Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected Again!!


  • This topic is locked This topic is locked
5 replies to this topic

#1 manicd

manicd

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 10 June 2010 - 05:08 PM

Hi

My computer was recently infected with a Trojan caused by the an exploit of Java which I managed to resolve with some help. I ran a scan on my machine today & it seems to have been compromised again in the same way. Would anyone be so kind as to take a look a my log?

Thank you.

Infection Location:
C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3a530d2b-4da642c5
C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6479113e-2985c737

DDS Log


QUOTE
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 21:43:22.30 on 10/06/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1635 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Dan\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dan\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0809&m=aspire_7730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0809&m=aspire_7730
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {5F5C77F2-51C5-46C9-8645-7237001BADD8} = 212.74.112.66 212.74.112.67
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\c3wkt1ht.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2009-8-12 61424]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-8-12 81504]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-17 24576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-12 304464]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2009-8-12 122368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-17 81296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-12 20952]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-17 3658752]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2009-8-12 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2009-8-12 12672]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2009-8-12 49408]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2009-3-18 86016]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\AVerA310USB.sys [2008-4-17 25856]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-4-17 42880]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-3 112128]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-06-09 20:17:55 0 d-----w- C:\$RECYCLE.BIN
2010-06-05 19:57:41 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-05-31 15:54:16 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-31 15:54:14 0 d-----w- c:\windows\system32\QuickTime
2010-05-31 15:54:08 0 d-----w- c:\programdata\TechSmith
2010-05-31 15:53:54 0 d-----w- c:\program files\common files\TechSmith Shared
2010-05-28 16:16:47 0 d-----w- C:\found.000
2010-05-28 10:03:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-28 09:57:59 524288 --sha-w- c:\users\dan\ntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TMContainer00000000000000000002.regtrans-ms
2010-05-28 09:57:58 65536 --sha-w- c:\users\dan\ntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TM.blf
2010-05-28 09:57:58 524288 --sha-w- c:\users\dan\ntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TMContainer00000000000000000001.regtrans-ms
2010-05-21 22:29:41 0 d-----w- c:\programdata\SUPERAntiSpyware.com

==================== Find3M ====================

2010-05-29 00:33:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 00:32:52 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-02 00:32:52 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 22:03:09 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-31 15:04:07 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:44:05.28 ===============

­­_____________________________

GMER Log


QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-10 22:29:42
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Dan\AppData\Local\Temp\kxrdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\Windows\system32\drivers\st330.sys entry point in "init" section [0x9014AE00]
init C:\Windows\system32\drivers\lpwdm.sys entry point in "init" section [0x90150880]
init C:\Windows\system32\drivers\stbus.sys entry point in "init" section [0x90154192]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xB1F3141C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xB1F32000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[568] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 75C5B364 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2180] kernel32.dll!SetUnhandledExceptionFilter 7717A84F 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\explorer.exe[3984] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 75C5B364 4 Bytes [50, 26, A9, 02]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snman380.sys (Acronis Snapshot API/Acronis)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3acdd226
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f3acdd226 (not active ControlSet)

---- EOF - GMER 1.0.15 ----








Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 15 June 2010 - 05:44 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 manicd

manicd
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 18 June 2010 - 06:15 PM

Hi elise025

I'm not experiencing any immediate problems as such I just want to verify that I am working on a clean machine, I hope you don't mind.

                                   

OTL Log

QUOTE
OTL logfile created on: 18/06/2010 22:48:43 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:UsersDanDesktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
Drive C: | 69.52 Gb Total Space | 33.05 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 69.43 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN-PC
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/18 22:44:02 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:UsersDanDesktopOTL.exe
PRC - [2010/06/09 21:39:03 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:UsersDanAppDataLocaltempRtkBtMnt.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
PRC - [2010/01/07 19:33:22 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:Program FilesThomsonST330servicest330service.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:Program FilesTomTom HOME 2TomTomHOMEService.exe
PRC - [2009/07/27 16:33:28 | 000,341,312 | ---- | M] (BillP Studios) -- C:Program FilesBillP StudiosWinPatrolWinPatrol.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:Windowsexplorer.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:Program FilesESETESET Smart Securityekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:Program FilesESETESET Smart Securityegui.exe
PRC - [2009/01/20 23:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe
PRC - [2009/01/20 23:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe
PRC - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
PRC - [2009/01/20 23:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
PRC - [2008/09/02 11:06:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:WindowsSystem32igfxext.exe
PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe
PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
PRC - [2008/07/02 03:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:Program FilesLaunch ManagerQtZgAcer.EXE
PRC - [2008/05/12 22:11:04 | 000,167,936 | ---- | M] (CyberLink) -- C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe
PRC - [2008/04/28 08:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:WindowsRtHDVCpl.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:Program FilesAcerEmpowering TechnologyServiceETService.exe
PRC - [2008/03/18 04:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:WindowsSystem32agrsmsvc.exe
PRC - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
PRC - [2008/03/05 07:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
PRC - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () -- C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:ACERMobility CenterMobilityService.exe
PRC - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:WindowsPLFSetI.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:Program FilesSeagateBasicsServiceSyncServicesBasics.exe


========== Modules (SafeList) ==========

MOD - [2010/06/18 22:44:02 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:UsersDanDesktopOTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:Windowswinsxsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0comctl32.dll
MOD - [2008/01/21 03:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/07 19:33:22 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:Program FilesThomsonST330servicest330service.exe -- (st330service)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:Program FilesTomTom HOME 2TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSystem32FntCache.dll -- (FontCache)
SRV - [2009/08/25 14:31:34 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/03/18 13:40:14 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:Program FilesAutodesk3ds Max 2009mentalraysatelliteraysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:Program FilesESETESET Smart SecurityEHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:Program FilesESETESET Smart Securityekrn.exe -- (ekrn)
SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:Program FilesCommon FilesAcronisSchedule2schedul2.exe -- (AcrSch2Svc)
SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:Program FilesAcerEmpowering TechnologyServiceETService.exe -- (ETService)
SRV - [2008/03/18 04:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:WindowsSystem32agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe -- (CLHNService)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:AcerMobility CenterMobilityService.exe -- (MobilityService)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:Program FilesSeagateBasicsServiceSyncServicesBasics.exe -- (Basics Service)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WindowsSystem32driversmbam.sys -- (MBAMProtector)
DRV - [2009/08/13 21:31:54 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:Windowssystem32DRIVERStdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/08/13 21:31:50 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:Windowssystem32DRIVERStimntr.sys -- (timounter)
DRV - [2009/08/13 21:31:50 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:WindowsSystem32driverstifsfilt.sys -- (tifsfilter)
DRV - [2009/08/13 21:31:46 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:Windowssystem32DRIVERSsnman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/08/12 22:11:16 | 000,049,408 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversstppp.sys -- (stppp)
DRV - [2009/08/12 22:11:16 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversst330.sys -- (ST330)
DRV - [2009/08/12 22:11:16 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversstbus.sys -- (STBUS)
DRV - [2009/02/06 14:24:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:WindowsSystem32driversepfwwfp.sys -- (epfwwfp)
DRV - [2009/02/06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversepfwndis.sys -- (Epfwndis)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:WindowsSystem32driversepfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:WindowsSystem32driversehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:WindowsSystem32driverseamon.sys -- (eamon)
DRV - [2008/09/02 11:07:00 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversIntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/09/02 11:05:00 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversigdkmd32.sys -- (igfx)
DRV - [2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:Windowssystem32DRIVERSiaStor.sys -- (iaStor)
DRV - [2008/07/02 03:52:00 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversDKbFltr.sys -- (DKbFltr)
DRV - [2008/05/24 21:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:Program FilesUltraISOdriversISODrive.sys -- (ISODrive)
DRV - [2008/05/09 12:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:Program FilesAcer Arcade DeluxePlayMovie000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/28 09:26:42 | 002,127,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversRTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversNETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/21 04:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversjmcr.sys -- (JMCR)
DRV - [2008/04/15 03:20:48 | 000,025,856 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversAVerA310USB.sys -- (A310)
DRV - [2008/04/15 03:20:38 | 000,042,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversAVerA310Cap.sys -- (BDASwCap)
DRV - [2008/03/28 12:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversb57nd60x.sys -- (b57nd60x)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:WindowsSystem32driversint15.sys -- (int15)
DRV - [2008/03/05 07:38:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:WindowsSystem32driversPSDVdisk.sys -- (psdvdisk)
DRV - [2008/03/05 07:38:44 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:WindowsSystem32driversPSDNServ.sys -- (PSDNServ)
DRV - [2008/03/05 07:38:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:Windowssystem32DRIVERSpsdfilter.sys -- (PSDFilter)
DRV - [2008/02/29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversAGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversNTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversadpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversmegasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversmegasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversadpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:Windowssystem32drivershpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversadpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverslsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversE1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversarcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversiastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversvsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverslsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversarc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverselxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverslsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversnvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversnvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversadp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversuliahci.sys -- (uliahci)
DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversviaide.sys -- (viaide)
DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverscmdide.sys -- (cmdide)
DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversaliide.sys -- (aliide)
DRV - [2008/01/18 04:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversSynTP.sys -- (SynTP)
DRV - [2008/01/16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPNTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/03/28 15:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driverswinbondcir.sys -- (winbondcir)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversnfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversiirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversdjsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversiteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversiteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssymc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversmraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:Windowssystem32driverssym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversbrserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:Windowssystem32driversbrusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:Windowssystem32driversbrfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:Windowssystem32driversbrfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversbrserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversbrusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:Windowssystem32driversntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_7730


IE - HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0



IE - HKUS-1-5-21-378433352-3681358149-1633224535-1000SOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKUS-1-5-21-378433352-3681358149-1633224535-1000SOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKUS-1-5-21-378433352-3681358149-1633224535-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_7730
IE - HKUS-1-5-21-378433352-3681358149-1633224535-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLMsoftwaremozillaMozilla Firefox 3.6.3extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2010/04/03 23:05:25 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaMozilla Firefox 3.6.3extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2010/06/09 23:27:34 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaThunderbirdExtensionseplgTb@eset.com: C:Program FilesESETESET Smart SecurityMozilla Thunderbird [2009/08/13 21:24:54 | 000,000,000 | ---D | M]

[2010/03/07 00:15:05 | 000,000,000 | ---D | M] -- C:UsersDanAppDataRoamingMozillaExtensions
[2009/11/29 19:48:57 | 000,000,000 | ---D | M] -- C:UsersDanAppDataRoamingMozillaExtensionshome2@tomtom.com
[2010/06/18 22:41:33 | 000,000,000 | ---D | M] -- C:UsersDanAppDataRoamingMozillaFirefoxProfilesc3wkt1ht.defaultextensions
[2010/06/12 22:24:16 | 000,000,000 | ---D | M] (FlashGot) -- C:UsersDanAppDataRoamingMozillaFirefoxProfilesc3wkt1ht.defaultextensions{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/03/07 00:17:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:UsersDanAppDataRoamingMozillaFirefoxProfilesc3wkt1ht.defaultextensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/09 23:22:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:UsersDanAppDataRoamingMozillaFirefoxProfilesc3wkt1ht.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/07 02:00:33 | 000,000,000 | ---D | M] -- C:UsersDanAppDataRoamingMozillaFirefoxProfilesc3wkt1ht.defaultextensionsen-GB@dictionaries.addons.mozilla.org
[2010/05/29 01:34:17 | 000,000,000 | ---D | M] -- C:Program FilesMozilla Firefoxextensions
[2010/05/29 01:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/29 01:33:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:Program FilesMozilla FirefoxpluginsnpdeployJava1.dll
[2010/06/09 23:26:31 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:Program FilesMozilla FirefoxpluginsnpFoxitReaderPlugin.dll
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginsamazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginschambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:Program FilesMozilla FirefoxsearchpluginseBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginsyahoo-en-GB.xml

O1 HOSTS File: ([2010/06/09 21:17:52 | 000,000,027 | ---- | M]) - C:WindowsSystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86ActiveToolBand.dll (Egis)
O3 - HKLM..Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll (Egis Incorporated.)
O3 - HKUS-1-5-21-378433352-3681358149-1633224535-1000..ToolbarShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..Run: [Acronis Scheduler2 Service] C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe (Acronis)
O4 - HKLM..Run: [AcronisTimounterMonitor] C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe (Acronis)
O4 - HKLM..Run: [CLMLServer] C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe (CyberLink)
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe (Egis Incorporated)
O4 - HKLM..Run: [egui] C:Program FilesESETESET Smart Securityegui.exe (ESET)
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation)
O4 - HKLM..Run: [LManager] C:Program FilesLaunch ManagerQtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe ()
O4 - HKLM..Run: [RtHDVCpl] C:WindowsRtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..Run: [TrueImageMonitor.exe] C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe (Acronis)
O4 - HKLM..Run: [WinPatrol] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe (BillP Studios)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 - HKU.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKUS-1-5-18SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKUS-1-5-19SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKUS-1-5-20SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKUS-1-5-21-378433352-3681358149-1633224535-1000SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKUS-1-5-21-378433352-3681358149-1633224535-1000SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:Program FilesMicrosoft OfficeOffice12REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5Catalog_Entries000000000008 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:Program FilesCommon Filesmicrosoft sharedHelphxds.dll (Microsoft Corporation)
O18 - ProtocolFiltertext/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)
O20 - WinlogonNotifyigfxcui: DllName - igfxdev.dll - C:WindowsSystem32igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:UsersDanAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:UsersDanAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/18 22:43:36 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:UsersDanDesktopOTL.exe
[2010/06/10 18:51:50 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:UsersDanDesktopHousecallLauncher.exe
[2010/06/09 21:17:55 | 000,000,000 | ---D | C] -- C:$RECYCLE.BIN
[2010/06/09 21:16:32 | 000,000,000 | ---D | C] -- C:Windowstemp
[2010/06/09 21:16:32 | 000,000,000 | ---D | C] -- C:UsersDanAppDataLocaltemp
[2010/06/08 20:29:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msfeeds.dll
[2010/06/08 20:29:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32mstime.dll
[2010/06/08 20:29:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iedkcs32.dll
[2010/06/08 20:29:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32inetcpl.cpl
[2010/06/08 20:29:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieui.dll
[2010/06/08 20:29:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iepeers.dll
[2010/06/08 20:29:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieUnatt.exe
[2010/06/08 20:29:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msfeedsbs.dll
[2010/06/08 20:29:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iesysprep.dll
[2010/06/08 20:29:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32jsproxy.dll
[2010/06/08 20:29:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ie4uinit.exe
[2010/06/08 20:29:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iesetup.dll
[2010/06/08 20:29:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msfeedssync.exe
[2010/06/08 20:29:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32mshtml.tlb
[2010/06/08 20:29:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32iernonce.dll
[2010/06/08 20:29:34 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32win32k.sys
[2010/06/08 20:29:15 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSystem32atmfd.dll
[2010/06/08 20:29:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:WindowsSystem32atmlib.dll
[2010/06/08 20:29:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32asycfilt.dll
[2010/06/05 20:57:41 | 000,000,000 | ---D | C] -- C:ProgramDataregid.1986-12.com.adobe
[2010/06/05 01:13:46 | 000,000,000 | R--D | C] -- C:UsersDanDesktopAdobe Photoshop CS5 Ext Portable [Pre - Activated]
[2010/05/31 16:54:54 | 000,000,000 | ---D | C] -- C:UsersDanAppDataLocalTechSmith
[2010/05/31 16:54:34 | 000,000,000 | ---D | C] -- C:UsersDanDocumentsCamtasia Studio
[2010/05/31 16:54:14 | 000,000,000 | ---D | C] -- C:WindowsSystem32QuickTime
[2010/05/31 16:54:08 | 000,000,000 | ---D | C] -- C:ProgramDataTechSmith
[2010/05/31 16:53:54 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesTechSmith Shared
[2010/05/31 16:53:50 | 000,000,000 | ---D | C] -- C:Program FilesTechSmith
[2010/05/29 01:34:54 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesJava
[2010/05/29 01:34:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSystem32javaws.exe
[2010/05/29 01:34:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSystem32javaw.exe
[2010/05/29 01:34:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSystem32java.exe
[2010/05/29 01:33:51 | 000,000,000 | ---D | C] -- C:Program FilesJava
[2010/05/28 17:16:47 | 000,000,000 | ---D | C] -- C:found.000
[2010/05/28 11:03:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32tzres.dll
[2010/05/21 23:29:41 | 000,000,000 | ---D | C] -- C:ProgramDataSUPERAntiSpyware.com
[2008/07/22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:WindowsInterop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/06/18 22:48:54 | 002,883,584 | ---- | M] () -- C:UsersDanntuser.dat
[2010/06/18 22:48:00 | 000,010,093 | ---- | M] () -- C:UsersDanDesktopHi Sally.docx
[2010/06/18 22:45:52 | 000,284,915 | ---- | M] () -- C:UsersDanDesktopgmer.zip
[2010/06/18 22:44:02 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:UsersDanDesktopOTL.exe
[2010/06/18 22:35:48 | 000,006,848 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/18 22:35:48 | 000,006,848 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/18 20:36:03 | 000,000,000 | ---- | M] () -- C:WindowsSystem32LogConfigTemp.xml
[2010/06/18 20:35:54 | 000,000,006 | -H-- | M] () -- C:WindowstasksSA.DAT
[2010/06/18 20:35:47 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat
[2010/06/18 05:43:29 | 000,000,012 | ---- | M] () -- C:Windowsbthservsdp.dat
[2010/06/18 05:43:25 | 000,524,288 | -HS- | M] () -- C:UsersDanntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TMContainer00000000000000000001.regtrans-ms
[2010/06/18 05:43:25 | 000,065,536 | -HS- | M] () -- C:UsersDanntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TM.blf
[2010/06/17 00:01:22 | 002,791,724 | -H-- | M] () -- C:UsersDanAppDataLocalIconCache.db
[2010/06/12 01:34:39 | 000,099,446 | ---- | M] () -- C:UsersDanDesktopWikipedia List of Colours - Book2.xlsm
[2010/06/12 01:26:22 | 000,000,069 | ---- | M] () -- C:WindowsNeroDigital.ini
[2010/06/11 22:31:29 | 000,144,264 | ---- | M] () -- C:UsersDanDesktopWikipedia List of Colours - Book1.xlsx
[2010/06/10 21:24:21 | 000,525,824 | ---- | M] () -- C:UsersDanDesktopdds.pif
[2010/06/10 21:23:38 | 000,050,477 | ---- | M] () -- C:UsersDanDesktopDefogger.exe
[2010/06/10 18:52:06 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:UsersDanDesktopHousecallLauncher.exe
[2010/06/09 21:18:00 | 000,000,215 | ---- | M] () -- C:Windowssystem.ini
[2010/06/09 21:17:52 | 000,000,027 | ---- | M] () -- C:WindowsSystem32driversetchosts
[2010/06/08 20:41:47 | 000,370,640 | ---- | M] () -- C:WindowsSystem32FNTCACHE.DAT
[2010/06/06 01:59:32 | 000,690,960 | ---- | M] () -- C:WindowsSystem32PerfStringBackup.INI
[2010/06/06 01:59:32 | 000,600,378 | ---- | M] () -- C:WindowsSystem32perfh009.dat
[2010/06/06 01:59:32 | 000,105,852 | ---- | M] () -- C:WindowsSystem32perfc009.dat
[2010/05/30 16:42:16 | 000,094,720 | ---- | M] () -- C:UsersDanAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/29 01:33:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSystem32javaws.exe
[2010/05/29 01:33:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSystem32javaw.exe
[2010/05/29 01:33:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSystem32java.exe
[2010/05/29 01:33:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSystem32deployJava1.dll
[2010/05/28 11:15:12 | 000,524,288 | -HS- | M] () -- C:UsersDanntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TMContainer00000000000000000002.regtrans-ms
[2010/05/28 03:15:05 | 000,524,288 | -HS- | M] () -- C:UsersDanntuser.dat{5b24a92c-2daf-11df-9ca6-f42ac42e2f8f}.TMContainer00000000000000000001.regtrans-ms
[2010/05/28 03:15:05 | 000,065,536 | -HS- | M] () -- C:UsersDanntuser.dat{5b24a92c-2daf-11df-9ca6-f42ac42e2f8f}.TM.blf
[2010/05/26 18:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:WindowsSystem32atmlib.dll
[2010/05/26 15:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSystem32atmfd.dll
[2010/05/22 03:35:30 | 002,621,440 | ---- | M] () -- C:UsersDanntuser.bak
[2010/05/22 02:41:07 | 000,000,418 | -H-- | M] () -- C:WindowstasksUser_Feed_Synchronization-{12F32B20-BB51-4B78-87C7-43D3B688E45A}.job

========== Files Created - No Company Name ==========

[2010/06/18 22:47:59 | 000,010,093 | ---- | C] () -- C:UsersDanDesktopHi Sally.docx
[2010/06/18 22:45:51 | 000,284,915 | ---- | C] () -- C:UsersDanDesktopgmer.zip
[2010/06/11 22:59:15 | 000,099,446 | ---- | C] () -- C:UsersDanDesktopWikipedia List of Colours - Book2.xlsm
[2010/06/11 22:31:28 | 000,144,264 | ---- | C] () -- C:UsersDanDesktopWikipedia List of Colours - Book1.xlsx
[2010/06/10 21:41:35 | 000,293,376 | ---- | C] () -- C:UsersDanDesktopgmer.exe
[2010/06/10 21:23:54 | 000,525,824 | ---- | C] () -- C:UsersDanDesktopdds.pif
[2010/06/10 21:23:38 | 000,050,477 | ---- | C] () -- C:UsersDanDesktopDefogger.exe
[2010/05/28 10:57:59 | 000,524,288 | -HS- | C] () -- C:UsersDanntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TMContainer00000000000000000002.regtrans-ms
[2010/05/28 10:57:58 | 000,524,288 | -HS- | C] () -- C:UsersDanntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TMContainer00000000000000000001.regtrans-ms
[2010/05/28 10:57:58 | 000,065,536 | -HS- | C] () -- C:UsersDanntuser.dat{4d492825-6a3f-11df-9530-ed519775328f}.TM.blf
[2010/05/22 01:51:56 | 000,000,418 | -H-- | C] () -- C:WindowstasksUser_Feed_Synchronization-{12F32B20-BB51-4B78-87C7-43D3B688E45A}.job
[2010/01/14 01:08:23 | 000,000,160 | ---- | C] () -- C:Windowswininit.ini
[2009/11/02 21:12:08 | 000,000,069 | ---- | C] () -- C:WindowsNeroDigital.ini
[2009/10/17 21:32:55 | 000,001,694 | ---- | C] () -- C:WindowsRtDefLvl.ini
[2009/08/14 19:16:21 | 000,117,248 | ---- | C] () -- C:WindowsSystem32EhStorAuthn.dll
[2009/08/13 19:15:36 | 000,000,000 | ---- | C] () -- C:WindowsPhotoNow.INI
[2009/08/12 21:22:56 | 000,626,688 | ---- | C] () -- C:WindowsImage.dll
[2009/08/12 21:22:56 | 000,000,036 | ---- | C] () -- C:WindowsPidList.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:WindowsSystem32OGACheckControl.dll
[2008/09/03 09:28:46 | 000,004,608 | ---- | C] () -- C:WindowsSystem32HdmiCoin.dll
[2008/09/03 09:28:40 | 000,147,456 | ---- | C] () -- C:WindowsSystem32igfxCoIn_v1527.dll
[2008/04/17 17:09:32 | 000,001,024 | RH-- | C] () -- C:WindowsSystem32NTIOFM4.dll
[2008/04/17 17:09:32 | 000,001,024 | RH-- | C] () -- C:WindowsSystem32NTIBUN5.dll
[2008/04/17 17:08:48 | 001,060,424 | ---- | C] () -- C:WindowsSystem32WdfCoInstaller01000.dll
[2008/04/17 16:38:04 | 000,204,800 | ---- | C] () -- C:WindowsSystem32SysHook.dll
[2008/04/17 16:34:50 | 000,487,424 | ---- | C] () -- C:WindowsSystem32INT15.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:WindowsSystem32pacerprf.ini
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:WindowsSystem32multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:WindowsSystem32Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:WindowsSystem32HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:WindowsSystem32HMPV2_ENC_MMX.dll
< End of report >


OTL Extras Log

QUOTE
OTL Extras logfile created on: 18/06/2010 22:48:43 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:UsersDanDesktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
Drive C: | 69.52 Gb Total Space | 33.05 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 69.43 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN-PC
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.hlp [@ = hlpfile] -- C:Windowswinhlp32.exe (Microsoft Corporation)

[HKEY_USERSS-1-5-21-378433352-3681358149-1633224535-1000SOFTWAREClasses<extension>]
.html [@ = FirefoxHTML] -- C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:Program FilesMicrosoft OfficeOffice12msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:Program FilesVideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:PROGRA~1MICROS~2Office12ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:Program FilesVideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{0FE7E3D9-8A9C-4B43-8669-984E10065142}" = lport=137 | protocol=17 | dir=in | app=system |
"{3BA0C706-4D2C-4002-AAF9-04A4C018111B}" = lport=139 | protocol=6 | dir=in | app=system |
"{510466A6-4FEA-411E-8166-00F733748175}" = lport=138 | protocol=17 | dir=in | app=system |
"{626FA029-5641-4FA3-872C-D5E8E53E13AC}" = rport=137 | protocol=17 | dir=out | app=system |
"{797E2BFA-D78F-446E-84EB-BBFF6C567F65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D5B80EB-0CEB-4DB7-9B0F-D9FFAA1B86FE}" = lport=445 | protocol=6 | dir=in | app=system |
"{B5B17F94-6D4E-4FE6-A912-F0B8697C69A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{C27DF567-A1B9-4462-A7A4-8AF4044FA1D8}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA701735-A203-4F7A-881D-B02F830A34AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{E2B81CFF-5B06-4151-B502-1ADEF3ACDDEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{04E7EAEF-921A-4009-B65B-568444E68A9D}" = protocol=6 | dir=in | app=c:program filesitunesitunes.exe |
"{0F4C5184-7313-45E6-9278-0C2BDA169A08}" = protocol=17 | dir=in | app=c:tempthomsoninstaller.exe |
"{1C1074DF-9FEA-4D78-8A24-352EE10ADBED}" = protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice12onenote.exe |
"{1F5521FD-C1DF-4482-84CE-B900DD165ECA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3805981A-62F9-47D3-BD6E-7DB5E29B8296}" = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
"{47AB4AFE-338A-4505-9895-DEC504BF2C99}" = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
"{53239FB9-2D1B-429F-B2F9-A51334F51FFC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{586F8334-C461-4E65-85EE-2F0A1D081EE8}" = dir=in | app=c:program filesacer arcade deluxeplaymoviepmvservice.exe |
"{78F96D64-3B6F-493E-979B-588E5CC03F41}" = protocol=17 | dir=in | app=c:program filesitunesitunes.exe |
"{7B1037E5-E91D-4E80-A479-71331B85F9D5}" = protocol=6 | dir=in | app=c:program filesautodeskbackburnermonitor.exe |
"{7FE18141-D91A-4F00-94F5-2DD5373C23A5}" = protocol=6 | dir=in | app=c:program filesautodesk3ds max 20093dsmax.exe |
"{8056EFA3-3834-441D-80F2-B10BB63451D6}" = protocol=17 | dir=in | app=e:sthiwvstinstall.exe |
"{81D627CD-6A2E-47DE-9FE3-3B76E0F63D63}" = protocol=6 | dir=in | app=e:sthiwvstinstall.exe |
"{8CCE44D8-28C5-4ABF-88FB-D7AB7ED414AA}" = protocol=6 | dir=in | app=c:program filesmicrosoft officeoffice12onenote.exe |
"{96DA9A74-129A-463C-B442-83E7A8A0CCD7}" = protocol=6 | dir=in | app=c:program filesthomsonst330servicest330service.exe |
"{9805DBFC-A56A-42C7-846E-BE60E0890235}" = protocol=6 | dir=in | app=c:tempthomsoninstaller.exe |
"{A609D5AA-1ED7-411A-BA11-9CE540D2DEC0}" = protocol=6 | dir=in | app=c:program filesautodeskbackburnerserver.exe |
"{A95ECE6B-9DFA-424B-AFC8-61514123A55B}" = dir=in | app=c:program filesacer arcade deluxehomemediahomemedia.exe |
"{B73F115D-FBD3-44BC-AE19-1FBD714214C6}" = protocol=6 | dir=in | app=c:program filesautodeskbackburnermanager.exe |
"{C40B2D16-E2E2-4466-B8D4-FF4DC93E4BB4}" = protocol=6 | dir=in | app=c:program filesitunesitunes.exe |
"{CC87B920-1745-4FB9-9093-2B7ADE0215E0}" = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
"{CE395DE5-25E1-49D4-841A-C04971C8B95E}" = protocol=17 | dir=in | app=c:program filesautodeskbackburnermonitor.exe |
"{CF60A0B0-080A-4E33-8AB5-B71E31865410}" = protocol=17 | dir=in | app=c:program filesitunesitunes.exe |
"{D0360EFB-AA89-4656-8DD8-959FDA02324A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D0CE59B2-9620-4DDE-8882-58154AAEFEF6}" = dir=in | app=c:program filesacer arcade deluxeplaymovieplaymovie.exe |
"{D0E11823-7DEB-495D-ADA3-AC7365F3FCA1}" = protocol=17 | dir=in | app=c:program filesthomsonst330servicest330service.exe |
"{D31360B4-34C0-4457-AB1A-34DE9CF951A2}" = protocol=17 | dir=in | app=c:program filesautodeskbackburnerserver.exe |
"{DE8F8888-EAFE-402E-93B2-2CECAA64D25F}" = protocol=17 | dir=in | app=c:program filesautodeskbackburnermanager.exe |
"{E5E19D79-83AB-45C6-97C3-F53BC1F45880}" = dir=in | app=c:program filesacer arcade deluxeacer arcade deluxeacer arcade deluxe.exe |
"{F0517C32-0335-4CCA-894E-3D47F2151D12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F8EDFF75-1A81-4013-8165-BAFE10148FA7}" = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
"{FD9568DA-694D-4C16-8700-C159716CB63D}" = protocol=17 | dir=in | app=c:program filesautodesk3ds max 20093dsmax.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Javaâ„¢ 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C6115A28-F277-4E82-B067-84D28BF21033}" = Nero 7 Premium
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"AutoCAD 2009 - English Version 4" = AutoCAD 2009 - English Version 4
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OJOsoft Total Video Converter2.5.1.1121" = OJOsoft Total Video Converter
"Revo Uninstaller" = Revo Uninstaller 1.87
"Smart Defrag_is1" = Smart Defrag
"SpeedTouch 330" = SpeedTouch 330
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"UltraISO_is1" = UltraISO Premium V9.31
"VLC media player" = VLC media player 1.0.3
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERSS-1-5-21-378433352-3681358149-1633224535-1000SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"GanttProject 2.0.10" = GanttProject 2.0.10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/01/2010 22:34:42 | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/01/2010 04:02:45 | Computer Name = Dan-PC | Source = RaySat_3dsmax2009_32 Server | ID = 131074
Description =

Error - 09/01/2010 04:02:49 | Computer Name = Dan-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/01/2010 04:18:28 | Computer Name = Dan-PC | Source = Perflib | ID = 1010
Description =

Error - 09/01/2010 04:35:56 | Computer Name = Dan-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x03172652, process id 0x260, application start time
0x01ca91021e17a030.

Error - 09/01/2010 04:36:15 | Computer Name = Dan-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00795cba, process id 0x1514, application start time
0x01ca9106c8ba1280.

Error - 09/01/2010 04:36:33 | Computer Name = Dan-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x04d32eff, process id 0x1570, application start time
0x01ca9106d3ec0a00.

Error - 09/01/2010 04:37:54 | Computer Name = Dan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x007c5ef3, process id 0xe14, application start time
0x01ca9106dbf70f60.

Error - 09/01/2010 06:56:44 | Computer Name = Dan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x03d015c9, process id 0x16b0, application start time
0x01ca91070ed14f40.

Error - 09/01/2010 07:14:13 | Computer Name = Dan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00786539, process id 0x169c, application start time
0x01ca911a84f39440.

[ OSession Events ]
Error - 18/12/2009 20:44:33 | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1457
seconds with 240 seconds of active time. This session ended with a crash.

Error - 31/03/2010 19:50:58 | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 155
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/04/2010 15:25:11 | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1933
seconds with 240 seconds of active time. This session ended with a crash.

Error - 30/05/2010 21:08:29 | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1280
seconds with 960 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09/06/2010 16:10:53 | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 09/06/2010 16:10:54 | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 09/06/2010 16:10:56 | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 09/06/2010 16:11:26 | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 09/06/2010 16:16:36 | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 09/06/2010 16:38:30 | Computer Name = Dan-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:36:28 on 09/06/2010 was unexpected.

Error - 11/06/2010 15:56:11 | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/06/2010 15:56:41 | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 14/06/2010 17:17:19 | Computer Name = Dan-PC | Source = DCOM | ID = 10000
Description =

Error - 16/06/2010 18:34:42 | Computer Name = Dan-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Speedtouch PPP Adapter' (STBUSSTPPPOAID6&2d814957&0&0000)
disappeared from the system without first being prepared for removal.


< End of report >

                        
GMER LOG
QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-18 23:25:32
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:UsersDanAppDataLocalTempkxrdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:Windowssystem32driversst330.sys entry point in "init" section [0x90D4DE00]
init C:Windowssystem32driverslpwdm.sys entry point in "init" section [0x90D53880]
init C:Windowssystem32driversstbus.sys entry point in "init" section [0x90D57192]
C:Program FilesAcer Arcade DeluxePlayMovie000.fcl entry point in "" section [0xAB32F41C]
.clc C:Program FilesAcer Arcade DeluxePlayMovie000.fcl unknown last code section [0xAB330000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:WindowsExplorer.EXE[676] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 76FCB364 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:Program FilesESETESET Smart Securityekrn.exe[2244] kernel32.dll!SetUnhandledExceptionFilter 766DA84F 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdiplusShutdown] [743C7817] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipCloneImage] [7441A86D] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743CBB22] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743BF695] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdiplusStartup] [743C75E9] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743BE7CA] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743F8395] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743CDA60] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipGetImageHeight] [743BFFFA] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipGetImageWidth] [743BFF61] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipDisposeImage] [743B71CF] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7444CAE2] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743EC8D8] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743BD968] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipFree] [743B6853] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipAlloc] [743B687E] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743C2AD1] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[676] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:WindowsExplorer.EXE[676] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:WindowsExplorer.EXE[676] @ C:Windowssystem32SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:WindowsExplorer.EXE[676] @ C:Windowssystem32SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:Program FilesESETESET Smart Securityegui.exe[2468] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!CreateThread] [027127E0] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:Program FilesESETESET Smart Securityegui.exe[2468] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [02711B60] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:Program FilesESETESET Smart Securityegui.exe[2468] @ C:Windowssystem32SHELL32.dll [KERNEL32.dll!GetProcAddress] [02712B60] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:Program FilesESETESET Smart Securityegui.exe[2468] @ C:Windowssystem32SHELL32.dll [KERNEL32.dll!LoadLibraryA] [027111D0] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice FileSystemNtfs Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice Driverkbdclass DeviceKeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice Driverkbdclass DeviceKeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice Drivervolmgr DeviceHarddiskVolume1 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice Drivervolmgr DeviceHarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice Drivervolmgr DeviceHarddiskVolume2 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice Drivervolmgr DeviceHarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice Drivervolmgr DeviceHarddiskVolume3 snman380.sys (Acronis Snapshot API/Acronis)

---- Registry - GMER 1.0.15 ----

Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys001f3acdd226
Reg HKLMSYSTEMControlSet003ServicesBTHPORTParametersKeys001f3acdd226 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:WindowsSoftwareDistributionDataStoreLogstmp.edb 65536 bytes

---- EOF - GMER 1.0.15 ----

                 

Thank You

Edited by manicd, 18 June 2010 - 06:48 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 19 June 2010 - 03:36 AM

All your logs look completely clean smile.gif

We can run a few tools but I don't see the sense of it, everything looks perfectly fine.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 manicd

manicd
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 19 June 2010 - 05:17 PM

No that's fine, all I wanted was the all clear. Thanks for your time elise025

Edited by manicd, 19 June 2010 - 05:48 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 20 June 2010 - 02:46 AM

You are welcome smile.gif

I will now close this topic. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users