2010/09/19 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\sys
[2010/09/18 19:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/09/18 19:10:51 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2010/09/18 19:10:50 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2010/09/14 10:54:16 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2010/09/14 10:54:00 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2010/09/14 10:52:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2010/09/14 10:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[[continued in next post]]

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Wed Sep 22, 2010 1:46 am

[[OTL.Txt - cont'd]]

[2010/09/14 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/09/14 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/09/14 10:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/14 10:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2010/09/14 10:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/14 10:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2010/09/14 10:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2010/09/14 10:25:26 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Visual Studio 2008
[2010/09/14 10:23:57 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Visual Studio 2010
[2010/09/14 10:11:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2010/09/14 10:10:20 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2010/09/14 10:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2010/09/14 10:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/09/14 10:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2010/09/14 10:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010/09/14 10:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010/09/14 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/09/08 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft
[2010/05/12 07:55:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\User\AppData\Roaming\pcouffin.sys
[2008/08/21 20:11:21 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[38393 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/21 13:39:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/21 13:27:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/21 13:22:26 | 009,175,040 | -HS- | M] () -- C:\Users\User\ntuser.dat
[2010/09/21 13:08:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 13:08:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 12:52:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/09/21 12:18:45 | 000,232,501 | ---- | M] () -- C:\Users\User\Minecraft
[2010/09/21 10:40:00 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/21 10:02:54 | 000,076,288 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/21 08:30:05 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2010/09/21 08:29:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/21 07:57:05 | 003,923,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/21 07:57:05 | 001,778,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/21 07:57:04 | 000,006,778 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/21 07:54:11 | 000,116,224 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miepe.exe
[2010/09/19 20:38:24 | 000,000,885 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Visual Studio 2010.lnk
[2010/09/19 19:34:54 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 19:34:54 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/19 19:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 19:07:05 | 2144,567,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/18 19:12:04 | 000,001,090 | ---- | M] () -- C:\Users\User\Desktop\AVS4YOU Software Navigator.lnk
[2010/09/18 18:56:33 | 000,000,885 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Visual Studio 2010.lnk
[2010/09/14 23:24:34 | 000,001,064 | ---- | M] () -- C:\Users\User\Desktop\Minecraft.lnk
[2010/09/06 10:51:25 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/09/05 21:09:20 | 000,000,165 | -H-- | M] () -- C:\Users\User\Documents\~$Algonquin Schedules Nat & Tyler.xlsx
[2010/09/02 16:17:27 | 002,432,272 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[38393 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 12:18:45 | 000,232,501 | ---- | C] () -- C:\Users\User\Minecraft
[2010/09/21 07:54:11 | 000,116,224 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miepe.exe
[2010/09/19 20:38:24 | 000,000,885 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Visual Studio 2010.lnk
[2010/09/18 19:12:04 | 000,001,090 | ---- | C] () -- C:\Users\User\Desktop\AVS4YOU Software Navigator.lnk
[2010/09/18 18:56:33 | 000,000,885 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Visual Studio 2010.lnk
[2010/09/14 23:24:34 | 000,001,064 | ---- | C] () -- C:\Users\User\Desktop\Minecraft.lnk
[2010/09/06 10:51:25 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/09/05 21:09:20 | 000,000,165 | -H-- | C] () -- C:\Users\User\Documents\~$Algonquin Schedules Nat & Tyler.xlsx
[2010/08/25 20:22:11 | 2144,567,296 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/19 19:28:20 | 000,000,118 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010/07/13 17:00:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/08 14:56:42 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/05/12 07:57:00 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/12 07:55:51 | 000,007,176 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.cat
[2010/05/12 07:55:51 | 000,001,144 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.inf
[2010/05/12 07:55:51 | 000,000,034 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.log
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/25 19:29:41 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/31 11:45:18 | 000,000,799 | ---- | C] () -- C:\Windows\E-REGTLC.INI
[2009/10/31 11:43:57 | 000,000,109 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2009/10/02 18:57:44 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/09/11 20:11:07 | 000,000,872 | ---- | C] () -- C:\Windows\Brain.INI
[2009/06/17 13:31:16 | 000,076,288 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/16 14:09:05 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/06/12 08:43:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/08/21 20:10:21 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/21 17:09:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/21 17:09:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/08/21 16:57:51 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[38393 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[38393 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/03/25 19:29:41 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/08/21 20:11:53 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/08/21 20:11:49 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/08/21 20:11:54 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/08/21 20:12:01 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/08/21 20:12:03 | 006,668,288 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 10:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[38393 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/08/30 03:56:14 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/21 20:12:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/06/12 08:02:59 | 000,000,090 | ---- | M] () -- C:\CLMS.log
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/12 08:03:57 | 000,000,090 | ---- | M] () -- C:\Creator.log
[2010/09/19 19:07:05 | 2144,567,296 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/31 11:25:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/12 08:01:58 | 000,000,090 | ---- | M] () -- C:\MDisc.log
[2009/06/12 08:02:22 | 000,000,090 | ---- | M] () -- C:\MDR.log
[2009/10/31 11:25:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/19 19:07:03 | 4294,967,295 | -HS- | M] () -- C:\pagefile.sys
[2009/06/12 08:03:22 | 000,000,090 | ---- | M] () -- C:\PnR.log
[2009/06/12 08:03:43 | 000,000,090 | ---- | M] () -- C:\PSD.log
[2008/08/21 16:53:02 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2009/06/12 08:02:39 | 000,000,090 | ---- | M] () -- C:\SDMA.log
[2010/07/07 23:24:30 | 000,000,058 | ---- | M] () -- C:\testlog.txt

< %PROGRAMFILES%\*. >
[2009/06/11 20:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2009/06/12 08:04:01 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Arcade Live
[2009/06/12 08:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Acer GameZone
[2010/06/22 09:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/01 18:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/07/13 13:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/12/06 05:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2009/09/19 15:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/06/11 18:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2009/06/11 18:43:38 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/09/21 06:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2010/06/24 21:21:46 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/09/21 06:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\AVI-GIF
[2010/09/18 19:12:05 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/09/21 06:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\backburner 2
[2009/07/08 22:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2009/08/18 11:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\Blender Foundation
[2010/05/05 09:16:05 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/09/14 10:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/08/21 17:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/09/21 06:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\DDS Converter 2
[2009/06/11 18:58:10 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/06/17 13:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/07/09 15:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/08/02 14:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/05/13 11:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/02/01 22:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Gravis
[2009/08/14 18:35:16 | 000,000,000 | ---D | M] -- C:\Program Files\HotHotSoftware
[2010/09/14 10:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2010/09/14 10:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\IIS
[2009/06/17 13:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\ImTOO
[2009/12/21 10:17:42 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallJammer Registry
[2010/08/17 12:38:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/19 19:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/22 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/11/22 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/08/03 23:22:41 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/09/21 06:54:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/09/14 10:27:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ASP.NET
[2010/09/14 10:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft F#
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/07/08 23:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/09/14 10:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Help Viewer
[2008/08/21 17:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/14 10:43:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/09/14 10:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/14 10:52:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/09/14 10:41:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/14 10:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/09/14 10:41:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/06 18:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio .NET
[2010/09/14 10:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/09/21 06:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/06/12 16:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/09/14 10:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/10 04:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/21 06:55:21 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker 2.6
[2010/09/21 10:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/09/14 10:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/06/11 21:13:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/20 21:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2008/08/21 17:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2009/08/02 14:34:03 | 000,000,000 | ---D | M] -- C:\Program Files\NifTools
[2009/06/11 19:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Northstar
[2010/07/08 14:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/03/01 12:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/09/21 06:56:22 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2008/08/21 17:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Preload
[2010/09/21 06:56:32 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/03/13 21:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/08/21 16:52:10 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/09/21 07:57:15 | 000,000,000 | ---D | M] -- C:\Program Files\rsa
[2009/10/26 07:13:51 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/08/22 19:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/09/21 06:57:14 | 000,000,000 | ---D | M] -- C:\Program Files\sys
[2010/09/21 07:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\sys231
[2009/09/11 19:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2009/08/03 12:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\TP-LINK
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/06/15 23:30:38 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/06/12 09:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/06/12 09:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/06/12 09:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/06/12 22:48:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/09/21 06:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/06/12 22:48:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/06/10 03:30:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/28 03:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/06/12 09:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/17 04:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/06/12 09:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/09/21 06:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< %appdata%\*.* >
[2010/05/12 07:55:52 | 000,007,176 | ---- | M] () -- C:\Users\User\AppData\Roaming\pcouffin.cat
[2010/05/12 07:55:52 | 000,001,144 | ---- | M] () -- C:\Users\User\AppData\Roaming\pcouffin.inf
[2010/05/12 07:56:59 | 000,000,034 | ---- | M] () -- C:\Users\User\AppData\Roaming\pcouffin.log
[2010/05/12 07:55:52 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\User\AppData\Roaming\pcouffin.sys
[1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2007/12/19 02:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\ACER\Preload\MSDRV\ahcix86s.sys
[2007/12/19 02:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\drivers\ahcix86s.sys
[2007/12/19 02:45:00 | 000,170,000 | R--- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_864d20f0\ahcix86s.sys
[2007/08/08 00:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ACER\Preload\Autorun\DRV\ATI Chipset RS780 RS740+SB700\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/22 00:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008/02/22 01:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008/02/22 01:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 22:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 22:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-05 22:32:11

< >

< >
< End of report >

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Wed Sep 22, 2010 2:10 am

[[Extras.Txt]]

OTL Extras logfile created on: 21/09/2010 12:53:05 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.36 Gb Total Space | 31.78 Gb Free Space | 28.03% Space Free | Partition Type: NTFS
Drive D: | 170.08 Gb Total Space | 111.34 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 423.82 Gb Free Space | 90.99% Space Free | Partition Type: NTFS

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DF7789-8847-4209-B8B2-EFE381674B15}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{0907C96B-11CD-40D6-A6C2-7FF5F9D7CF36}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F99C9A7-80AF-4CA1-9621-2A97C7ADAADA}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{1EC347C8-4FE9-47C2-B213-410FAA9C4B45}" = rport=139 | protocol=6 | dir=out | app=system |
"{2365B3DD-4CDB-4C31-A389-D1F1F3C9BA6B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4801282F-9D7F-4A71-A402-46737284BFD0}" = lport=58270 | protocol=6 | dir=in | name=akamai netsession interface |
"{52EEBB13-1042-4E86-B79C-F0E7DD6A95C0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{54B2ABBD-674F-4985-AB50-BFA6E097C733}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5E292CDB-FF3C-42D0-93D4-50B44CC4D50E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5FC3BE81-A410-47AC-A42B-9CC14FFB0AF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{674E5A3A-9C73-4033-8F4A-98B6F84661DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76F56E8A-3AAC-4EA1-BF55-BA0119CFB51F}" = rport=445 | protocol=6 | dir=out | app=system |
"{81D16E18-8787-4F91-AEC1-BBC2127F8742}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{86C55E1C-F450-402D-A38D-5F90D271DF35}" = lport=137 | protocol=17 | dir=in | app=system |
"{89C9CC3F-615B-4F30-961D-03C52F320FE6}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A307C8C-69DC-429E-B2C7-22BB19C789FC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8B7405B8-0F01-47D2-8E4C-81B4DC12C8B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B04BB24-4FC6-4FE3-BBAC-454D9E235598}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF165ABB-F908-47FA-9876-F4352F29EDAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C1DC534C-BAD3-4D03-8E84-267E31565779}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D785CE89-2BE9-4116-A2DF-8D8A790F76E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{DD22702C-98A2-4951-8EF1-FCC89DB1DFC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E75C5195-C1CF-4D18-B120-1D8D5DDA65B1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EECDC398-1BD2-445D-9740-6FB92DF7504C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F32D7FDD-DBF4-449A-9C44-A8B2FC33314F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B57B101-66F7-4BF7-875C-E4AF9AEAEA3F}" = protocol=17 | dir=in | app=d:\3dsmax7\3dsmax.exe |
"{0F0528C3-7C87-48E2-A32D-90CEAE8D1056}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{10C7F800-4480-4E48-B0B9-C0A6CA64B302}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{14BDD307-5317-4E0D-84A8-87B13D6EC887}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{193910EB-E8D3-447F-9296-5AD82C17C17A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2A6C977F-EF2C-42AA-9A59-DE001A527FD5}" = protocol=6 | dir=in | app=d:\3dsmax9\autodesk\backburner\manager.exe |
"{2E4554E0-1809-4F4E-A5DE-20BE458BD444}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2EBF955D-585E-4278-9570-E866B92D0E36}" = protocol=6 | dir=in | app=c:\program files\backburner 2\monitor.exe |
"{383D5827-1DD4-4E03-B7D5-EB339C4A50AE}" = protocol=17 | dir=in | app=c:\program files\backburner 2\monitor.exe |
"{3A47A944-8BC7-466A-8934-3807120CB2BF}" = protocol=6 | dir=in | app=d:\3dsmax9\autodesk\backburner\server.exe |
"{3F85997D-C5B6-40D8-8529-7082D35CE815}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{48B13282-2233-4070-A395-1AB436B84481}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4A08B6F2-4D79-45AE-A790-2BA9D5420FB0}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4C04C5C9-C7C9-4600-82E8-E123AC60AC3C}" = protocol=17 | dir=in | app=d:\programs\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{4DC5F6BD-2FC5-47A4-8DE6-3BCD7944BE3A}" = protocol=6 | dir=in | app=d:\programs\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{614DFC16-7958-452D-BD0C-742E1694FC3A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{776D6CE8-2890-41C0-97F9-DB0AD6EF7E43}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{7AB2875B-5623-40E7-93B4-1056F86D06E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8238C270-E295-4FB3-9B75-99308EFF0983}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{835917CB-EAC1-4F9E-8F02-B5CFE7B26FAE}" = protocol=6 | dir=in | app=d:\3dsmax9\autodesk\backburner\monitor.exe |
"{83E17A85-8849-462B-82FB-F4AD3A88D0F7}" = protocol=17 | dir=in | app=c:\program files\backburner 2\server.exe |
"{845521FB-CD08-472E-BB57-7B1F82A85DBD}" = protocol=17 | dir=in | app=d:\3dsmax9\autodesk\backburner\monitor.exe |
"{84D21AEC-E4B2-47C8-8258-27D2F8F305C8}" = protocol=6 | dir=in | app=d:\programs\limewire\limewire.exe |
"{86293E5C-7362-4FF8-A64A-E5B254577A5E}" = protocol=6 | dir=in | app=d:\3dsmax9\3dsmax.exe |
"{8AB35C5F-BC08-4166-AE89-1865C89756D5}" = protocol=17 | dir=in | app=d:\3dsmax9\autodesk\backburner\manager.exe |
"{91BC7816-5039-465A-9526-7D613A35CBDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9AB8E2F7-8F0F-4265-AFB9-75F3D7D7F628}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A1FDA97F-5F47-4E38-BCB9-13519548EE6B}" = protocol=17 | dir=in | app=d:\3dsmax9\autodesk\backburner\server.exe |
"{A50B8E6F-7EC9-4AC3-AC47-332C091BEFB4}" = protocol=6 | dir=in | app=c:\program files\backburner 2\server.exe |
"{AC1FE32C-8C15-4541-A62E-575E3D99CF01}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B23EC8A8-B8BE-42E9-A68E-991C709197F3}" = protocol=6 | dir=in | app=c:\program files\backburner 2\manager.exe |
"{B5189559-3676-430A-98D0-E080091752AD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B787EB73-E275-455A-AB6D-7D7B88D5EF58}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD700ABD-5736-41BC-B0B4-9530088E9130}" = protocol=17 | dir=in | app=d:\3dsmax9\3dsmax.exe |
"{C827E07B-214A-4A2A-B387-501C413EC8B8}" = protocol=17 | dir=in | app=c:\program files\backburner 2\manager.exe |
"{CBCAD56D-22C5-4F6C-9EC7-4A855C2629C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D09BA7BA-8B45-46EE-8F72-38C273EEDE1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D3037421-728E-4207-9D55-5F760B562B31}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D977AD35-DE0B-4DD0-B500-EB72137161C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1B4E89B-759D-4D6F-B98A-BD70FB76D818}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E49DB82B-AFE3-49A3-807A-885F13BE90EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E7E93ABC-4BD8-4BB3-8E1E-BFC0C46E5BC4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E95DDA16-2551-4D73-ABF6-0E743863A45B}" = protocol=6 | dir=in | app=d:\3dsmax7\3dsmax.exe |
"{F0ADCB6B-7437-4424-933D-2BE641DFF206}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{F5E1E0F7-1DC2-4557-ABA8-98A482A69E27}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FFBE2E4B-F6E7-47FB-9443-819A8365C541}" = protocol=17 | dir=in | app=d:\programs\limewire\limewire.exe |
"TCP Query User{035A7B25-838E-4AC5-A2AD-C9FAC6B86312}C:\users\user\desktop\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\halo custom edition\haloce.exe |
"TCP Query User{086C1269-A743-4875-9DDD-052BD1B6AED8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{09A75AA7-A3CB-4E0F-B76A-824AF6B9DD76}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1F8B3C02-BF67-4FB1-8DA6-BD305F5CA427}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{24176779-A6D3-4863-B80E-933D4F687540}C:\program files\steam\steamapps\kaelio\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\kaelio\team fortress 2\hl2.exe |
"TCP Query User{3DB82CE9-4AB9-4869-AA2D-9FB024325961}D:\programs\typing of the dead\tod_e.exe" = protocol=6 | dir=in | app=d:\programs\typing of the dead\tod_e.exe |
"TCP Query User{4A5CD148-CE2A-41DF-B733-1A4E74405279}C:\program files\steam\steamapps\pupasaurous\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pupasaurous\team fortress 2\hl2.exe |
"TCP Query User{4FE71610-217D-4376-883C-4A3B1DAB2B1B}C:\program files\burning sand\burningsand2.exe" = protocol=6 | dir=in | app=c:\program files\burning sand\burningsand2.exe |
"TCP Query User{533F178E-4A4A-46FA-924F-04A9EDE10AF4}C:\program files\steam\steamapps\coooolman\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\coooolman\team fortress 2\hl2.exe |
"TCP Query User{5346B7E2-5D77-4288-8BE0-964DC7913D06}C:\program files\java\jre6\launch4j-tmp\wowd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\wowd.exe |
"TCP Query User{68CC21D1-7D74-437B-A7E9-14214499C08A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{69D0224F-5BA6-48A7-873A-1E8F91422158}D:\programs\ea download manager\eadm\core.exe" = protocol=6 | dir=in | app=d:\programs\ea download manager\eadm\core.exe |
"TCP Query User{83AAB7B1-F9D0-47E1-8704-CD248B93462C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{A4938839-D08B-4F41-8AE2-92305AE7E01B}C:\program files\java\jre6\launch4j-tmp\wowd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\wowd.exe |
"TCP Query User{D59A81CC-5A23-4403-B5AA-06C0E63862DE}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{E55F8802-34ED-4347-B10D-F4BC0B8344FD}D:\programs\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\programs\world of warcraft\launcher.exe |
"TCP Query User{EFF3C165-2946-4AA5-9232-BB1421F6F3F1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0AB93112-14B4-4B70-A7F7-2158AC0B706E}D:\programs\typing of the dead\tod_e.exe" = protocol=17 | dir=in | app=d:\programs\typing of the dead\tod_e.exe |
"UDP Query User{25E2AC7F-B798-4CDF-A358-31B3523D2E10}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{27357198-F8A5-4AED-8C96-FE343C7DB665}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3D2F0790-235E-46DF-949B-2EB8DF3F85F5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4E2494B1-C3C6-493C-B083-97253AE385DD}D:\programs\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\programs\world of warcraft\launcher.exe |
"UDP Query User{52396F54-B7FD-4F0E-B9E3-9459BC7051F6}C:\program files\java\jre6\launch4j-tmp\wowd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\wowd.exe |
"UDP Query User{62A3E46A-2338-41D4-8302-A1CE831EF8FE}D:\programs\ea download manager\eadm\core.exe" = protocol=17 | dir=in | app=d:\programs\ea download manager\eadm\core.exe |
"UDP Query User{7AE9DBF7-D123-454C-AAAD-552E65DF5772}C:\program files\java\jre6\launch4j-tmp\wowd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\wowd.exe |
"UDP Query User{7E845866-F66A-4928-B738-AC97E93C9E71}C:\program files\steam\steamapps\pupasaurous\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pupasaurous\team fortress 2\hl2.exe |
"UDP Query User{85CA2732-0D28-4224-8018-06834C4036AC}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{86E2B81B-B710-4CC3-BAD4-E58AAEC786D5}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8EBFDD36-E0E9-4C8D-A119-39E20329E842}C:\program files\burning sand\burningsand2.exe" = protocol=17 | dir=in | app=c:\program files\burning sand\burningsand2.exe |
"UDP Query User{C6F0737C-1FB7-41B9-9202-CA16A50527CF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C798B6F7-31D5-4C04-B0BD-902BF9E4C41A}C:\users\user\desktop\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\halo custom edition\haloce.exe |
"UDP Query User{D817678A-4A60-4E63-A5EB-F46692C14181}C:\program files\steam\steamapps\coooolman\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\coooolman\team fortress 2\hl2.exe |
"UDP Query User{F343B996-B6F0-4F6E-B11F-FBB1AA5EBD7B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{F3BA79C8-9410-412F-B50A-15BA4B753E2C}C:\program files\steam\steamapps\kaelio\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\kaelio\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0025DA8D-F344-E316-885A-2D71C66B0FB1}" = Catalyst Control Center Localization Norwegian
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01B0503D-45A2-CCA2-44DF-C716B80B7EB6}" = Catalyst Control Center Graphics Light
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C74BC57-4128-D428-D4A5-267F66C80C7C}" = CCC Help German
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{102D4B06-C63B-4A3D-B230-03C7D5692474}" = Microsoft DirectX 9.0 SDK Update (Summer 2003)
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16393B5A-43A8-434B-B22A-0724581F7873}" = GameShadow
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1AEB447A-34B8-7DB5-67B8-1E54DADD6572}" = Catalyst Control Center Localization Polish
"{1B897B3A-57C2-DF09-C6CC-E6B9FA0AC44F}" = CCC Help Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2037D7FD-6401-DDC7-A499-2FDF9ADCD04F}" = CCC Help Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AD8584-EDAC-7D00-71CC-79D111C5B27B}" = CCC Help Italian
"{2295D7EE-0575-D2CC-E52A-102F2AF01169}" = CCC Help Russian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2ED84754-62AA-80F6-E434-9C03FF1D4221}" = Catalyst Control Center Localization Korean
"{30965141-4363-2683-885F-4A35810A382B}" = CCC Help Portuguese
"{311D49FD-6B52-D68F-CFBC-796F22554404}" = Catalyst Control Center Localization Dutch
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36403ED9-3E0B-4407-B876-82BC479C0B38}" = 3DS Max DDS Plug-In
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AD4FFEC-0DEC-5037-C92F-C294FEA8F320}" = Catalyst Control Center Localization Hungarian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C71054A-352C-4ABD-5643-4C8F8617AE08}" = CCC Help Danish
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FE1C3BB-91B1-119B-47FE-49143E2AD10B}" = CCC Help Spanish
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48EF56FD-3B28-DEB7-7C63-85908395E6A6}" = Catalyst Control Center Localization Spanish
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4F896C8E-8AEF-4C27-31CD-56E6E200FAB4}" = CCC Help Dutch
"{53C436CD-155C-6159-D12B-55967DAB8887}" = CCC Help Norwegian
"{54199443-342B-4162-B10D-CAA1C211E7A6}" = 3ds max 7 Architectural Materials
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5CAC0A4E-F179-4229-92DB-FCA9F5BEAB7A}" = TP-LINK Wireless Adapter Driver and Utility
"{5E396C14-A2E0-3F7B-42FE-15569155234A}" = CCC Help Chinese Standard
"{5EB4C5CA-962C-486B-81FF-A41B7B8FFBEC}" = 3ds max 7 Additional Maps and Materials
"{60245C29-8A73-CF88-275F-A79BA580E748}" = CCC Help Korean
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Create a World Tool - Beta
"{66CC9A05-ACEE-3262-EB76-0855A4F8D2B0}" = Grooveshark
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68F2FB07-4F60-734A-46FD-493A109D1514}" = CCC Help English
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{6FD29E18-619D-259B-948F-3A65967486A3}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FB2697-2C28-9572-6452-F2418A33834E}" = Catalyst Control Center Localization Russian
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7CC14E1A-17B4-27A6-2086-2A52BCC16A16}" = Catalyst Control Center Localization Italian
"{7D30776C-F30F-4207-6A82-EF0E1D6DCD23}" = CCC Help Chinese Traditional
"{8011B8CD-CD37-5B5D-4423-78D358B70C21}" = ccc-utility
"{804AB28B-F929-370A-B3AB-5BB99DFD73DF}" = Catalyst Control Center Localization Chinese Standard
"{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}" = AMT Media Manager
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84E98285-BEC0-8C52-EB74-10C281737023}" = Catalyst Control Center Localization Portuguese
"{862673D1-8F64-A109-47A9-CD5CFAABBD2A}" = Catalyst Control Center Localization Finnish
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89EFA70F-87DF-4B19-6366-77B9D693C20E}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DB9E645-E6DB-A4BB-B18A-265435D13274}" = Catalyst Control Center Graphics Full Existing
"{8E62F311-A40C-A7B3-C595-FE1E17D838F8}" = Skins
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DD5DE-0798-883F-8B23-55D3843F3E59}" = Catalyst Control Center Localization Turkish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92933B9E-3273-9DD6-7F47-EB6DD029C6AC}" = Catalyst Control Center Localization Chinese Traditional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954513A8-AAE3-97E9-1FB8-A1D70FD1A549}" = CCC Help Greek
"{9738C893-02C6-6694-DD7B-D50CC8D57248}" = Catalyst Control Center Core Implementation
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9DF93979-12BD-D361-0624-9025215FD8B5}" = CCC Help Finnish
"{A4BEC8AC-0E57-E1F8-C3C5-01ED0F27ECB9}" = Catalyst Control Center Localization French
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A91FB756-A9B5-7A88-7637-21B3061B97A7}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC4451B3-1CC2-7C5D-F0EC-AD2DADE9DFF2}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC9450D2-2344-132D-AAA8-DB418BC6F3E5}" = CCC Help Hungarian
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2E92CF8-8D2F-4203-B5C4-177174472C9A}" = The Typing of The Dead
"{B2F6A8F0-927A-D0CC-D1CB-FCEBD7528799}" = Catalyst Control Center Localization Czech
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4C88CF0-B617-4658-8F84-C4E847FBC9F7}" = Microsoft Managed DirectX (1126)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0AF881D-EB63-A1D6-F29A-1EAD7BAEDB95}" = Catalyst Control Center Localization Japanese
"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C75252FF-A765-B58A-44D1-D10C24E69E59}" = Catalyst Control Center Localization Thai
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAAF4EB9-68E8-6BC9-ADC2-24491B70A84D}" = Catalyst Control Center Graphics Previews Vista
"{CC25FBAD-153D-0EB7-5EC5-0DE97A7A8788}" = Catalyst Control Center Localization Danish
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E5F6E1A6-44AA-4CF7-883E-4F7FA7C4BCA5}" = 3ds max 7 Reference Files
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{EA34B5D9-A3C9-333A-B1CD-ABCC975FB5EF}" = CCC Help French
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EBCDE4F2-C6F7-1188-DDE7-15966902EC6A}" = Catalyst Control Center Localization Swedish
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F66208C6-E88B-27B6-9C49-09E78739F017}" = Catalyst Control Center Localization German
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{F9E0767F-6DB6-9B56-3BEF-50BAFC430934}" = Catalyst Control Center Localization Greek
"{FCB5EE95-A308-F826-9C6B-18DD2EEA1992}" = CCC Help Polish
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE8A68F6-3C7C-D143-F898-C6C1F26CB41E}" = CCC Help Czech
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"Audacity_is1" = Audacity 1.2.6
"AV VoizGame" = AV VoizGame
"avast5" = avast! Free Antivirus
"AVI-GIF_is1" = AVI-GIF 2.1
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Blender" = Blender (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
"DDS Converter 2.1" = DDS Converter 2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.15
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"Fraps" = Fraps
"GroovesharkDesktop.7F9BF17D6D9CB2159C78A6A6AB076EA0B1E0497C.1" = Grooveshark
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"ImTOO DVD Creator" = ImTOO DVD Creator
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LimeWire" = LimeWire 5.5.8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MyWebSearch bar Uninstall" = My Web Search (My Web Face)
"NIF Utilities for 3ds Max_is1" = NIF Utilities 3.4.2.4632 for 3ds Max
"NifSkope" = NifSkope (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pen Tablet Driver" = Pen Tablet
"Random Name Generator software Evaluation!_is1" = Random Name Generator software!
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 12.0" = RealPlayer
"Steam App 440" = Team Fortress 2
"Texporter_max7_x86" = Texporter v3.5.18.7_x86
"TMTWIN32.exe" = Treasure Mountain!
"VLC media player" = VLC media player 1.1.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"WeatherEye" = WeatherEye
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'system_objects', because it does not exist
or you do not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'extended_procedures', because it does not
exist or you do not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'views', because it does not exist or you do
not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'tables', because it does not exist or you
do not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'objects', because it does not exist or you
do not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_sql_modules', because it does not exist
or you do not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_parameters', because it does not exist
or you do not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_columns', because it does not exist or
you do not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_views', because it does not exist or you
do not have permission.

Error - 14/09/2010 10:55:55 AM | Computer Name = User-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_objects', because it does not exist or
you do not have permission.


< End of report >

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Wed Sep 22, 2010 3:33 pm

Hi.

You're computer is serverly infected, but I will assist you in removing it.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/09/21 07:54:11 | 000,116,224 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\miepe.exe
    O4 - HKLM..\Run: [iihefdsys] File not found
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
    O4 - HKLM..\Run: [Odevojoqo] C:\Windows\System32\config\systemprofile\AppData\Local\uyupeter.DLL (Sonic Solutions)
    O4 - HKCU..\Run: [{A1BEEF18-926B-82F6-3BBB-3A32F8584B7E}] C:\Users\User\AppData\Roaming\Kineo\piima.exe File not found
    O4 - HKCU..\Run: [ljiijkaudio] C:\Windows\System32\kheccy.dll (foobar2000.org)
    O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKCU..\Run: [nnopnnsys] File not found
    O4 - HKCU..\Run: [tcidihdq] C:\Users\User\AppData\Local\ddlgaeoig\lkbuatntssd.exe File not found
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miepe.exe ()
    O30 - LSA: Authentication Packages - (cbyxwv.dll) - File not found
    [2010/09/21 07:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\rsa
    [2010/09/21 06:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\sys231
    [2010/09/19 19:05:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Utci
    [2010/09/19 19:05:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Axygdo
    [2010/09/19 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\sys

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\WINDOWS\system32\userinit.exe,"

    :commands
    [emptytemp]
    [resethosts]
    [reboot]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive please move on to ComboFix.

=======

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Wed Sep 22, 2010 10:31 pm

All processes killed
========== OTL ==========
No active process named miepe.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iihefdsys deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Odevojoqo deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\uyupeter.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{A1BEEF18-926B-82F6-3BBB-3A32F8584B7E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1BEEF18-926B-82F6-3BBB-3A32F8584B7E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ljiijkaudio deleted successfully.
C:\Windows\System32\kheccy.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nnopnnsys deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tcidihdq deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miepe.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:cbyxwv.dll deleted successfully.
C:\Program Files\rsa folder moved successfully.
C:\Program Files\sys231 folder moved successfully.
C:\Users\User\AppData\Roaming\Utci folder moved successfully.
C:\Users\User\AppData\Roaming\Axygdo folder moved successfully.
C:\Program Files\sys folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit"|"C:\WINDOWS\system32\userinit.exe," /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 242415 bytes
->Temporary Internet Files folder emptied: 9804511 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 787428 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 595064 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 09222010_181601

Files\Folders moved on Reboot...
File\Folder C:\Users\User\AppData\Local\Temp\~DF5213.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF5222.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF5262.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF5271.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF52AA.tmp not found!
File\Folder C:\Users\User\AppData\Local\Temp\~DF52B9.tmp not found!
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y3AHIH8B\ifr[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y3AHIH8B\rpc_relay[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FRH2CO0U\ads[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FRH2CO0U\ifr[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FRH2CO0U\mailhome[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FRH2CO0U\trztmp-files-are-taking-over-my-computer-t23867[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CEGTFOCX\e6259da6[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CEGTFOCX\ifr[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CEGTFOCX\ifr[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CEGTFOCX\ig[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CEGTFOCX\owa[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5M5CFAU7\owa[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Wed Sep 22, 2010 10:48 pm

Hi.

Do you also have to ComboFix log?


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Wed Sep 22, 2010 11:05 pm

Oh, you said "If this fix becomes unresponsive please move on to ComboFix.
", but I figured the .txt file popping up counted as the fix being responsive, so I didn't bother, but I'll go ahead and run ComboFix too.

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 12:21 am

ComboFix 10-09-22.02 - User 22/09/2010 19:59:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2046.922 [GMT -4:00]
Running from: c:\users\User\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\1.bin\trz7FF4.tmp
c:\program files\MyWebSearch\bar\1.bin\trz9D16.tmp
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\ Wuala Online.url
c:\users\User\AppData\Roaming\trz317.tmp
c:\users\User\AppData\Roaming\Xegyu
c:\users\User\AppData\Roaming\Xegyu\ehacz.exe
c:\users\User\AppData\Roaming\Yzcepi
c:\users\User\AppData\Roaming\Yzcepi\aharo.siu
c:\users\User\AppData\Roaming\Yzcepi\aharo.tmp
c:\users\User\Minecraft
c:\windows\system32\config\systemprofile\AppData\Local\mifdthi.dll
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chkntfs.exe
c:\windows\system32\f3PSSavr.scr

Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-22 22:19 . 2010-09-22 22:19 -------- d-----w- c:\programdata\WindowsSearch
2010-09-22 19:37 . 2010-09-22 19:37 -------- d-----w- C:\_OTL
2010-09-22 13:04 . 2010-09-22 13:04 -------- d-----w- c:\program files\temp
2010-09-18 23:12 . 2010-09-18 23:12 -------- d-----w- c:\program files\AVS4YOU
2010-09-18 23:10 . 2010-06-22 18:57 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2010-09-18 23:10 . 2010-06-22 18:57 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2010-09-14 14:54 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-09-14 14:54 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-09-14 14:52 . 2010-09-14 14:52 -------- d-----w- c:\windows\system32\RsFx
2010-09-14 14:44 . 2010-09-14 14:52 -------- d-----w- c:\program files\Microsoft SQL Server
2010-09-14 14:42 . 2010-09-14 14:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-14 14:39 . 2010-09-14 14:39 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-09-14 14:31 . 2010-09-14 14:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\IIS
2010-09-14 14:11 . 2010-09-14 14:50 -------- d-----w- c:\windows\system32\1033
2010-09-14 14:10 . 2010-09-14 14:10 -------- d-----w- c:\windows\symbols
2010-09-14 14:09 . 2010-09-14 14:18 -------- d-----w- c:\program files\Microsoft F#
2010-09-14 14:09 . 2010-09-14 14:43 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-14 14:09 . 2010-09-14 14:13 -------- d-----w- c:\program files\HTML Help Workshop
2010-09-14 14:09 . 2010-09-14 14:17 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-14 14:09 . 2010-09-14 14:09 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-09-14 14:01 . 2010-09-14 14:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-09 00:34 . 2010-09-21 12:54 -------- d-----w- c:\users\User\AppData\Roaming\.minecraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 00:12 . 2009-12-09 04:04 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-23 00:12 . 2009-09-11 23:53 -------- d-----w- c:\users\User\AppData\Roaming\WTablet
2010-09-23 00:11 . 2009-09-16 12:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
2010-09-22 13:04 . 2010-09-22 13:04 106496 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymyn.exe
2010-09-22 11:54 . 2010-09-22 11:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ynel.exe
2010-09-21 23:54 . 2010-09-21 23:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\unpu.exe
2010-09-21 12:05 . 2009-11-12 13:47 -------- d-----w- c:\users\User\AppData\Roaming\Mual
2010-09-21 11:54 . 2010-09-21 11:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uvec.exe
2010-09-21 11:01 . 2010-03-03 10:13 -------- d-----w- c:\users\User\AppData\Roaming\Kineo
2010-09-21 10:57 . 2009-08-04 00:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-21 10:56 . 2009-09-19 19:12 -------- d-----w- c:\program files\QuickTime
2010-09-21 10:56 . 2009-06-18 00:23 -------- d-----w- c:\program files\Paint.NET
2010-09-21 10:55 . 2009-06-17 17:49 -------- d-----w- c:\program files\Movie Maker 2.6
2010-09-21 10:55 . 2008-08-21 21:30 -------- d-----w- c:\program files\Microsoft Works
2010-09-21 10:54 . 2009-10-12 01:52 -------- d-----w- c:\program files\Microsoft
2010-09-21 10:52 . 2009-08-02 18:25 -------- d-----w- c:\program files\DDS Converter 2
2010-09-21 10:52 . 2008-08-21 21:08 -------- d-----w- c:\program files\Common Files\LightScribe
2010-09-21 10:52 . 2009-06-17 17:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-21 10:52 . 2009-08-06 05:27 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-09-21 10:42 . 2009-08-06 05:19 -------- d-----w- c:\program files\backburner 2
2010-09-21 10:42 . 2009-08-21 15:41 -------- d-----w- c:\program files\AVI-GIF
2010-09-21 10:42 . 2009-08-21 20:14 -------- d-----w- c:\program files\Audacity
2010-09-19 23:00 . 2009-06-16 03:30 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-09-19 02:56 . 2010-09-15 03:23 65024 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-19 02:56 . 2010-09-15 03:23 62464 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-19 02:56 . 2010-09-15 03:23 248832 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-19 02:56 . 2010-09-15 03:23 195072 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-18 23:12 . 2010-05-12 11:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-15 03:06 . 2010-09-15 03:23 232159 ----a-w- c:\users\User\AppData\Roaming\.minecraft\Minecraft.exe
2010-09-14 15:09 . 2010-09-14 14:25 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-09-14 14:50 . 2008-08-21 21:29 -------- d-----w- c:\program files\Microsoft.NET
2010-09-14 14:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-09-14 14:25 . 2010-09-14 14:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-09-14 14:23 . 2009-06-11 22:51 71840 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 02:01 . 2010-08-19 14:39 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2010-08-27 13:21 . 2010-04-02 13:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-22 23:51 . 2009-07-07 10:58 -------- d-----w- c:\program files\Steam
2010-08-22 23:37 . 2009-07-07 10:58 -------- d-----w- c:\program files\Common Files\Steam
2010-08-17 16:39 . 2010-08-17 16:39 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\zlib1.dll
2010-08-17 16:39 . 2010-08-17 16:39 1036288 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80d.dll
2010-08-17 16:39 . 2010-08-17 16:39 548864 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80.dll
2010-08-17 16:10 . 2010-08-17 13:41 46 ----a-w- c:\users\User\jagex_runescape_preferences.dat
2010-08-17 16:10 . 2010-08-17 13:42 99 ----a-w- c:\users\User\jagex_runescape_preferences2.dat
2010-08-17 13:42 . 2010-08-17 13:42 0 ----a-w- c:\users\User\jagex__preferences3.dat
2010-08-10 03:01 . 2010-07-19 22:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-10 01:53 . 2010-08-10 01:53 -------- d-----w- c:\users\User\AppData\Roaming\Screaming Bee
2010-07-24 07:53 . 2010-07-17 16:18 73216 ----a-w- c:\windows\system32\o.dat
2010-07-17 16:21 . 2010-07-17 16:21 120 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Ukazafuxu.dat
2010-07-17 16:21 . 2010-07-17 16:21 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Qdativodukeqoda.bin
2010-07-08 18:55 . 2010-07-08 18:56 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-06-28 20:57 . 2010-07-13 17:56 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-13 17:56 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-13 17:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-13 17:57 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-13 17:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-13 17:57 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-07-13 17:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 21:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"WeatherEye"="d:\programs\WeatherEye\WeatherEye.exe" [2009-10-27 718232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"AMTDeviceService"="d:\programs\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
trz77F0.tmp [2010-9-21 253440]
unpu.exe [2010-9-21 116224]
uvec.exe [2010-9-21 116224]
ymyn.exe [2010-9-22 106496]
ynel.exe [2010-9-22 116224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-25 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 aswSP;aswSP; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-19 2789160]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-07-18 357376]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\790fczqk.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {5B7E0F29-0448-4B9B-8842-DDA1BFFC675D} - c:\windows\system32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{99756919-C498-4D97-9E20-2076DE0E42B9} - c:\program files\Wowd\ext\eiexxpw.dll
HKCU-Run-EA Core - d:\programs\EA Download Manager\EADM\Core.exe
HKCU-Run-{A1BEEF18-926B-82F6-3BBB-3A32F8584B7E} - c:\users\User\AppData\Roaming\Xegyu\ehacz.exe
HKU-Default-Run-qonlkhsys - cbyxwv.dll
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
AddRemove-AV VoizGame - d:\programs\AVVOIZ~1\UNWISE.EXE
AddRemove-ffdshow_is1 - d:\programs\Fox Video Converter\codec\unins000.exe
AddRemove-InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC} - c:\program files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe
AddRemove-RealAlt_is1 - d:\programs\Fox Video Converter\codec\real\unins000.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{65761BAE-11E8-48FE-B30F-1F01011AB906} - c:\program files\InstallShield Installation Information\{65761BAE-11E8-48FE-B30F-1F01011AB906}\setup.exe
AddRemove-{80AAD9DF-7E64-40D2-80D2-BECA41593EEB} - c:\program files\InstallShield Installation Information\{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}\setup.exe
AddRemove-{9DF0196F-B6B8-4C3A-8790-DE42AA530101} - c:\program files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe
AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-22 20:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3465122130-2015767867-611751245-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,11,40,49,2e,c8,96,39,03,31,79,e0,11,39,1b,7c,18,a4,ec,8b,ed,
94,02,c8,76,04,ce,c8,0b,4c,49,76,08,ae,d6,19,57,94,f9,e8,9e,d8,c9,23,51,a4,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2648)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
d:\3dsmax9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Completion time: 2010-09-22 20:20:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-23 00:20

Pre-Run: 43,309,654,016 bytes free
Post-Run: 43,000,782,848 bytes free

- - End Of File - - 749BCDF06F5B71EFB7565ED4D66AEED7

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 12:29 am

One thing though, when I saved it to the desktop as commy.exe and clicked Run, it opened a purple/blue box and showed a warning window that simply said "Error" and had an OK button. When I clicked OK everything abruptly closed and the computer rebooted, and when it started up, after I logged in, ComboFix started doing it's thing.

I mention this because that means I never copied that line of text into any run box, and I never got the choice to install any recovery console.

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 12:37 am

[[ComboFix.Txt]]

ComboFix 10-09-22.02 - User 22/09/2010 19:59:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2046.922 [GMT -4:00]
Running from: c:\users\User\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\1.bin\trz7FF4.tmp
c:\program files\MyWebSearch\bar\1.bin\trz9D16.tmp
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\ Wuala Online.url
c:\users\User\AppData\Roaming\trz317.tmp
c:\users\User\AppData\Roaming\Xegyu
c:\users\User\AppData\Roaming\Xegyu\ehacz.exe
c:\users\User\AppData\Roaming\Yzcepi
c:\users\User\AppData\Roaming\Yzcepi\aharo.siu
c:\users\User\AppData\Roaming\Yzcepi\aharo.tmp
c:\users\User\Minecraft
c:\windows\system32\config\systemprofile\AppData\Local\mifdthi.dll
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chkntfs.exe
c:\windows\system32\f3PSSavr.scr

Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-22 22:19 . 2010-09-22 22:19 -------- d-----w- c:\programdata\WindowsSearch
2010-09-22 19:37 . 2010-09-22 19:37 -------- d-----w- C:\_OTL
2010-09-22 13:04 . 2010-09-22 13:04 -------- d-----w- c:\program files\temp
2010-09-18 23:12 . 2010-09-18 23:12 -------- d-----w- c:\program files\AVS4YOU
2010-09-18 23:10 . 2010-06-22 18:57 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2010-09-18 23:10 . 2010-06-22 18:57 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2010-09-14 14:54 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-09-14 14:54 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-09-14 14:52 . 2010-09-14 14:52 -------- d-----w- c:\windows\system32\RsFx
2010-09-14 14:44 . 2010-09-14 14:52 -------- d-----w- c:\program files\Microsoft SQL Server
2010-09-14 14:42 . 2010-09-14 14:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-14 14:39 . 2010-09-14 14:39 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-09-14 14:31 . 2010-09-14 14:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\IIS
2010-09-14 14:11 . 2010-09-14 14:50 -------- d-----w- c:\windows\system32\1033
2010-09-14 14:10 . 2010-09-14 14:10 -------- d-----w- c:\windows\symbols
2010-09-14 14:09 . 2010-09-14 14:18 -------- d-----w- c:\program files\Microsoft F#
2010-09-14 14:09 . 2010-09-14 14:43 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-14 14:09 . 2010-09-14 14:13 -------- d-----w- c:\program files\HTML Help Workshop
2010-09-14 14:09 . 2010-09-14 14:17 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-14 14:09 . 2010-09-14 14:09 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-09-14 14:01 . 2010-09-14 14:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-09 00:34 . 2010-09-21 12:54 -------- d-----w- c:\users\User\AppData\Roaming\.minecraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 00:12 . 2009-12-09 04:04 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-23 00:12 . 2009-09-11 23:53 -------- d-----w- c:\users\User\AppData\Roaming\WTablet
2010-09-23 00:11 . 2009-09-16 12:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
2010-09-22 13:04 . 2010-09-22 13:04 106496 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymyn.exe
2010-09-22 11:54 . 2010-09-22 11:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ynel.exe
2010-09-21 23:54 . 2010-09-21 23:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\unpu.exe
2010-09-21 12:05 . 2009-11-12 13:47 -------- d-----w- c:\users\User\AppData\Roaming\Mual
2010-09-21 11:54 . 2010-09-21 11:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uvec.exe
2010-09-21 11:01 . 2010-03-03 10:13 -------- d-----w- c:\users\User\AppData\Roaming\Kineo
2010-09-21 10:57 . 2009-08-04 00:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-21 10:56 . 2009-09-19 19:12 -------- d-----w- c:\program files\QuickTime
2010-09-21 10:56 . 2009-06-18 00:23 -------- d-----w- c:\program files\Paint.NET
2010-09-21 10:55 . 2009-06-17 17:49 -------- d-----w- c:\program files\Movie Maker 2.6
2010-09-21 10:55 . 2008-08-21 21:30 -------- d-----w- c:\program files\Microsoft Works
2010-09-21 10:54 . 2009-10-12 01:52 -------- d-----w- c:\program files\Microsoft
2010-09-21 10:52 . 2009-08-02 18:25 -------- d-----w- c:\program files\DDS Converter 2
2010-09-21 10:52 . 2008-08-21 21:08 -------- d-----w- c:\program files\Common Files\LightScribe
2010-09-21 10:52 . 2009-06-17 17:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-21 10:52 . 2009-08-06 05:27 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-09-21 10:42 . 2009-08-06 05:19 -------- d-----w- c:\program files\backburner 2
2010-09-21 10:42 . 2009-08-21 15:41 -------- d-----w- c:\program files\AVI-GIF
2010-09-21 10:42 . 2009-08-21 20:14 -------- d-----w- c:\program files\Audacity
2010-09-19 23:00 . 2009-06-16 03:30 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-09-19 02:56 . 2010-09-15 03:23 65024 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-19 02:56 . 2010-09-15 03:23 62464 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-19 02:56 . 2010-09-15 03:23 248832 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-19 02:56 . 2010-09-15 03:23 195072 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-18 23:12 . 2010-05-12 11:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-15 03:06 . 2010-09-15 03:23 232159 ----a-w- c:\users\User\AppData\Roaming\.minecraft\Minecraft.exe
2010-09-14 15:09 . 2010-09-14 14:25 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-09-14 14:50 . 2008-08-21 21:29 -------- d-----w- c:\program files\Microsoft.NET
2010-09-14 14:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-09-14 14:25 . 2010-09-14 14:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-09-14 14:23 . 2009-06-11 22:51 71840 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 02:01 . 2010-08-19 14:39 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2010-08-27 13:21 . 2010-04-02 13:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-22 23:51 . 2009-07-07 10:58 -------- d-----w- c:\program files\Steam
2010-08-22 23:37 . 2009-07-07 10:58 -------- d-----w- c:\program files\Common Files\Steam
2010-08-17 16:39 . 2010-08-17 16:39 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\zlib1.dll
2010-08-17 16:39 . 2010-08-17 16:39 1036288 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80d.dll
2010-08-17 16:39 . 2010-08-17 16:39 548864 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80.dll
2010-08-17 16:10 . 2010-08-17 13:41 46 ----a-w- c:\users\User\jagex_runescape_preferences.dat
2010-08-17 16:10 . 2010-08-17 13:42 99 ----a-w- c:\users\User\jagex_runescape_preferences2.dat
2010-08-17 13:42 . 2010-08-17 13:42 0 ----a-w- c:\users\User\jagex__preferences3.dat
2010-08-10 03:01 . 2010-07-19 22:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-10 01:53 . 2010-08-10 01:53 -------- d-----w- c:\users\User\AppData\Roaming\Screaming Bee
2010-07-24 07:53 . 2010-07-17 16:18 73216 ----a-w- c:\windows\system32\o.dat
2010-07-17 16:21 . 2010-07-17 16:21 120 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Ukazafuxu.dat
2010-07-17 16:21 . 2010-07-17 16:21 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Qdativodukeqoda.bin
2010-07-08 18:55 . 2010-07-08 18:56 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-06-28 20:57 . 2010-07-13 17:56 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-13 17:56 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-13 17:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-13 17:57 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-13 17:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-13 17:57 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-07-13 17:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 21:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"WeatherEye"="d:\programs\WeatherEye\WeatherEye.exe" [2009-10-27 718232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"AMTDeviceService"="d:\programs\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
trz77F0.tmp [2010-9-21 253440]
unpu.exe [2010-9-21 116224]
uvec.exe [2010-9-21 116224]
ymyn.exe [2010-9-22 106496]
ynel.exe [2010-9-22 116224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-25 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 aswSP;aswSP; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-19 2789160]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-07-18 357376]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\790fczqk.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {5B7E0F29-0448-4B9B-8842-DDA1BFFC675D} - c:\windows\system32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{99756919-C498-4D97-9E20-2076DE0E42B9} - c:\program files\Wowd\ext\eiexxpw.dll
HKCU-Run-EA Core - d:\programs\EA Download Manager\EADM\Core.exe
HKCU-Run-{A1BEEF18-926B-82F6-3BBB-3A32F8584B7E} - c:\users\User\AppData\Roaming\Xegyu\ehacz.exe
HKU-Default-Run-qonlkhsys - cbyxwv.dll
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
AddRemove-AV VoizGame - d:\programs\AVVOIZ~1\UNWISE.EXE
AddRemove-ffdshow_is1 - d:\programs\Fox Video Converter\codec\unins000.exe
AddRemove-InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC} - c:\program files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe
AddRemove-RealAlt_is1 - d:\programs\Fox Video Converter\codec\real\unins000.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{65761BAE-11E8-48FE-B30F-1F01011AB906} - c:\program files\InstallShield Installation Information\{65761BAE-11E8-48FE-B30F-1F01011AB906}\setup.exe
AddRemove-{80AAD9DF-7E64-40D2-80D2-BECA41593EEB} - c:\program files\InstallShield Installation Information\{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}\setup.exe
AddRemove-{9DF0196F-B6B8-4C3A-8790-DE42AA530101} - c:\program files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe
AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-22 20:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3465122130-2015767867-611751245-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,11,40,49,2e,c8,96,39,03,31,79,e0,11,39,1b,7c,18,a4,ec,8b,ed,
94,02,c8,76,04,ce,c8,0b,4c,49,76,08,ae,d6,19,57,94,f9,e8,9e,d8,c9,23,51,a4,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2648)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
d:\3dsmax9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Completion time: 2010-09-22 20:20:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-23 00:20

Pre-Run: 43,309,654,016 bytes free
Post-Run: 43,000,782,848 bytes free

- - End Of File - - 749BCDF06F5B71EFB7565ED4D66AEED7

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Thu Sep 23, 2010 1:02 am

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\config\systemprofile\AppData\Local\Qdativodukeqoda.bin
    c:\windows\system32\config\systemprofile\AppData\Local\Ukazafuxu.dat
    c:\windows\system32\o.dat
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uvec.exe
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\unpu.exe
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ynel.exe
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymyn.exe

    Folder::
    c:\users\User\AppData\Roaming\Kineo
    c:\users\User\AppData\Roaming\Mual

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==========

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 1:26 am

Should I run GooredFix before, or after ComboFix?

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 1:29 am

Also, ComboFix prompted me to update to the newer version, but I clicked No. Is that a problem?

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 1:30 am

Also also, you're awesome. Thanks so much for the help so far!

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 1:57 am

Problem, the first.

I followed your instructions, ran ComboFix, left for a bit, and when I came back, a window was open that said it needed to report Malware or something and to make sure I was connected to the internet before clicking Continue (or OK). Windows explorer wasn't up so I couldn't get to the start menu. I just assumed I was still connected to the internet and hit OK, a loading bar started and after a few seconds hit 100%, then it said there was no file at C:\Users\User\AppData\\log.txt and asked if I wanted to create the file. I clicked Yes and it closed ComboFix and opened log.txt, but it's blank.

Was that supposed to happen?

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 1:58 am

The ComboFix.txt changed, though, so here it is:

[[ComboFix.Txt - 2nd run]]

ComboFix 10-09-22.02 - User 22/09/2010 21:35:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2046.1154 [GMT -4:00]
Running from: c:\users\User\Desktop\commy.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\unpu.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uvec.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymyn.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ynel.exe"
"c:\windows\system32\config\systemprofile\AppData\Local\Qdativodukeqoda.bin"
"c:\windows\system32\config\systemprofile\AppData\Local\Ukazafuxu.dat"
"c:\windows\system32\o.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\unpu.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uvec.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymyn.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ynel.exe
c:\users\User\AppData\Roaming\Kineo
c:\users\User\AppData\Roaming\Kineo\trz411.tmp
c:\users\User\AppData\Roaming\Mual
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\chrome.manifest
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\chrome\content\_cfg.js
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\install.rdf
c:\windows\system32\config\systemprofile\AppData\Local\Qdativodukeqoda.bin
c:\windows\system32\config\systemprofile\AppData\Local\Ukazafuxu.dat
c:\windows\system32\o.dat
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-23 01:42 . 2010-09-23 01:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-23 01:42 . 2010-09-23 01:42 -------- d-----w- c:\users\User\AppData\Local\temp
2010-09-23 01:42 . 2010-09-23 01:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-23 01:42 . 2010-09-23 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-22 22:19 . 2010-09-22 22:19 -------- d-----w- c:\programdata\WindowsSearch
2010-09-22 19:37 . 2010-09-22 19:37 -------- d-----w- C:\_OTL
2010-09-22 13:04 . 2010-09-22 13:04 -------- d-----w- c:\program files\temp
2010-09-18 23:12 . 2010-09-18 23:12 -------- d-----w- c:\program files\AVS4YOU
2010-09-18 23:10 . 2010-06-22 18:57 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2010-09-18 23:10 . 2010-06-22 18:57 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2010-09-15 03:23 . 2010-09-19 02:56 65024 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-15 03:23 . 2010-09-19 02:56 62464 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-15 03:23 . 2010-09-19 02:56 248832 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-15 03:23 . 2010-09-19 02:56 195072 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-15 03:23 . 2010-09-15 03:06 232159 ----a-w- c:\users\User\AppData\Roaming\.minecraft\Minecraft.exe
2010-09-14 14:54 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-09-14 14:54 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-09-14 14:52 . 2010-09-14 14:52 -------- d-----w- c:\windows\system32\RsFx
2010-09-14 14:44 . 2010-09-14 14:52 -------- d-----w- c:\program files\Microsoft SQL Server
2010-09-14 14:42 . 2010-09-14 14:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-14 14:39 . 2010-09-14 14:39 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-09-14 14:31 . 2010-09-14 14:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\IIS
2010-09-14 14:25 . 2010-09-14 14:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-09-14 14:25 . 2010-09-14 15:09 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-09-14 14:11 . 2010-09-14 14:50 -------- d-----w- c:\windows\system32\1033
2010-09-14 14:10 . 2010-09-14 14:10 -------- d-----w- c:\windows\symbols
2010-09-14 14:09 . 2010-09-14 14:18 -------- d-----w- c:\program files\Microsoft F#
2010-09-14 14:09 . 2010-09-14 14:43 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-14 14:09 . 2010-09-14 14:13 -------- d-----w- c:\program files\HTML Help Workshop
2010-09-14 14:09 . 2010-09-14 14:17 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-14 14:09 . 2010-09-14 14:09 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-09-14 14:01 . 2010-09-14 14:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-09 00:34 . 2010-09-21 12:54 -------- d-----w- c:\users\User\AppData\Roaming\.minecraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 01:43 . 2009-12-09 04:04 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-23 00:12 . 2009-09-11 23:53 -------- d-----w- c:\users\User\AppData\Roaming\WTablet
2010-09-23 00:11 . 2009-09-16 12:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
2010-09-21 10:57 . 2009-08-04 00:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-21 10:56 . 2009-09-19 19:12 -------- d-----w- c:\program files\QuickTime
2010-09-21 10:56 . 2009-06-18 00:23 -------- d-----w- c:\program files\Paint.NET
2010-09-21 10:55 . 2009-06-17 17:49 -------- d-----w- c:\program files\Movie Maker 2.6
2010-09-21 10:55 . 2008-08-21 21:30 -------- d-----w- c:\program files\Microsoft Works
2010-09-21 10:54 . 2009-10-12 01:52 -------- d-----w- c:\program files\Microsoft
2010-09-21 10:52 . 2009-08-02 18:25 -------- d-----w- c:\program files\DDS Converter 2
2010-09-21 10:52 . 2008-08-21 21:08 -------- d-----w- c:\program files\Common Files\LightScribe
2010-09-21 10:52 . 2009-06-17 17:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-21 10:52 . 2009-08-06 05:27 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-09-21 10:42 . 2009-08-06 05:19 -------- d-----w- c:\program files\backburner 2
2010-09-21 10:42 . 2009-08-21 15:41 -------- d-----w- c:\program files\AVI-GIF
2010-09-21 10:42 . 2009-08-21 20:14 -------- d-----w- c:\program files\Audacity
2010-09-19 23:00 . 2009-06-16 03:30 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-09-18 23:12 . 2010-05-12 11:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-14 14:50 . 2008-08-21 21:29 -------- d-----w- c:\program files\Microsoft.NET
2010-09-14 14:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-09-14 14:23 . 2009-06-11 22:51 71840 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 02:01 . 2010-08-19 14:39 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2010-08-27 13:21 . 2010-04-02 13:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-22 23:51 . 2009-07-07 10:58 -------- d-----w- c:\program files\Steam
2010-08-22 23:37 . 2009-07-07 10:58 -------- d-----w- c:\program files\Common Files\Steam
2010-08-17 16:39 . 2010-08-17 16:39 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\zlib1.dll
2010-08-17 16:39 . 2010-08-17 16:39 1036288 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80d.dll
2010-08-17 16:39 . 2010-08-17 16:39 548864 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80.dll
2010-08-17 16:10 . 2010-08-17 13:41 46 ----a-w- c:\users\User\jagex_runescape_preferences.dat
2010-08-17 16:10 . 2010-08-17 13:42 99 ----a-w- c:\users\User\jagex_runescape_preferences2.dat
2010-08-17 13:42 . 2010-08-17 13:42 0 ----a-w- c:\users\User\jagex__preferences3.dat
2010-08-10 03:01 . 2010-07-19 22:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-10 01:53 . 2010-08-10 01:53 -------- d-----w- c:\users\User\AppData\Roaming\Screaming Bee
2010-07-08 18:55 . 2010-07-08 18:56 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-06-28 20:57 . 2010-07-13 17:56 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-13 17:56 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-13 17:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-13 17:57 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-13 17:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-13 17:57 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-07-13 17:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 21:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"WeatherEye"="d:\programs\WeatherEye\WeatherEye.exe" [2009-10-27 718232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"AMTDeviceService"="d:\programs\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
trz77F0.tmp [2010-9-21 253440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-25 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 aswSP;aswSP; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-19 2789160]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-07-18 357376]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\790fczqk.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3465122130-2015767867-611751245-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,11,40,49,2e,c8,96,39,03,31,79,e0,11,39,1b,7c,18,a4,ec,8b,ed,
94,02,c8,76,04,ce,c8,0b,4c,49,76,08,ae,d6,19,57,94,f9,e8,9e,d8,c9,23,51,a4,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
Completion time: 2010-09-22 21:45:41
ComboFix-quarantined-files.txt 2010-09-23 01:45
ComboFix2.txt 2010-09-23 00:20

Pre-Run: 42,370,592,768 bytes free
Post-Run: 41,923,485,696 bytes free

- - End Of File - - 04E5F227D6A94531032C0ADCD6DBC0A0

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 2:02 am

And then I ran Goored. It only took about 15 seconds.

[[GooredFix.Txt]]

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:00 on 22/09/2010 (User)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:48 23/09/2010]
{B13721C7-F507-4982-B2E5-502A71474FED} [11:13 26/10/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [03:23 04/08/2009]

C:\Users\User\Application Data\Mozilla\Firefox\Profiles\790fczqk.default\extensions\
cfxe@Triton [12:57 30/06/2010]
cfxHelper@Triton [12:57 30/06/2010]
[You must be registered and logged in to see this link.] [14:15 17/04/2010]
[You must be registered and logged in to see this link.] [02:32 14/09/2010]
[You must be registered and logged in to see this link.] [13:10 10/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [12:57 30/06/2010]
{66871bd1-5ba2-4739-b485-2a15f5969bd8} [02:51 02/02/2010]
{bbf8fc30-5280-11db-b0de-0800200c9a66} [13:53 04/08/2009]
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [20:17 28/07/2010]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [13:56 28/08/2010]
{d596c130-b00a-11db-abbd-0800200c9a66} [13:54 04/08/2009]
{dd30bf68-268a-4815-ad48-8740b774c764} [14:15 17/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [01:23 12/06/2009]

-=E.O.F=-

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Thu Sep 23, 2010 2:04 am

Hi.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 3:04 am

(Writing this, as I have been most things, on a different computer:)

I ran Malwarebytes and it prompted me to reboot, but my computer has been on Vista's shiny "Shutting Down..." screen for about half an hour now.

Should I kill it?

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Thu Sep 23, 2010 3:06 am

Hi yes, please do that, and go to the "Logs" tab in Malwarebytes and post the most recent one.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 3:22 am

I feel I should mention that I've never, since buying the computer, been able to save an internet connection, I got into the habit of manually connecting and typing in the password every time I started up the computer, but through all this, every time it reboots, I've never had to connect, it automatically did for once.

[[mbam-log-2010-09-22 (22-45-57).txt]]

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4673

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

22/09/2010 10:45:57 PM
mbam-log-2010-09-22 (22-45-57).txt

Scan type: Quick scan
Objects scanned: 147672
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 40
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 3:22 am

Awaiting orders, cap'n.

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Thu Sep 23, 2010 4:13 am

Hi.

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 11:43 pm

I'm thinking this isn't what you expected:

[[log.txt from ESET Online Scanner]]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Thu Sep 23, 2010 11:46 pm

Hi.

How is your computer running now?


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 11:49 pm

This is what I'm seeing now, should I do anything or just click "Finish"?


Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Thu Sep 23, 2010 11:50 pm

In answer to your question, I haven't gotten any virus alerts in some time (I know I turned avast! off a while ago, but for a while before that too).

Can I turn avast! back on now and see if it screams at me?

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Fri Sep 24, 2010 12:06 am

Hi.

Can you hit the list found threats button, and export that to a text file, then zip it up and attach it please?


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Fri Sep 24, 2010 12:27 am

I'm working on it, the virus ate my winRAR so I have to download something else to make a .zip file.

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Fri Sep 24, 2010 12:37 am

Here's the List of Threats from the ESET Online Scanner.

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Fri Sep 24, 2010 8:41 pm

Hi.

How is your computer running now? See any more files of that name?


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Sat Sep 25, 2010 11:49 am

I find one now and then, but I just delete them, they aren't new, and avast! isn't reporting any more problems.

Everything appears to be back to normal (except the missing files and programs that won't start) but I did manage to save most of the files I wanted to to carry over to Windows 7.

Now I just need to get the internet working. Annoyed or Unimpress But I already made a new thread about that elsewhere in the forum.

Thank You! for your help! I've already started recommending this site to everyone I know. Saved me a lot of money from going down to the local tech store.

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Sat Sep 25, 2010 4:50 pm

Hi,

We are not quite done yet, could you please run a ESET Scan again, Ramnit is a polymorphic file infector, and you seem to have a new variant.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Jyrroe on Fri Oct 01, 2010 2:06 pm

Ooo, well shortly after I thought the problem was solved, I wiped my hard drive. So unless it got onto my portable drive, I think it's gone now. I wanted to be rid of that other trz####.tmp virus so it wouldn't carry over on my portable drive.

Jyrroe
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2010-09-21
Gender : Male
OS : Vista 32-bit

View user profile

Back to top Go down

Re: trz####.tmp files are taking over my computer!

Post by Sneakyone on Fri Oct 01, 2010 9:48 pm

Hi.

You might want to check the portable drive too as ramnit can infected one if it was inserted. Try running a scan on it and see if it finds anything.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum