Inactive Computer freezing at startup

Golden123 · 2010/04/09

[Inactive] Computer freezing at startup

Hi, I was instructed here from the Vista forums on this board, and hope that you can help me further. Thanks in advance.

The current problem is that I can boot into Safe Mode with Networking and use it fine there, but once I load up into the desktop in Normal mode the computer generally crashes as soon as I press any icon on the desktop or taskbar (I can usually close the startup programs before it hits me).

I've downloaded the DDS scan and ran it in safe mode, then was lucky enough to get it to finish a scan in normal mode. I managed to save the DDS log but the computer froze on me before I got ahold of the Attach log.

I've kind of mixed and matched the DDS normal mode with a previous Attach safe mode log since I figured the normal mode log will probably be more helpful to you. Let me know if this isn't the case.

DDS (Ver_10-03-17.01) - NTFSx86
Run by guo at 9:39:26.16 on 08/04/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.3326.2336 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Users\guo\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1208&m=aspire_m7711
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1208&m=aspire_m7711
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1208&m=aspire_m7711
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1208&m=aspire_m7711
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartc~1.lnk - c:\program files\northstar\smartcopy\SmartCopy.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartl~1.lnk - c:\program files\northstar\smartlauncher\SmartLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\update~1.lnk - c:\program files\3\3connect\AutoUpdateSrv.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\guo\appdata\roaming\mozilla\firefox\profiles\81zz2vbm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-04-06 14:08:31 0 d-----w- c:\program files\SIW
2010-04-04 10:10:53 185203581 ----a-w- c:\windows\MEMORY.DMP
2010-04-02 11:29:01 0 d-----w- c:\windows\pss
2010-03-31 14:43:10 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 14:42:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-31 14:42:59 389632 ----a-w- c:\windows\system32\html.iec
2010-03-31 14:42:59 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-31 14:42:51 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-03-12 14:00:05 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 14:00:02 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 14:00:02 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-04-01 21:37:04 133247133 ----a-w- c:\windows\DUMP74d1.tmp
2010-02-12 10:48:12 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:48:34 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48:06 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45:56 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35:01 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:00 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34:56 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34:56 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-17 19:00:52 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-17 19:00:52 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-17 19:00:51 86016 ----a-w- c:\windows\inf\infstor.dat
2008-10-22 22:31:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-24 19:13:40 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-02-24 19:13:40 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-02-24 19:13:40 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 9:55:21.81 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2008 15:09:41
System Uptime: 04/07/2010 08:53:42 (-2108 hours ago)

Motherboard: Acer | | FMCP7AM
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 2500/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 274 GiB total, 42.644 GiB free.
D: is FIXED (NTFS) - 410 GiB total, 160.665 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D45C30F&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D45C30F&0
Service: i8042prt

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2D45C30F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2D45C30F&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3Connect
7-Zip 4.57
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Agatha Christie Death on the Nile
Alice Greenfingers
ATI Catalyst Install Manager
Avanquest update
Azada
Backspin Billiards
Batman: Arkham Asylum
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Cake Mania
Call of Duty(R) - World at War(TM)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
Character Builder
Chicken Invaders 3
Choice Guard
Chuzzle
Combined Community Codec Pack 2008-09-21 16:18
Comical 0.8
Diner Dash Flo on the Go
DivX Web Player
Dolby Control Center
eSobi v2
Fallout 3
Far Cry 2
ffdshow [rev 2719] [2009-02-24]
Flip Words 2
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Huawei modem
Java(TM) 6 Update 17
Jewel Quest Solitaire
Kick N Rush
LightScribe 1.4.142.1
Linksys Wireless-G USB Network Adapter
Mahjong Escape Ancient China
Mahjongg Artifacts
Mass Effect 2
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NDSROM Player
NTI Backup Now 5
NTI Backup Now Standard
NTI JewelCase Maker Hot Fix
NTI Media Maker 8
NTI Photo Maker Hot Fix
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
PrimoPDF -- brought to you by Nitro PDF Software
PunkBuster Services
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SIW version 2010.03.10
Skins
SmartCopy
SmartLauncher
Sony Ericsson PC Suite 4.009.00
Spelling Dictionaries Support For Adobe Reader 8
Star Wars®: Knights of the Old Republic (TM)
System Requirements Lab
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Vuze
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

31/03/2010 15:27:55, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
06/04/2010 14:57:33, Error: EventLog [6008] - The previous system shutdown at 14:54:01 on 06/04/2010 was unexpected.
06/04/2010 09:30:03, Error: EventLog [6008] - The previous system shutdown at 09:26:51 on 06/04/2010 was unexpected.
06/04/2010 09:26:03, Error: EventLog [6008] - The previous system shutdown at 09:15:45 on 06/04/2010 was unexpected.
06/04/2010 08:52:59, Error: Service Control Manager [7022] - The McAfee Real-time Scanner service hung on starting.
06/04/2010 08:34:41, Error: volmgr [46] - Crash dump initialization failed!
05/04/2010 23:30:18, Error: EventLog [6008] - The previous system shutdown at 23:25:36 on 05/04/2010 was unexpected.
05/04/2010 22:27:08, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Empowering Technology Service service to connect.
05/04/2010 22:25:34, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
05/04/2010 10:35:32, Error: EventLog [6008] - The previous system shutdown at 19:48:29 on 04/04/2010 was unexpected.
04/04/2010 11:14:15, Error: EventLog [6008] - The previous system shutdown at 11:11:06 on 04/04/2010 was unexpected.
04/04/2010 11:11:06, Error: EventLog [6008] - The previous system shutdown at 10:51:20 on 04/04/2010 was unexpected.
04/04/2010 10:08:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC i8042prt mfehidk MPFP NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 10:08:24, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 10:07:34, Error: EventLog [6008] - The previous system shutdown at 10:00:41 on 04/04/2010 was unexpected.
03/04/2010 19:34:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.
03/04/2010 19:34:26, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/04/2010 19:30:38, Error: EventLog [6008] - The previous system shutdown at 18:31:00 on 03/04/2010 was unexpected.
03/04/2010 17:57:07, Error: EventLog [6008] - The previous system shutdown at 17:38:23 on 03/04/2010 was unexpected.
03/04/2010 17:24:18, Error: Service Control Manager [7001] - The Windows Event Collector service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2010 17:24:18, Error: Service Control Manager [7001] - The COM+ System Application service depends on the System Event Notification Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 17:23:31, Error: EventLog [6008] - The previous system shutdown at 17:21:38 on 03/04/2010 was unexpected.
03/04/2010 15:24:22, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:20:33, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:14:57, Error: Service Control Manager [7001] - The PNRP Machine Name Publication Service service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:13:55, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:04:26, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:04:06, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:03:29, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:02:59, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:01:33, Error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 15:00:03, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:59:43, Error: Service Control Manager [7001] - The Extensible Authentication Protocol service depends on the CNG Key Isolation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:59:18, Error: Service Control Manager [7001] - The DFS Replication service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:58:46, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
03/04/2010 14:57:44, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:57:17, Error: Service Control Manager [7001] - The Routing and Remote Access service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:55:34, Error: Service Control Manager [7001] - The Windows Event Collector service depends on the Windows Firewall service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:55:30, Error: Service Control Manager [7001] - The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:55:30, Error: Service Control Manager [7001] - The Wired AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:55:30, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:55:30, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:55:30, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:55:30, Error: Service Control Manager [7001] - The ForceWare Intelligent Application Manager (IAM) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 14:55:30, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/04/2010 10:27:41, Error: EventLog [6008] - The previous system shutdown at 22:47:36 on 02/04/2010 was unexpected.
02/04/2010 22:08:46, Error: EventLog [6008] - The previous system shutdown at 21:42:06 on 02/04/2010 was unexpected.
02/04/2010 17:59:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/04/2010 17:59:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/04/2010 17:59:15, Error: EventLog [6008] - The previous system shutdown at 17:56:15 on 02/04/2010 was unexpected.
02/04/2010 17:08:10, Error: EventLog [6008] - The previous system shutdown at 17:02:20 on 02/04/2010 was unexpected.
02/04/2010 17:02:20, Error: EventLog [6008] - The previous system shutdown at 17:00:00 on 02/04/2010 was unexpected.
02/04/2010 16:54:17, Error: EventLog [6008] - The previous system shutdown at 16:52:22 on 02/04/2010 was unexpected.
02/04/2010 16:48:39, Error: EventLog [6008] - The previous system shutdown at 16:46:46 on 02/04/2010 was unexpected.
02/04/2010 16:42:52, Error: EventLog [6008] - The previous system shutdown at 16:40:30 on 02/04/2010 was unexpected.
02/04/2010 16:34:46, Error: EventLog [6008] - The previous system shutdown at 16:32:59 on 02/04/2010 was unexpected.
02/04/2010 14:37:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
02/04/2010 12:38:27, Error: EventLog [6008] - The previous system shutdown at 12:34:51 on 02/04/2010 was unexpected.
02/04/2010 11:24:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments " " in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
02/04/2010 11:23:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
02/04/2010 11:20:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/04/2010 11:20:08, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt mfehidk spldr Wanarpv6
02/04/2010 11:20:08, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
02/04/2010 11:20:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/04/2010 11:20:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
02/04/2010 11:20:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/04/2010 11:19:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/04/2010 11:19:49, Error: EventLog [6008] - The previous system shutdown at 11:18:01 on 02/04/2010 was unexpected.
02/04/2010 11:15:28, Error: EventLog [6008] - The previous system shutdown at 11:13:03 on 02/04/2010 was unexpected.
02/04/2010 10:47:22, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/04/2010 10:47:22, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
02/04/2010 10:47:22, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
02/04/2010 10:47:22, Error: Service Control Manager [7022] - The Security Center service hung on starting.
02/04/2010 10:47:22, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
02/04/2010 10:47:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
02/04/2010 10:47:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
02/04/2010 10:47:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
02/04/2010 10:47:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Network Agent service to connect.
02/04/2010 10:47:22, Error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/04/2010 10:20:39, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
02/04/2010 10:19:23, Error: EventLog [6008] - The previous system shutdown at 20:26:25 on 01/04/2010 was unexpected.

==== End Of File ===========================

broni · 2010/04/09

Let's see, if we can look at your computer booting from an external source.

You will need USB flash drive to move information from bad computer to a working computer.

You need to download two programs.

First

ISO Burner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programm, from there on it's fairly automatic (Instructions)

Second

Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 270.3 MB in size so it may take some time to download.

When downloaded double click and this will then open ISOBurner to burn the file to CD

Reboot your system (Non working computer) using the boot CD you just created.

Note. If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users is checked and press OK

OTL should now start. Change the following settings

Change Drivers to All

Change Registry to All

Under Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive.

Please post the contents of the C:\OTL.txt file in your reply.

Golden123 · 2010/04/10

Thanks for your advice.

Though I appear to have hit a snag with booting from the CD. I've burnt it and booted from it. The Windows XP loading screen came up (my system is vista, not sure if that might have something to do with it), but then it gave me an error blue screen with text.

I turned the computer off and rebooted from my harddrive in safe boot and it seems fine.

Was a little bit startled by the error screen so I thought best to ask you first how I should proceed. Should I try a second time or do something else?

broni · 2010/04/10

See, if you can boot to Safe Mode with Networking to download some files.
If not, use another working computer to download following files and move them to bad computer, using USB flash drive....

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/LIST]

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

Golden123 · 2010/04/11

I can boot into safe mode w/ networking and browse/follow all your instructions just fine.

However, regarding Combofix. I can't seem to find the log for it (its not in C, nor in the Combofix folder. It seemed to complete all the stages fine, and said preparing logs, but then closed and no logs seem to have been created.

The other 2 logs are below. Thanks for your assistance.

exeHelper by Raktor
Build 20100329
Run at 08:30:25 on 04/11/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:44, on 11/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1208&m=aspire_m7711
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1208&m=aspire_m7711
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

--
End of file - 8505 bytes

broni · 2010/04/11

Please. re-run Combofix and hopefully, it'll produce log this time.

Golden123 · 2010/04/11

I've re-ran several times in total (including Run as administrator) yet it always completes the scan, says its preparing a log then the window closes and no log appear to have been made.

broni · 2010/04/11

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

Golden123 · 2010/04/11

Finally some good luck.

19:11:44:798 1568 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
19:11:44:798 1568 ================================================================================
19:11:44:798 1568 SystemInfo:

19:11:44:798 1568 OS Version: 6.0.6001 ServicePack: 1.0
19:11:44:798 1568 Product type: Workstation
19:11:44:798 1568 ComputerName: GUO-PC
19:11:44:798 1568 UserName: guo
19:11:44:798 1568 Windows directory: C:\Windows
19:11:44:798 1568 Processor architecture: Intel x86
19:11:44:798 1568 Number of processors: 4
19:11:44:798 1568 Page size: 0x1000
19:11:44:798 1568 Boot type: Safe boot with network
19:11:44:798 1568 ================================================================================
19:11:44:803 1568 UnloadDriverW: NtUnloadDriver error 2
19:11:44:803 1568 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:11:44:865 1568 wfopen_ex: Trying to open file C:\Windows\system32\config\system
19:11:44:865 1568 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:11:44:865 1568 wfopen_ex: Trying to KLMD file open
19:11:44:865 1568 wfopen_ex: File opened ok (Flags 2)
19:11:44:878 1568 wfopen_ex: Trying to open file C:\Windows\system32\config\software
19:11:44:878 1568 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:11:44:878 1568 wfopen_ex: Trying to KLMD file open
19:11:44:878 1568 wfopen_ex: File opened ok (Flags 2)
19:11:44:878 1568 Initialize success
19:11:44:878 1568
19:11:44:878 1568 Scanning Services ...
19:11:45:478 1568 Raw services enum returned 446 services
19:11:45:485 1568
19:11:45:485 1568 Scanning Kernel memory ...
19:11:45:485 1568 Devices to scan: 5
19:11:45:485 1568
19:11:45:485 1568 Driver Name: USBSTOR
19:11:45:485 1568 IRP_MJ_CREATE : 8E716B40
19:11:45:485 1568 IRP_MJ_CREATE_NAMED_PIPE : 8202E043
19:11:45:485 1568 IRP_MJ_CLOSE : 8E716BB8
19:11:45:485 1568 IRP_MJ_READ : 8E716C30
19:11:45:485 1568 IRP_MJ_WRITE : 8E716C30
19:11:45:485 1568 IRP_MJ_QUERY_INFORMATION : 8202E043
19:11:45:485 1568 IRP_MJ_SET_INFORMATION : 8202E043
19:11:45:485 1568 IRP_MJ_QUERY_EA : 8202E043
19:11:45:485 1568 IRP_MJ_SET_EA : 8202E043
19:11:45:485 1568 IRP_MJ_FLUSH_BUFFERS : 8202E043
19:11:45:485 1568 IRP_MJ_QUERY_VOLUME_INFORMATION : 8202E043
19:11:45:485 1568 IRP_MJ_SET_VOLUME_INFORMATION : 8202E043
19:11:45:485 1568 IRP_MJ_DIRECTORY_CONTROL : 8202E043
19:11:45:485 1568 IRP_MJ_FILE_SYSTEM_CONTROL : 8202E043
19:11:45:485 1568 IRP_MJ_DEVICE_CONTROL : 8E716828
19:11:45:485 1568 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8E70B4AA
19:11:45:485 1568 IRP_MJ_SHUTDOWN : 8202E043
19:11:45:485 1568 IRP_MJ_LOCK_CONTROL : 8202E043
19:11:45:485 1568 IRP_MJ_CLEANUP : 8202E043
19:11:45:485 1568 IRP_MJ_CREATE_MAILSLOT : 8202E043
19:11:45:485 1568 IRP_MJ_QUERY_SECURITY : 8202E043
19:11:45:485 1568 IRP_MJ_SET_SECURITY : 8202E043
19:11:45:485 1568 IRP_MJ_POWER : 8E714F9A
19:11:45:485 1568 IRP_MJ_SYSTEM_CONTROL : 8E7127A2
19:11:45:485 1568 IRP_MJ_DEVICE_CHANGE : 8202E043
19:11:45:485 1568 IRP_MJ_QUERY_QUOTA : 8202E043
19:11:45:485 1568 IRP_MJ_SET_QUOTA : 8202E043
19:11:45:493 1568 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:11:45:493 1568
19:11:45:493 1568 Driver Name: USBSTOR
19:11:45:493 1568 IRP_MJ_CREATE : 8E716B40
19:11:45:493 1568 IRP_MJ_CREATE_NAMED_PIPE : 8202E043
19:11:45:493 1568 IRP_MJ_CLOSE : 8E716BB8
19:11:45:493 1568 IRP_MJ_READ : 8E716C30
19:11:45:493 1568 IRP_MJ_WRITE : 8E716C30
19:11:45:493 1568 IRP_MJ_QUERY_INFORMATION : 8202E043
19:11:45:493 1568 IRP_MJ_SET_INFORMATION : 8202E043
19:11:45:493 1568 IRP_MJ_QUERY_EA : 8202E043
19:11:45:493 1568 IRP_MJ_SET_EA : 8202E043
19:11:45:493 1568 IRP_MJ_FLUSH_BUFFERS : 8202E043
19:11:45:493 1568 IRP_MJ_QUERY_VOLUME_INFORMATION : 8202E043
19:11:45:493 1568 IRP_MJ_SET_VOLUME_INFORMATION : 8202E043
19:11:45:493 1568 IRP_MJ_DIRECTORY_CONTROL : 8202E043
19:11:45:493 1568 IRP_MJ_FILE_SYSTEM_CONTROL : 8202E043
19:11:45:493 1568 IRP_MJ_DEVICE_CONTROL : 8E716828
19:11:45:493 1568 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8E70B4AA
19:11:45:493 1568 IRP_MJ_SHUTDOWN : 8202E043
19:11:45:493 1568 IRP_MJ_LOCK_CONTROL : 8202E043
19:11:45:493 1568 IRP_MJ_CLEANUP : 8202E043
19:11:45:493 1568 IRP_MJ_CREATE_MAILSLOT : 8202E043
19:11:45:493 1568 IRP_MJ_QUERY_SECURITY : 8202E043
19:11:45:493 1568 IRP_MJ_SET_SECURITY : 8202E043
19:11:45:493 1568 IRP_MJ_POWER : 8E714F9A
19:11:45:493 1568 IRP_MJ_SYSTEM_CONTROL : 8E7127A2
19:11:45:493 1568 IRP_MJ_DEVICE_CHANGE : 8202E043
19:11:45:493 1568 IRP_MJ_QUERY_QUOTA : 8202E043
19:11:45:493 1568 IRP_MJ_SET_QUOTA : 8202E043
19:11:45:493 1568 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:11:45:495 1568
19:11:45:495 1568 Driver Name: USBSTOR
19:11:45:495 1568 IRP_MJ_CREATE : 8E716B40
19:11:45:495 1568 IRP_MJ_CREATE_NAMED_PIPE : 8202E043
19:11:45:495 1568 IRP_MJ_CLOSE : 8E716BB8
19:11:45:495 1568 IRP_MJ_READ : 8E716C30
19:11:45:495 1568 IRP_MJ_WRITE : 8E716C30
19:11:45:495 1568 IRP_MJ_QUERY_INFORMATION : 8202E043
19:11:45:495 1568 IRP_MJ_SET_INFORMATION : 8202E043
19:11:45:495 1568 IRP_MJ_QUERY_EA : 8202E043
19:11:45:495 1568 IRP_MJ_SET_EA : 8202E043
19:11:45:495 1568 IRP_MJ_FLUSH_BUFFERS : 8202E043
19:11:45:495 1568 IRP_MJ_QUERY_VOLUME_INFORMATION : 8202E043
19:11:45:495 1568 IRP_MJ_SET_VOLUME_INFORMATION : 8202E043
19:11:45:495 1568 IRP_MJ_DIRECTORY_CONTROL : 8202E043
19:11:45:495 1568 IRP_MJ_FILE_SYSTEM_CONTROL : 8202E043
19:11:45:495 1568 IRP_MJ_DEVICE_CONTROL : 8E716828
19:11:45:495 1568 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8E70B4AA
19:11:45:495 1568 IRP_MJ_SHUTDOWN : 8202E043
19:11:45:495 1568 IRP_MJ_LOCK_CONTROL : 8202E043
19:11:45:495 1568 IRP_MJ_CLEANUP : 8202E043
19:11:45:495 1568 IRP_MJ_CREATE_MAILSLOT : 8202E043
19:11:45:495 1568 IRP_MJ_QUERY_SECURITY : 8202E043
19:11:45:495 1568 IRP_MJ_SET_SECURITY : 8202E043
19:11:45:495 1568 IRP_MJ_POWER : 8E714F9A
19:11:45:495 1568 IRP_MJ_SYSTEM_CONTROL : 8E7127A2
19:11:45:495 1568 IRP_MJ_DEVICE_CHANGE : 8202E043
19:11:45:495 1568 IRP_MJ_QUERY_QUOTA : 8202E043
19:11:45:495 1568 IRP_MJ_SET_QUOTA : 8202E043
19:11:45:495 1568 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:11:45:495 1568
19:11:45:495 1568 Driver Name: USBSTOR
19:11:45:495 1568 IRP_MJ_CREATE : 8E716B40
19:11:45:495 1568 IRP_MJ_CREATE_NAMED_PIPE : 8202E043
19:11:45:495 1568 IRP_MJ_CLOSE : 8E716BB8
19:11:45:495 1568 IRP_MJ_READ : 8E716C30
19:11:45:495 1568 IRP_MJ_WRITE : 8E716C30
19:11:45:495 1568 IRP_MJ_QUERY_INFORMATION : 8202E043
19:11:45:495 1568 IRP_MJ_SET_INFORMATION : 8202E043
19:11:45:495 1568 IRP_MJ_QUERY_EA : 8202E043
19:11:45:495 1568 IRP_MJ_SET_EA : 8202E043
19:11:45:495 1568 IRP_MJ_FLUSH_BUFFERS : 8202E043
19:11:45:495 1568 IRP_MJ_QUERY_VOLUME_INFORMATION : 8202E043
19:11:45:495 1568 IRP_MJ_SET_VOLUME_INFORMATION : 8202E043
19:11:45:495 1568 IRP_MJ_DIRECTORY_CONTROL : 8202E043
19:11:45:495 1568 IRP_MJ_FILE_SYSTEM_CONTROL : 8202E043
19:11:45:495 1568 IRP_MJ_DEVICE_CONTROL : 8E716828
19:11:45:495 1568 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8E70B4AA
19:11:45:495 1568 IRP_MJ_SHUTDOWN : 8202E043
19:11:45:495 1568 IRP_MJ_LOCK_CONTROL : 8202E043
19:11:45:495 1568 IRP_MJ_CLEANUP : 8202E043
19:11:45:495 1568 IRP_MJ_CREATE_MAILSLOT : 8202E043
19:11:45:495 1568 IRP_MJ_QUERY_SECURITY : 8202E043
19:11:45:495 1568 IRP_MJ_SET_SECURITY : 8202E043
19:11:45:495 1568 IRP_MJ_POWER : 8E714F9A
19:11:45:495 1568 IRP_MJ_SYSTEM_CONTROL : 8E7127A2
19:11:45:495 1568 IRP_MJ_DEVICE_CHANGE : 8202E043
19:11:45:495 1568 IRP_MJ_QUERY_QUOTA : 8202E043
19:11:45:495 1568 IRP_MJ_SET_QUOTA : 8202E043
19:11:45:498 1568 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:11:45:498 1568
19:11:45:498 1568 Driver Name: nvstor32
19:11:45:498 1568 IRP_MJ_CREATE : 8272460A
19:11:45:498 1568 IRP_MJ_CREATE_NAMED_PIPE : 8202E043
19:11:45:498 1568 IRP_MJ_CLOSE : 82724565
19:11:45:498 1568 IRP_MJ_READ : 8202E043
19:11:45:498 1568 IRP_MJ_WRITE : 8202E043
19:11:45:498 1568 IRP_MJ_QUERY_INFORMATION : 8202E043
19:11:45:498 1568 IRP_MJ_SET_INFORMATION : 8202E043
19:11:45:498 1568 IRP_MJ_QUERY_EA : 8202E043
19:11:45:498 1568 IRP_MJ_SET_EA : 8202E043
19:11:45:498 1568 IRP_MJ_FLUSH_BUFFERS : 8202E043
19:11:45:498 1568 IRP_MJ_QUERY_VOLUME_INFORMATION : 8202E043
19:11:45:498 1568 IRP_MJ_SET_VOLUME_INFORMATION : 8202E043
19:11:45:498 1568 IRP_MJ_DIRECTORY_CONTROL : 8202E043
19:11:45:498 1568 IRP_MJ_FILE_SYSTEM_CONTROL : 8202E043
19:11:45:498 1568 IRP_MJ_DEVICE_CONTROL : 827246CB
19:11:45:498 1568 IRP_MJ_INTERNAL_DEVICE_CONTROL : 826F3EE3
19:11:45:498 1568 IRP_MJ_SHUTDOWN : 8202E043
19:11:45:498 1568 IRP_MJ_LOCK_CONTROL : 8202E043
19:11:45:498 1568 IRP_MJ_CLEANUP : 8202E043
19:11:45:498 1568 IRP_MJ_CREATE_MAILSLOT : 8202E043
19:11:45:498 1568 IRP_MJ_QUERY_SECURITY : 8202E043
19:11:45:498 1568 IRP_MJ_SET_SECURITY : 8202E043
19:11:45:498 1568 IRP_MJ_POWER : 826F998F
19:11:45:498 1568 IRP_MJ_SYSTEM_CONTROL : 827248FE
19:11:45:498 1568 IRP_MJ_DEVICE_CHANGE : 8202E043
19:11:45:498 1568 IRP_MJ_QUERY_QUOTA : 8202E043
19:11:45:498 1568 IRP_MJ_SET_QUOTA : 8202E043
19:11:45:508 1568 C:\Windows\system32\drivers\nvstor32.sys - Verdict: 1
19:11:45:508 1568
19:11:45:510 1568 Completed
19:11:45:510 1568
19:11:45:510 1568 Results:
19:11:45:510 1568 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:11:45:510 1568 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:11:45:510 1568 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:11:45:510 1568
19:11:45:510 1568 fclose_ex: Trying to close file C:\Windows\system32\config\system
19:11:45:510 1568 fclose_ex: Trying to close file C:\Windows\system32\config\software
19:11:45:513 1568 KLMD(ARK) unloaded successfully

broni · 2010/04/11

Delete your Combofix file.
Download fresh one and rename combofix.exe to broni.com BEFORE saving it to your desktop.

Run rKill first, then broni.com.

Golden123 · 2010/04/11

Still getting the same problem and no logs, unfortunately.

Though I did notice the text at the top of the Combofix screen saying something to the effect of "System cannot find message text number 0x8 in the message file for system. " Could this be something to do with it?

broni · 2010/04/11

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Golden123 · 2010/04/11

Ok. Here are the logs.

OTL logfile created on: 11/04/2010 20:21:46 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\guo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.57 Gb Total Space | 46.34 Gb Free Space | 16.94% Space Free | Partition Type: NTFS
Drive D: | 410.41 Gb Total Space | 160.66 Gb Free Space | 39.15% Space Free | Partition Type: NTFS
Drive E: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GUO-PC
Current User Name: guo
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/11 20:20:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\guo\Desktop\OTL.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/07 10:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/04 06:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/18 23:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

========== Modules (SafeList) ==========

MOD - [2010/04/11 20:20:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\guo\Desktop\OTL.exe
MOD - [2008/01/21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/16 16:34:40 | 000,030,192 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/09/08 19:10:20 | 000,450,560 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/09/08 19:09:40 | 000,184,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/08/19 22:27:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/30 01:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/05/21 01:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/04/26 05:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/26 05:36:02 | 000,131,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 21:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/25 02:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 11:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 11:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/07 10:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/15 20:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 20:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 23:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1208&m=aspire_m7711

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1208&m=aspire_m7711
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig "

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/25 21:46:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 14:39:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 14:39:00 | 000,000,000 | ---D | M]

[2009/02/24 20:38:53 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\Mozilla\Extensions
[2010/04/10 23:00:04 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions
[2009/09/02 16:46:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/24 22:26:47 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2009/09/07 18:13:59 | 000,000,000 | ---D | M] (AutoFormer) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{5556F97E-11A5-46b0-9082-32AD74AAA920}
[2009/02/24 22:26:46 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/02/24 22:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/24 22:26:46 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/02/24 22:26:46 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/09/07 18:13:58 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2010/03/18 21:02:35 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/03/18 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\81zz2vbm.default\extensions\noia2_option@kk.noia
[2009/02/24 20:38:53 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\Mozilla\Firefox\Profiles\9pelac92.default\extensions
[2010/04/10 23:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/17 18:53:38 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/17 18:53:38 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/17 18:53:38 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/17 18:53:38 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 12:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/11 20:20:37 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\guo\Desktop\OTL.exe
[2010/04/11 20:18:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/11 19:42:38 | 000,000,000 | ---D | C] -- C:\Users\guo\AppData\Local\temp
[2010/04/11 19:39:15 | 000,000,000 | ---D | C] -- C:\broni.com
[2010/04/11 19:39:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/11 19:06:39 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Users\guo\Desktop\TDSSKiller.exe
[2010/04/11 11:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/11 08:37:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/11 08:37:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/11 08:37:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/11 08:37:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/11 08:36:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/11 08:31:37 | 000,000,000 | ---D | C] -- C:\Users\guo\Desktop\Malwarelogs
[2010/04/10 11:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2010/04/08 11:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/06 15:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/04/04 11:11:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/02 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2008/10/22 23:59:07 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/11 20:21:43 | 002,621,440 | -HS- | M] () -- C:\Users\guo\NTUSER.DAT
[2010/04/11 20:20:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\guo\Desktop\OTL.exe
[2010/04/11 20:00:41 | 000,001,356 | ---- | M] () -- C:\Users\guo\AppData\Local\d3d9caps.dat
[2010/04/11 19:42:43 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/11 19:30:25 | 000,363,520 | ---- | M] () -- C:\Users\guo\Desktop\rkill.com
[2010/04/11 19:30:13 | 003,911,676 | R--- | M] () -- C:\Users\guo\Desktop\broni.com.exe
[2010/04/11 11:09:59 | 000,001,878 | ---- | M] () -- C:\Users\guo\Desktop\HijackThis.lnk
[2010/04/11 08:35:08 | 000,003,338 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/04/11 08:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/10 23:05:34 | 000,524,288 | -HS- | M] () -- C:\Users\guo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/10 23:05:34 | 000,065,536 | -HS- | M] () -- C:\Users\guo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/10 14:06:47 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 14:06:47 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 14:06:46 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/10 14:06:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/10 11:53:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/04/09 17:43:41 | 000,238,080 | ---- | M] () -- C:\Users\guo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 17:37:47 | 000,700,128 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/09 17:37:47 | 000,603,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/09 17:37:47 | 000,108,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/09 09:50:32 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/07 12:00:29 | 000,525,824 | ---- | M] () -- C:\Users\guo\Desktop\dds.scr
[2010/04/06 15:08:32 | 000,000,736 | ---- | M] () -- C:\Users\guo\Desktop\SIW.lnk
[2010/04/04 11:11:02 | 185,203,581 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/03 12:41:22 | 000,002,627 | ---- | M] () -- C:\Users\guo\Desktop\Microsoft Office Word 2007.lnk
[2010/04/02 17:10:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/04/02 16:26:10 | 000,001,405 | ---- | M] () -- C:\Users\guo\Desktop\msconfig - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/11 19:30:25 | 000,363,520 | ---- | C] () -- C:\Users\guo\Desktop\rkill.com
[2010/04/11 19:30:10 | 003,911,676 | R--- | C] () -- C:\Users\guo\Desktop\broni.com.exe
[2010/04/11 11:09:59 | 000,001,878 | ---- | C] () -- C:\Users\guo\Desktop\HijackThis.lnk
[2010/04/11 08:37:44 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/11 08:37:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/11 08:37:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/11 08:37:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/11 08:37:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/07 12:00:24 | 000,525,824 | ---- | C] () -- C:\Users\guo\Desktop\dds.scr
[2010/04/06 15:08:32 | 000,000,736 | ---- | C] () -- C:\Users\guo\Desktop\SIW.lnk
[2010/04/06 09:31:09 | 000,000,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartLauncher.lnk
[2010/04/06 09:31:09 | 000,000,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
[2010/04/04 11:10:53 | 185,203,581 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/02 16:23:16 | 000,001,405 | ---- | C] () -- C:\Users\guo\Desktop\msconfig - Shortcut.lnk
[2010/01/31 10:20:23 | 000,001,356 | ---- | C] () -- C:\Users\guo\AppData\Local\d3d9caps.dat
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/06/19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/05/22 14:46:47 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/05/10 21:00:38 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/04/27 05:13:36 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/03/21 11:45:58 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/03/21 11:45:58 | 000,022,328 | ---- | C] () -- C:\Users\guo\AppData\Roaming\PnkBstrK.sys
[2009/02/25 20:57:05 | 000,238,080 | ---- | C] () -- C:\Users\guo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/25 19:28:14 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/24 20:01:36 | 000,001,733 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2009/02/24 18:55:53 | 002,621,440 | -HS- | C] () -- C:\Users\guo\NTUSER.DAT
[2009/02/24 18:55:53 | 000,524,288 | -HS- | C] () -- C:\Users\guo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/02/24 18:55:53 | 000,524,288 | -HS- | C] () -- C:\Users\guo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/02/24 18:55:53 | 000,262,144 | -H-- | C] () -- C:\Users\guo\ntuser.dat.LOG1
[2009/02/24 18:55:53 | 000,065,536 | -HS- | C] () -- C:\Users\guo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/02/24 18:55:53 | 000,000,020 | -HS- | C] () -- C:\Users\guo\ntuser.ini
[2009/02/24 18:55:53 | 000,000,000 | -H-- | C] () -- C:\Users\guo\ntuser.dat.LOG2
[2008/12/12 16:39:23 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/12/12 16:39:23 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/10/22 23:45:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/10/22 23:45:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/10/22 23:36:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006/12/11 05:13:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/10/22 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\Acer GameZone Console
[2010/04/03 23:02:22 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\Azureus
[2010/02/27 12:43:46 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\Bioshock
[2009/09/17 20:02:14 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\Birdstep Technology
[2009/03/07 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\DAEMON Tools
[2009/03/07 14:51:44 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\DAEMON Tools Lite
[2009/03/07 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\DAEMON Tools Pro
[2010/01/30 17:09:42 | 000,000,000 | ---D | M] -- C:\Users\guo\AppData\Roaming\SystemRequirementsLab
[2008/10/22 23:50:21 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2008/10/22 23:50:21 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/04/05 23:33:08 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2008/08/18 11:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP7A\IDE\WinVista\sataraid\nvstor32.sys
[2008/08/18 11:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\ACER\SataRAID\IDE\WinVista\sataraid\nvstor32.sys
[2008/08/18 11:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\Windows\System32\drivers\nvstor32.sys
[2008/08/18 11:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_06ec9e47\nvstor32.sys
[2008/08/18 11:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP7A\IDE\WinVista\sata_ide\nvstor32.sys
[2008/08/18 11:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\ACER\SataRAID\IDE\WinVista\sata_ide\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/10/22 23:59:32 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/10/22 23:59:28 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/10/22 23:59:32 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/10/22 23:59:37 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/10/22 23:59:38 | 006,639,616 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Files - Unicode (All) ==========
[2009/09/08 16:50:55 | 000,000,000 | ---D | C](C:\Users\guo\Documents\????(1)) -- C:\Users\guo\Documents\书序汇总(1)
[2009/09/03 21:45:02 | 000,000,000 | ---D | M](C:\Users\guo\Documents\????(1)) -- C:\Users\guo\Documents\书序汇总(1)
< End of report >

Golden123 · 2010/04/11

OTL Extras logfile created on: 11/04/2010 20:21:46 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\guo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.57 Gb Total Space | 46.34 Gb Free Space | 16.94% Space Free | Partition Type: NTFS
Drive D: | 410.41 Gb Total Space | 160.66 Gb Free Space | 39.15% Space Free | Partition Type: NTFS
Drive E: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GUO-PC
Current User Name: guo
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00416094-5DE7-4E28-BB0E-01F3276205C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4514373D-A2BF-49A1-9F9D-F2C07F55B3D5}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B2880A-2809-4A64-838B-37231D518ADF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{09D7CB4F-86CB-4174-A9C9-CF361B161D60}" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{0D6A5AE8-127D-42D8-A4A9-8AE6989A0B51}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{17529584-E956-4B9B-8C1C-6046E33F1ED3}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{1B00D152-544B-4756-8929-582034F42776}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{1FC8EF99-C14C-424C-8F36-9B23B828D5C0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{28F8A164-0ABA-4AD0-899A-296EF1B47CCF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{29EE13DD-331F-42B2-99A4-56CD5A6EEE75}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E7BFB74-39F8-4E9C-8A38-653EFC2B2FCA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{2E9DFF27-E397-4D98-AEF4-38987943FCDD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{3C91A01A-A875-4567-AC96-8A92DBAA0DF5}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{3CA37683-0AC5-4BF5-BE86-CB13CCA97E1C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{3E833765-D620-4571-A9E4-D898A571D6C9}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{401471BA-6216-4A36-B870-09DC528DA315}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4258AF3D-4E6F-4B29-821A-233C07547711}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{4956F7CE-0C4A-46C1-B238-4B50C81763A1}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{4B886FD6-35A2-4648-8DB4-63F50E76FB10}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5558CCBF-E34C-4C4E-AE54-3E2748C8574F}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{57160828-E98B-4BCD-8EFC-D43C23448960}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{589BFF8F-A460-4B6D-A2BB-D7A1CBA4B54A}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{61B52973-7ADF-4CFD-8E06-38C5525B6011}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{69BFB2AD-7FE4-4C42-B422-077D6D4EDCDB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6BA3360A-F2BD-45FD-A780-7A2A57877BB2}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{7884E272-A1B2-44C5-91B5-60D8EB5B7CB6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7D488CB8-0987-4353-93AF-B77822951305}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7EE244E6-7F73-46A9-8DF3-70DA8B330BBE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{904203D7-7A47-45E6-AF26-24831221F636}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{9BFA40D2-5997-4F4D-9E89-10FADF5A895D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{9EE73601-9C4B-4297-9B3A-FE91E6BDC0BD}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A954180B-DB7A-48DA-BE0E-9F17472546E8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B79118D5-D9A0-4A5A-9F45-218799A0C3D3}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{BB294CCD-2176-4128-B533-9F822AF2B465}" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{BFD301E0-2ABE-4557-9870-50EAB1F567B7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{CB782D32-33D0-4472-B782-FF8447D81F8A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DBFB7C63-1BE9-4611-BFB1-FEA4CF48C3D8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DC3314A5-2283-4712-AC9F-DB4A13AEB660}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DE7C6370-9E4B-4106-817E-140D326B925E}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{F7813E82-BA89-4849-ACB2-A0A51D5FAFF2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FA833AAA-8AD3-4E96-818E-54D50A6C4A8F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{FF2643EF-3E4D-4A2A-84AD-A522D020BD9D}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0017A998-81D6-3C60-37BA-CC0270227FE4}" = CCC Help Norwegian
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{05308138-2A97-6457-DEFD-A9DAA0A4BB6B}" = Catalyst Control Center Localization Spanish
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AD63F91-AC37-E543-AB30-2E31F101C6FD}" = Skins
"{1294D937-4D0A-2481-0AE5-713E10803544}" = CCC Help Japanese
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EFAA3FF-06D7-463A-0116-5AF5A9801BC3}" = Catalyst Control Center Localization Swedish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2C11389D-7D84-25A8-6511-EDAC3C894CDF}" = Catalyst Control Center Localization Norwegian
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.009.00
"{3474C36B-005C-5D61-3806-319C9F22B014}" = Catalyst Control Center Localization Finnish
"{3510C83C-0103-D6A6-42E2-2393D95E130A}" = Catalyst Control Center Graphics Full New
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{465E6ED3-E9C8-0578-2EAF-14306B537947}" = Catalyst Control Center Core Implementation
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{51BB0AA0-424C-67E9-0F3D-8A950B591FC0}" = ccc-utility
"{5506C4D6-B86C-841A-C8FB-C0A1778DE588}" = Catalyst Control Center Localization Danish
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{5903BD7F-67A1-3EB7-1E38-D8E916DA18C6}" = CCC Help Dutch
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{64D7A8CF-A1C5-F905-437F-E71DB9C20318}" = CCC Help Spanish
"{675F649A-1775-7D59-0724-906116A4FA41}" = Catalyst Control Center Localization Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70080BD1-A2DE-E4B2-AB57-4C1A940BCC72}" = Catalyst Control Center Localization German
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739941B6-3C0F-290A-0B76-08C7CEA6F0F3}" = Catalyst Control Center InstallProxy
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{83A0E37B-17DF-161A-7D5F-6CEB5B59D8C5}" = CCC Help French
"{895B75F0-0EDA-6CC3-03FA-18068BC27ED4}" = Catalyst Control Center Localization Dutch
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907A9653-2900-F1DB-3CFB-B87CF6A1DD38}" = ATI Catalyst Install Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9CF9ED6F-4AAC-DF47-0B98-D77B44F8FE58}" = CCC Help English
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.03.10
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B69991AB-BE6D-C759-B3BC-5D318753592E}" = CCC Help Swedish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{C3F677EC-AC3C-22AD-FF91-1FF1918CB182}" = Catalyst Control Center Localization Japanese
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C885D139-5092-D20B-EC30-3FCAF3AC3EF2}" = CCC Help Danish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E0326792-4269-7E77-2CA0-FAE03F45A388}" = Catalyst Control Center Graphics Previews Vista
"{E0E21795-C479-927B-AE38-968CDBC932EF}" = ccc-core-static
"{E40096C5-F047-C5A9-7119-A4DFB0DE0775}" = Catalyst Control Center Localization French
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED854376-A148-5760-598B-EF3EFD647222}" = Catalyst Control Center Graphics Full Existing
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2F704C8-0B59-A3B3-D69B-805D06629B08}" = CCC Help Italian
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8C7A3FD-81B8-E9F1-7989-D138A7D59047}" = Catalyst Control Center Graphics Light
"{FD06CF26-F9DB-C201-B3B0-6155DAB99514}" = CCC Help German
"{FD3D5956-1F39-9DA1-5780-4749847B965A}" = CCC Help Finnish
"7-Zip" = 7-Zip 4.57
"8461-7759-5462-8226" = Vuze
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Comical_is1" = Comical 0.8
"ffdshow_is1" = ffdshow [rev 2719] [2009-02-24]
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"NDSROM Player" = NDSROM Player
"NVIDIA Drivers" = NVIDIA Drivers
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PunkBusterSvc" = PunkBuster Services
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.14

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/04/2010 07:51:14 | Computer Name = guo-PC | Source = EventSystem | ID = 4609
Description =

Error - 03/04/2010 08:03:49 | Computer Name = guo-PC | Source = EventSystem | ID = 4609
Description =

Error - 03/04/2010 08:22:04 | Computer Name = guo-PC | Source = VSS | ID = 39
Description =

Error - 03/04/2010 08:22:04 | Computer Name = guo-PC | Source = VSS | ID = 8193
Description =

Error - 03/04/2010 08:41:08 | Computer Name = guo-PC | Source = Google Update | ID = 20
Description =

Error - 03/04/2010 09:41:08 | Computer Name = guo-PC | Source = Google Update | ID = 20
Description =

Error - 03/04/2010 09:55:30 | Computer Name = guo-PC | Source = EventSystem | ID = 4609
Description =

Error - 03/04/2010 09:55:30 | Computer Name = guo-PC | Source = VSS | ID = 19
Description =

Error - 03/04/2010 09:55:30 | Computer Name = guo-PC | Source = VSS | ID = 8193
Description =

Error - 03/04/2010 09:55:30 | Computer Name = guo-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/04/2010 04:20:17 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 04:23:13 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 06:12:39 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 06:15:47 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 13:41:20 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 13:44:18 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 14:31:25 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 14:34:32 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 14:39:34 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/04/2010 14:42:41 | Computer Name = guo-PC | Source = Service Control Manager | ID = 7030
Description =

< End of report >

broni · 2010/04/11

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\RunOnce: [] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Golden123 · 2010/04/11

Ran the check and computer rebooted, but once again couldn't start up. In fact it seems to have taken a turn for the worst (probably not to do with the fixes), and hangs at the loading black Vista screen with the green bars. Obviously, since Windows didn't boot, I never got the fix log.

Ran startup repair and managed to get back into safe mode. I've had the above problem before (see my other topic on these forums) and I've had some luck with managing to load into the desktop at normal mode after a disk check so I'll try to get that done.

Maybe this is a Vista problem, as well as malware? I'd love to hear your thoughts, but I was re-directed here from the Vista section so maybe it is the latter.

I'd like to take a break from messing with the computer for today, I'll post back tomorrow with the next quick scan log. Really appreciate the time you spent helping me today (some very quick replies!)

broni · 2010/04/11

I'm starting to doubt, we're dealing with an infection here.
I'd like to see that quick scan log and whenever you have a chance....

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

Log in or Sign up

Inactive Computer freezing at startup

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Computer freezing at startup

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Golden123 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches