Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
24 replies to this topic

#1 wolfetundra

wolfetundra

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 09 August 2010 - 12:01 PM

I have had a similar issue on my desktop I never could get rid of. I have since gotten myself a new laptop. It is running Windows 7. When I visit Google, via IE, any Google link I click redirects me to some spam site. I've done all I can think of as far as scans and nothing comes up. Below is my HJT log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:02 AM, on 8/9/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\StopSign\OnAccess\onaccess.exe
C:\Program Files (x86)\StopSign\PopupBlocker\sspopupblockerctrl.exe
C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files (x86)\eAcceleration\Station\station_bk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Wolfe\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {5E753934-1350-1A8D-7616-466B1E540184} - C:\Windows\SysWow64\d3dd8thk.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~2\StopSign\POPUPB~1\sspopupblocker.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [webscan] "C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files (x86)\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files (x86)\StopSign\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [StopSignPopupBlocker] C:\PROGRA~2\StopSign\POPUPB~1\sspopupblockerctrl.exe /Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~2\StopSign\POPUPB~1\sspopupblocker.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~2\StopSign\POPUPB~1\sspopupblocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FWService - eAcceleration Corp - C:\Program Files (x86)\StopSign\Firewall\FWService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StopSign Firewall Security Center Provider (ssfwmonsvc) - eAcceleration Corp - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: StopSign Update Manager - eAcceleration - C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9299 bytes


If there is anything on here other than software, it is spyware (toolbars, etc.).

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 16 August 2010 - 03:16 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      netsvcs
      drivers32 /all
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\user32.dll /md5
      %systemroot%\system32\ws2_32.dll /md5
      %systemroot%\system32\ws2help.dll /md5
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. The two logs from OTL
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wolfetundra

wolfetundra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 16 August 2010 - 08:07 PM

I have gotten the blue screen of death twice since my original post. I've backed everything up in the expectation of needing to reload. Other than that, no other issues.

During the Malware scan, one thing popped up. A Trojan I believe. Malware removed it.

MBAM Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4438
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8/16/2010 5:44:59 PM
mbam-log-2010-08-16 (17-44-59).txt
Scan type: Quick scan
Objects scanned: 128152
Time elapsed: 57 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\d3dd8thk.dll (Trojan.BHO) -> Delete on reboot.


OLT.txt
OTL logfile created on: 8/16/2010 5:56:51 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Wolfe\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 185.60 Gb Free Space | 84.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WOLFE-PC
Current User Name: Wolfe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/16 16:32:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfe\Desktop\OTL.exe
PRC - [2010/07/14 17:00:22 | 000,304,480 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\StopSign\OnAccess\onaccess.exe
PRC - [2010/06/22 12:33:55 | 000,464,208 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Station\station_bk.exe
PRC - [2010/06/17 10:20:22 | 001,406,304 | R--- | M] (eAcceleration Corp) -- C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe
PRC - [2010/05/03 16:28:57 | 000,365,912 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\StopSign\Firewall\FWService.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/15 14:56:58 | 000,144,720 | ---- | M] (eAcceleration) -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
PRC - [2010/03/15 12:33:42 | 000,111,672 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_svc.exe
PRC - [2010/03/15 12:29:37 | 000,263,504 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe
PRC - [2010/03/08 16:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 06:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/02/01 11:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/26 17:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/12/24 18:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 18:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe


========== Modules (SafeList) ==========

MOD - [2010/08/16 16:32:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfe\Desktop\OTL.exe
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/17 07:17:08 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/05/03 16:28:57 | 000,365,912 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\StopSign\Firewall\FWService.exe -- (FWService)
SRV - [2010/03/15 14:56:58 | 000,144,720 | ---- | M] (eAcceleration) [Auto | Running] -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe -- (StopSign Update Manager)
SRV - [2010/03/15 12:33:42 | 000,111,672 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_svc.exe -- (sstsmonsvc)
SRV - [2010/03/15 12:33:42 | 000,111,672 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_svc.exe -- (ssfwmonsvc)
SRV - [2010/03/15 12:33:42 | 000,111,672 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_svc.exe -- (eac_notifysvc)
SRV - [2010/03/15 12:29:37 | 000,263,504 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
SRV - [2010/03/08 16:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 06:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 11:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/05 17:51:20 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2009/11/05 17:50:50 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\Vcs.sys -- (Vcs)
DRV:64bit: - [2010/08/12 11:59:15 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/03 16:29:04 | 000,068,704 | ---- | M] (eAcceleration Corp) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fwcore.sys -- (FWCore)
DRV:64bit: - [2010/03/20 11:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/03/17 15:48:58 | 002,212,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/17 10:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/17 06:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/08 06:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 04:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 00:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/26 00:05:28 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/08/23 02:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 19:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 19:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 19:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2003/04/15 18:07:26 | 000,006,852 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Vcs.sys -- (Vcs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/11 17:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/11 20:36:24 | 000,000,000 | ---D | M]

[2010/08/11 17:25:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfe\AppData\Roaming\Mozilla\Extensions
[2010/08/11 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfe\AppData\Roaming\Mozilla\Firefox\Profiles\78fuzepx.default\extensions
[2010/08/11 17:25:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {5E753934-1350-1A8D-7616-466B1E540184} - C:\Windows\SysWow64\d3dd8thk.dll File not found
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\Program Files (x86)\StopSign\PopupBlocker\sspopupblocker.dll (eAcceleration Corp )
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [OnAccess] C:\Program Files (x86)\StopSign\OnAccess\onaccess.exe (eAcceleration Corp)
O4 - HKLM..\Run: [SoftwareStation] C:\Program Files (x86)\eAcceleration\Station\station.exe (eAcceleration Corp)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StopSignPopupBlocker] C:\Program Files (x86)\StopSign\PopupBlocker\sspopupblockerctrl.exe (eAcceleration Corp )
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [webscan] C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe (eAcceleration Corp)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\Program Files (x86)\StopSign\PopupBlocker\sspopupblocker.dll (eAcceleration Corp )
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10 24.205.224.36 71.9.127.107
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {42DD0873-5FA9-465D-90DE-0826020416A5} - C:\Program Files (x86)\StopSign\OnAccess\onaccess_hk64.dll (eAcceleration Corp)
O28 - HKLM ShellExecuteHooks: {42DD0873-5FA9-465D-90DE-0826020416A5} - C:\Program Files (x86)\StopSign\OnAccess\onaccess_hk32.dll (eAcceleration Corp)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{590afdcb-9953-11df-b057-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{590afdcb-9953-11df-b057-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/16 16:33:13 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Malwarebytes
[2010/08/16 16:33:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/16 16:33:00 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/16 16:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/16 16:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/16 16:32:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Wolfe\Desktop\OTL.exe
[2010/08/13 01:29:21 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Desktop\drivers
[2010/08/12 13:17:48 | 004,614,113 | ---- | C] (LIGHTNING UK!) -- C:\Users\Wolfe\Desktop\SetupImgBurn_2.5.1.0.exe
[2010/08/12 11:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/08/12 11:56:40 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\DAEMON Tools Lite
[2010/08/12 11:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/08/12 11:53:15 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\Users\Wolfe\Desktop\DTLite4356-0091.exe
[2010/08/11 17:25:11 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\Mozilla
[2010/08/11 17:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/11 17:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/11 05:04:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/09 10:08:52 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Desktop\Scanners
[2010/08/09 09:48:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Wolfe\Desktop\HijackThis.exe
[2010/08/09 09:41:40 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/08/09 09:39:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/06 09:25:44 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\Adobe
[2010/08/06 07:04:21 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Desktop\New folder
[2010/08/06 01:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010/08/06 01:27:40 | 002,228,534 | ---- | C] ( ) -- C:\Users\Wolfe\Desktop\audacity-win-1.2.6.exe
[2010/08/05 15:32:36 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\gtk-2.0
[2010/08/05 15:32:32 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\.thumbnails
[2010/08/05 15:31:10 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\.gimp-2.6
[2010/08/05 15:31:09 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Documents\gegl-0.0
[2010/08/05 15:30:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2010/08/05 15:24:54 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Desktop\SL
[2010/08/04 13:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Screaming Bee
[2010/08/04 13:48:54 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Screaming Bee
[2010/08/04 13:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2010/08/04 13:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010/08/04 13:21:54 | 000,021,504 | ---- | C] (Avnex) -- C:\Windows\SysNative\drivers\vcsvad.sys
[2010/08/04 12:57:43 | 000,000,000 | ---D | C] -- C:\vcs5BGEffects
[2010/08/04 12:57:41 | 000,000,000 | ---D | C] -- C:\vcs5core
[2010/08/04 12:57:41 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2010/08/04 12:55:40 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\jZip
[2010/08/04 12:55:34 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Yahoo!
[2010/08/04 12:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/04 12:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2010/08/04 11:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLife
[2010/08/04 11:06:34 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\SecondLife
[2010/08/04 11:05:03 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Desktop\GW Mod
[2010/08/03 11:57:07 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Mozilla
[2010/08/03 11:56:54 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\SecondLife
[2010/08/03 11:56:54 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\Emerald
[2010/08/03 11:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emerald Viewer
[2010/08/01 10:25:54 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Documents\DVDVideoSoft
[2010/08/01 10:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010/08/01 10:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010/08/01 10:23:59 | 013,126,304 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\Wolfe\Desktop\FreeAudioConverter.exe
[2010/08/01 01:46:10 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Desktop\conv
[2010/07/31 19:56:32 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Desktop\MP3 Player
[2010/07/31 19:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HooTech WMA MP3 Converter
[2010/07/31 19:53:56 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\MediaMonkey
[2010/07/31 19:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2010/07/31 19:53:11 | 007,822,392 | ---- | C] (Ventis Media Inc. ) -- C:\Users\Wolfe\Desktop\MediaMonkey_3.2.1.1297.exe
[2010/07/28 23:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/07/28 23:56:02 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\uTorrent
[2010/07/28 23:55:55 | 000,327,984 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Wolfe\Desktop\utorrent.exe
[2010/07/27 20:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Macromedia
[2010/07/27 20:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/07/27 13:48:12 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\Documents\Guild Wars
[2010/07/27 13:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/07/27 13:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars
[2010/07/27 00:54:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\temp
[2010/07/27 00:53:45 | 000,012,864 | ---- | C] (Un4seen Developments) -- C:\Windows\SysWow64\kara__ao.dll
[2010/07/27 00:53:44 | 000,098,872 | ---- | C] (nnnneen Developments) -- C:\Windows\SysWow64\Bass.dll
[2010/07/27 00:53:44 | 000,028,760 | ---- | C] (Mediasoft ) -- C:\Windows\SysWow64\Kara_K5.dll
[2010/07/27 00:53:44 | 000,017,472 | ---- | C] (nnnnnnn Developments) -- C:\Windows\SysWow64\Kara_C.dll
[2010/07/27 00:53:44 | 000,016,448 | ---- | C] (nnnnnnn Developments) -- C:\Windows\SysWow64\Kara_mx.dll
[2010/07/27 00:53:44 | 000,015,936 | ---- | C] (Mediasoft ) -- C:\Windows\SysWow64\Kara_ww.dll
[2010/07/27 00:53:44 | 000,012,352 | ---- | C] (nnnneen Developments) -- C:\Windows\SysWow64\Kara__E.dll
[2010/07/27 00:53:38 | 000,000,000 | ---D | C] -- C:\Edic
[2010/07/27 00:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Karaoke5
[2010/07/27 00:52:53 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\Western Digital
[2010/07/26 20:39:16 | 000,068,704 | ---- | C] (eAcceleration Corp) -- C:\Windows\SysNative\drivers\fwcore.sys
[2010/07/26 20:31:40 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\eAcceleration
[2010/07/26 20:30:59 | 000,000,000 | -H-D | C] -- C:\MyWinLockerData
[2010/07/26 20:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acceleration Software
[2010/07/26 20:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\eAcceleration
[2010/07/26 20:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eAcceleration
[2010/07/26 20:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eAcceleration
[2010/07/26 20:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StopSign
[2010/07/26 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Adobe
[2010/07/26 20:24:22 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Google
[2010/07/26 20:21:53 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\ATI
[2010/07/26 20:21:52 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\ATI
[2010/07/26 20:20:39 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\EgisTec IPS
[2010/07/26 20:20:38 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Macromedia
[2010/07/26 20:20:21 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Searches
[2010/07/26 20:20:21 | 000,000,000 | -H-D | C] -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/26 20:20:10 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Identities
[2010/07/26 20:20:06 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Contacts
[2010/07/26 20:20:04 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\VirtualStore
[2010/07/26 20:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2010/07/26 20:17:28 | 000,000,000 | --SD | C] -- C:\Users\Wolfe\AppData\Roaming\Microsoft
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Videos
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Saved Games
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Pictures
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Music
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Links
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Favorites
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Downloads
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Documents
[2010/07/26 20:17:28 | 000,000,000 | R--D | C] -- C:\Users\Wolfe\Desktop
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\AppData\Local\Temporary Internet Files
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Templates
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Start Menu
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\SendTo
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Recent
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\PrintHood
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\NetHood
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Documents\My Videos
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Documents\My Pictures
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Documents\My Music
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\My Documents
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Local Settings
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\AppData\Local\History
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Cookies
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\Application Data
[2010/07/26 20:17:28 | 000,000,000 | -HSD | C] -- C:\Users\Wolfe\AppData\Local\Application Data
[2010/07/26 20:17:28 | 000,000,000 | -H-D | C] -- C:\Users\Wolfe\AppData
[2010/07/26 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\Temp
[2010/07/26 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Local\Microsoft
[2010/07/26 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Wolfe\AppData\Roaming\Media Center Programs
[2010/07/26 20:17:22 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 90 Days ==========

[2010/08/16 17:56:31 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/16 17:56:31 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/16 17:56:31 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/16 17:51:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/16 17:51:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/16 17:51:15 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/16 17:50:39 | 001,310,720 | -HS- | M] () -- C:\Users\Wolfe\NTUSER.DAT
[2010/08/16 17:50:27 | 002,069,449 | -H-- | M] () -- C:\Users\Wolfe\AppData\Local\IconCache.db
[2010/08/16 16:36:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 16:36:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 16:33:03 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 16:32:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfe\Desktop\OTL.exe
[2010/08/15 02:16:31 | 186,692,087 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/14 01:14:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/08/13 19:04:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/08/13 13:45:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/08/13 02:25:34 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010/08/12 13:20:08 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\Users\Wolfe\Desktop\SetupImgBurn_2.5.1.0.exe
[2010/08/12 11:59:59 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/08/12 11:59:15 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/08/12 11:53:28 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\Users\Wolfe\Desktop\DTLite4356-0091.exe
[2010/08/12 11:49:39 | 000,535,482 | ---- | M] () -- C:\Users\Wolfe\Desktop\memtest86-3.5.iso.zip
[2010/08/11 17:25:23 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/08/11 17:25:08 | 000,001,927 | ---- | M] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 17:25:08 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/11 17:22:30 | 000,006,924 | ---- | M] () -- C:\Users\Wolfe\Documents\BackUps To CCleaner2.reg
[2010/08/11 17:18:20 | 000,028,536 | ---- | M] () -- C:\Users\Wolfe\Documents\BackUps To CCleaner.reg
[2010/08/11 17:11:37 | 000,000,971 | ---- | M] () -- C:\Users\Wolfe\Desktop\CCleaner.lnk
[2010/08/10 15:56:56 | 001,677,857 | ---- | M] () -- C:\Users\Wolfe\Desktop\465_7442_EFS.pdf
[2010/08/09 10:05:06 | 001,130,629 | ---- | M] () -- C:\Users\Wolfe\Desktop\tdsskiller.zip
[2010/08/09 09:48:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Wolfe\Desktop\HijackThis.exe
[2010/08/09 07:01:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/08 14:00:28 | 000,019,268 | ---- | M] () -- C:\Users\Wolfe\Desktop\CaliforniaOpenCarry.pdf
[2010/08/06 01:28:22 | 000,000,907 | ---- | M] () -- C:\Users\Wolfe\Desktop\Audacity.lnk
[2010/08/06 01:27:44 | 002,228,534 | ---- | M] ( ) -- C:\Users\Wolfe\Desktop\audacity-win-1.2.6.exe
[2010/08/05 18:36:47 | 000,005,901 | ---- | M] () -- C:\Users\Wolfe\.recently-used.xbel
[2010/08/05 15:31:04 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/08/04 23:41:34 | 000,056,533 | ---- | M] () -- C:\Users\Wolfe\Desktop\date-my-avatar-7ba3b.jpg
[2010/08/04 13:48:12 | 000,002,206 | ---- | M] () -- C:\Users\Wolfe\Desktop\MorphVOX Pro.lnk
[2010/08/04 12:55:26 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2010/08/04 12:55:26 | 000,000,883 | ---- | M] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2010/08/04 11:26:15 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Second Life.lnk
[2010/08/03 11:55:54 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Emerald Viewer.lnk
[2010/08/01 10:25:54 | 000,001,203 | ---- | M] () -- C:\Users\Wolfe\Desktop\DVDVideoSoft Free Studio.lnk
[2010/08/01 10:24:14 | 013,126,304 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Users\Wolfe\Desktop\FreeAudioConverter.exe
[2010/08/01 01:49:54 | 001,300,880 | ---- | M] () -- C:\Users\Wolfe\Documents\The Cranberries - Pretty.mp3
[2010/08/01 01:48:01 | 000,006,217 | -HS- | M] () -- C:\Users\Wolfe\Documents\Folder.jpg
[2010/08/01 01:48:01 | 000,006,217 | -HS- | M] () -- C:\Users\Wolfe\Documents\AlbumArt_{B6FCFC08-F898-43FF-AE86-9CA24C7BE488}_Large.jpg
[2010/08/01 01:48:01 | 000,001,628 | -HS- | M] () -- C:\Users\Wolfe\Documents\AlbumArtSmall.jpg
[2010/08/01 01:48:01 | 000,001,628 | -HS- | M] () -- C:\Users\Wolfe\Documents\AlbumArt_{B6FCFC08-F898-43FF-AE86-9CA24C7BE488}_Small.jpg
[2010/08/01 01:47:17 | 002,473,132 | ---- | M] () -- C:\Users\Wolfe\Documents\The Cranberries - Not Sorry.mp3
[2010/08/01 01:47:07 | 001,634,283 | ---- | M] () -- C:\Users\Wolfe\Documents\The Cranberries - How.mp3
[2010/08/01 01:47:01 | 002,229,059 | ---- | M] () -- C:\Users\Wolfe\Documents\Korn - Children Of The Korn.mp3
[2010/07/31 21:02:50 | 000,120,597 | ---- | M] () -- C:\Users\Wolfe\Desktop\4844040001_large.jpg
[2010/07/31 19:55:38 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\WMA MP3 Converter.lnk
[2010/07/31 19:54:05 | 000,000,955 | ---- | M] () -- C:\Users\Wolfe\Desktop\MediaMonkey.lnk
[2010/07/31 19:53:28 | 007,822,392 | ---- | M] (Ventis Media Inc. ) -- C:\Users\Wolfe\Desktop\MediaMonkey_3.2.1.1297.exe
[2010/07/31 19:51:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/28 23:56:42 | 000,000,931 | ---- | M] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/28 23:56:01 | 000,327,984 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Wolfe\Desktop\utorrent.exe
[2010/07/28 23:54:07 | 000,341,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/27 11:10:45 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/27 11:10:45 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/27 00:54:17 | 000,078,712 | ---- | M] () -- C:\Users\Wolfe\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/27 00:53:46 | 000,000,900 | ---- | M] () -- C:\Users\Wolfe\Desktop\Karaoke 5.lnk
[2010/07/27 00:20:47 | 000,524,288 | -HS- | M] () -- C:\Users\Wolfe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/27 00:20:47 | 000,524,288 | -HS- | M] () -- C:\Users\Wolfe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 00:20:47 | 000,065,536 | -HS- | M] () -- C:\Users\Wolfe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/26 20:40:57 | 000,000,000 | ---- | M] () -- C:\Users\Wolfe\AppData\Roaming\wklnhst.dat
[2010/07/26 20:31:40 | 000,001,961 | ---- | M] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\StopSign Software Station.lnk
[2010/07/26 20:27:09 | 000,001,401 | ---- | M] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/26 20:17:28 | 000,000,020 | -HS- | M] () -- C:\Users\Wolfe\ntuser.ini
[2010/05/31 19:18:18 | 001,687,040 | ---- | M] () -- C:\Windows\SysWow64\sysdelop.dll
[2010/05/31 19:17:36 | 001,675,776 | ---- | M] () -- C:\Windows\SysWow64\core_snap.dll

========== Files Created - No Company Name ==========

[2010/08/16 16:33:03 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/13 02:25:34 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010/08/12 11:59:59 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/08/12 11:59:15 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/08/12 11:49:33 | 000,535,482 | ---- | C] () -- C:\Users\Wolfe\Desktop\memtest86-3.5.iso.zip
[2010/08/12 00:41:09 | 186,692,087 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/11 17:25:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/11 17:25:08 | 000,001,927 | ---- | C] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 17:25:08 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/11 17:22:28 | 000,006,924 | ---- | C] () -- C:\Users\Wolfe\Documents\BackUps To CCleaner2.reg
[2010/08/11 17:18:18 | 000,028,536 | ---- | C] () -- C:\Users\Wolfe\Documents\BackUps To CCleaner.reg
[2010/08/11 17:11:37 | 000,000,971 | ---- | C] () -- C:\Users\Wolfe\Desktop\CCleaner.lnk
[2010/08/10 15:56:48 | 001,677,857 | ---- | C] () -- C:\Users\Wolfe\Desktop\465_7442_EFS.pdf
[2010/08/09 10:03:24 | 001,130,629 | ---- | C] () -- C:\Users\Wolfe\Desktop\tdsskiller.zip
[2010/08/08 14:00:21 | 000,019,268 | ---- | C] () -- C:\Users\Wolfe\Desktop\CaliforniaOpenCarry.pdf
[2010/08/06 01:28:22 | 000,000,907 | ---- | C] () -- C:\Users\Wolfe\Desktop\Audacity.lnk
[2010/08/05 18:36:47 | 000,005,901 | ---- | C] () -- C:\Users\Wolfe\.recently-used.xbel
[2010/08/05 15:31:04 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/08/04 23:42:15 | 000,056,533 | ---- | C] () -- C:\Users\Wolfe\Desktop\date-my-avatar-7ba3b.jpg
[2010/08/04 13:47:10 | 000,002,206 | ---- | C] () -- C:\Users\Wolfe\Desktop\MorphVOX Pro.lnk
[2010/08/04 13:34:20 | 000,006,852 | ---- | C] () -- C:\Windows\SysWow64\drivers\Vcs.sys
[2010/08/04 13:34:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/08/04 13:34:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/08/04 13:34:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/08/04 13:34:07 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/08/04 12:55:39 | 000,076,407 | ---- | C] () -- C:\Users\Wolfe\AppData\Roaming\Smiley.ico
[2010/08/04 12:55:26 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2010/08/04 12:55:26 | 000,000,883 | ---- | C] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2010/08/04 11:26:15 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Second Life.lnk
[2010/08/03 11:55:54 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Emerald Viewer.lnk
[2010/08/01 10:25:54 | 000,001,203 | ---- | C] () -- C:\Users\Wolfe\Desktop\DVDVideoSoft Free Studio.lnk
[2010/08/01 01:48:01 | 000,006,217 | -HS- | C] () -- C:\Users\Wolfe\Documents\Folder.jpg
[2010/08/01 01:48:01 | 000,006,217 | -HS- | C] () -- C:\Users\Wolfe\Documents\AlbumArt_{B6FCFC08-F898-43FF-AE86-9CA24C7BE488}_Large.jpg
[2010/08/01 01:48:01 | 000,001,628 | -HS- | C] () -- C:\Users\Wolfe\Documents\AlbumArtSmall.jpg
[2010/08/01 01:48:01 | 000,001,628 | -HS- | C] () -- C:\Users\Wolfe\Documents\AlbumArt_{B6FCFC08-F898-43FF-AE86-9CA24C7BE488}_Small.jpg
[2010/08/01 01:47:18 | 001,300,880 | ---- | C] () -- C:\Users\Wolfe\Documents\The Cranberries - Pretty.mp3
[2010/08/01 01:47:07 | 002,473,132 | ---- | C] () -- C:\Users\Wolfe\Documents\The Cranberries - Not Sorry.mp3
[2010/08/01 01:47:01 | 001,634,283 | ---- | C] () -- C:\Users\Wolfe\Documents\The Cranberries - How.mp3
[2010/08/01 01:46:52 | 002,229,059 | ---- | C] () -- C:\Users\Wolfe\Documents\Korn - Children Of The Korn.mp3
[2010/07/31 21:01:44 | 000,120,597 | ---- | C] () -- C:\Users\Wolfe\Desktop\4844040001_large.jpg
[2010/07/31 19:55:38 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\WMA MP3 Converter.lnk
[2010/07/31 19:54:05 | 000,000,955 | ---- | C] () -- C:\Users\Wolfe\Desktop\MediaMonkey.lnk
[2010/07/31 19:51:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/28 23:56:42 | 000,000,931 | ---- | C] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/27 00:53:46 | 000,000,900 | ---- | C] () -- C:\Users\Wolfe\Desktop\Karaoke 5.lnk
[2010/07/27 00:53:45 | 001,687,040 | ---- | C] () -- C:\Windows\SysWow64\sysdelop.dll
[2010/07/27 00:53:45 | 001,675,776 | ---- | C] () -- C:\Windows\SysWow64\core_snap.dll
[2010/07/27 00:53:44 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/07/27 00:53:44 | 000,014,456 | ---- | C] () -- C:\Windows\SysWow64\Kara_v.dll
[2010/07/26 20:40:57 | 000,000,000 | ---- | C] () -- C:\Users\Wolfe\AppData\Roaming\wklnhst.dat
[2010/07/26 20:31:40 | 000,001,961 | ---- | C] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\StopSign Software Station.lnk
[2010/07/26 20:27:09 | 000,001,401 | ---- | C] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/26 20:17:28 | 001,310,720 | -HS- | C] () -- C:\Users\Wolfe\NTUSER.DAT
[2010/07/26 20:17:28 | 000,524,288 | -HS- | C] () -- C:\Users\Wolfe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/26 20:17:28 | 000,524,288 | -HS- | C] () -- C:\Users\Wolfe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/26 20:17:28 | 000,262,144 | -HS- | C] () -- C:\Users\Wolfe\ntuser.dat.LOG1
[2010/07/26 20:17:28 | 000,065,536 | -HS- | C] () -- C:\Users\Wolfe\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/26 20:17:28 | 000,000,290 | ---- | C] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/26 20:17:28 | 000,000,272 | ---- | C] () -- C:\Users\Wolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/26 20:17:28 | 000,000,020 | -HS- | C] () -- C:\Users\Wolfe\ntuser.ini
[2010/07/26 20:17:28 | 000,000,000 | -HS- | C] () -- C:\Users\Wolfe\ntuser.dat.LOG2
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini

========== LOP Check ==========

[2010/08/13 01:04:04 | 000,000,000 | ---D | M] -- C:\Users\Wolfe\AppData\Roaming\DAEMON Tools Lite
[2010/07/26 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\Wolfe\AppData\Roaming\eAcceleration
[2010/08/05 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\Wolfe\AppData\Roaming\gtk-2.0
[2010/08/04 13:48:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfe\AppData\Roaming\Screaming Bee
[2010/08/06 21:27:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfe\AppData\Roaming\SecondLife
[2010/08/13 02:17:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfe\AppData\Roaming\uTorrent
[2010/08/09 07:01:24 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/08/13 13:45:25 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/08/13 19:04:25 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/08/14 01:14:23 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2009/07/13 22:08:49 | 000,008,128 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/02 00:58:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/13 02:25:34 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010/08/16 17:51:15 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/16 17:51:18 | 1873,698,816 | -HS- | M] () -- C:\pagefile.sys
[2010/04/02 00:15:34 | 000,003,274 | ---- | M] () -- C:\RHDSetup.log
[2010/08/09 09:49:14 | 000,000,268 | ---- | M] () -- C:\rkill.log
[2010/08/09 10:08:42 | 000,060,902 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_09.08.2010_10.07.16_log.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

EXTRAS.txt
OTL Extras logfile created on: 8/16/2010 5:56:52 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Wolfe\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 185.60 Gb Free Space | 84.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WOLFE-PC
Current User Name: Wolfe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{42281103-DF49-8A45-C960-977096F29F45}" = ccc-utility64
"{6F43CF39-8B2F-546B-57E3-4803E935C465}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15424D99-B708-54FD-94EC-997BE1976918}" = CCC Help Japanese
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1DCEE28F-CEDA-ADBA-DE41-1377ADD42DD3}" = CCC Help Finnish
"{204D48C5-6231-4955-83EC-623DCB437FD9}_is1" = Emerald Viewer 1.23.5.1636
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2552055A-7121-346E-F287-C0E7CC1BB36E}" = CCC Help Turkish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{314AD191-596F-40C0-ACED-3AD78C9649F1}_is1" = WMA MP3 Converter v4.0 build 1217
"{327AD686-FD94-F270-C0C9-D379ACC3CCA3}" = CCC Help Russian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CABCB73-0ABE-9578-A11C-6888ECF5D6D7}" = CCC Help Portuguese
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3DCF232A-B152-4375-B840-F19D866A316D}" = Catalyst Control Center Graphics Full New
"{3F34DE3B-887D-72A9-FCFE-2676B2EDBE67}" = CCC Help Thai
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4C93C363-414E-11D4-9756-00C04F8EEB39}" = Macromedia Flash 5
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5B30D670-AA94-3DAC-965D-CA8FED631DA3}" = Catalyst Control Center Graphics Previews Common
"{5F65AB3C-FCF3-E10B-3203-26F3C133F036}" = CCC Help Chinese Standard
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64CFDAC9-C358-88FE-E0E3-B33ED5C8AB2C}" = CCC Help Norwegian
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{702A9675-C93C-6914-7B90-8056525349A7}" = Catalyst Control Center Graphics Light
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7661AFE4-1F7A-8B5C-D395-3A8B682F106A}" = CCC Help Korean
"{77D3B22B-CB40-19AE-5A7D-9256E9862010}" = Catalyst Control Center Core Implementation
"{7A034366-3901-4204-BCE1-944C88587197}" = Female Voice Pack
"{7A555AD4-057E-EB0B-3C2D-82658AA1B190}" = CCC Help English
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81FC1368-171E-4151-E3E1-D63C8CF1F150}" = CCC Help Polish
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85DD738D-6572-53AA-E570-50D0D0842722}" = Catalyst Control Center Graphics Full Existing
"{86141D3B-58F6-D4E9-809E-05032F1C09BE}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97DA45B6-451C-A4B8-897F-106E2B3B6E2F}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25A7B10-75EA-4208-AAF1-0E3841C444F1}" = MorphVOX Pro
"{A26840C5-95D5-BB10-700A-304AA9F4AF92}" = CCC Help Greek
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A385939C-3DE9-5568-D8B0-3972BA293DC7}" = CCC Help German
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B284EA3C-8391-5648-BFC4-800A44D01ADA}" = ccc-core-static
"{B2F1B278-B685-1112-F051-AD05C5946C0D}" = CCC Help French
"{B3A0945A-1A84-BD5C-D33A-F4DC811FCCCC}" = CCC Help Chinese Traditional
"{B4060669-4633-038A-8A50-E05D1F54929E}" = CCC Help Czech
"{BC171806-3828-33E5-289C-9609C5BC59DF}" = Catalyst Control Center Localization All
"{BDE26FB2-E880-BFF9-3A85-18D70FC44D8D}" = Catalyst Control Center InstallProxy
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C31501D8-8267-A455-D269-85FBDBE2BFC3}" = CCC Help Italian
"{C75A193A-D403-5707-7D32-166DF4EA47DD}" = CCC Help Spanish
"{D4905980-7A59-8CE0-1336-EBC0338DAC1B}" = CCC Help Hungarian
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F98098D2-8822-1B1D-6771-945669046216}" = CCC Help Danish
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"7-Zip" = 7-Zip 4.65
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"EaccelSetup" = StopSign Internet Security
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Guild Wars" = Guild Wars
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"jZip" = jZip
"Karaoke 5_is1" = Karaoke 5 ver. 39
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"SecondLife" = SecondLife (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2010 5:22:58 AM | Computer Name = Wolfe-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/13/2010 8:02:12 AM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be02b Exception code: 0xc0000006 Fault offset: 0x000000000005345c
Faulting
process id: 0x2a4 Faulting application start time: 0x01cb3ac9e3511e0d Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 9ad20181-a6d2-11df-9e95-705ab6d9668f

Error - 8/13/2010 8:02:12 AM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Host Process for Windows Services because of this error. Program:
Host Process for Windows Services File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000185 Disk type: 0

Error - 8/13/2010 9:09:05 AM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bd03d Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be02b Exception code: 0xc0000006 Fault offset: 0x000000000005046a
Faulting
process id: 0xb7c Faulting application start time: 0x01cb3ac99eca4ce7 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f2c34153-a6db-11df-9e95-705ab6d9668f

Error - 8/13/2010 9:09:05 AM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Windows Media Player Network Sharing Service because of this
error. Program: Windows Media Player Network Sharing Service File: The error value
is listed in the Additional Data section. User Action 1. Open the file again. This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: C0000185 Disk type: 0

Error - 8/13/2010 1:22:54 PM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000006 Fault offset: 0x000000000009c84e
Faulting
process id: 0x3a8 Faulting application start time: 0x01cb3ac992527e36 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 6800afd9-a6ff-11df-9e95-705ab6d9668f

Error - 8/13/2010 1:22:58 PM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\AgCx_SC1.db.trx
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgCx_SC1.db.trx
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 8/13/2010 3:25:42 PM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: station_bk.exe, version: 2.0.0.92, time
stamp: 0x4c210faf Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdb3b Exception code: 0xc0000006 Fault offset: 0x0004d961 Faulting process
id: 0x8f0 Faulting application start time: 0x01cb3ac99d1b73d5 Faulting application
path: C:\Program Files (x86)\eAcceleration\Station\station_bk.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 8fac0d0a-a710-11df-9e95-705ab6d9668f

Error - 8/13/2010 3:25:43 PM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program StopSign Background Instance because of this error. Program:
StopSign Background Instance File: The error value is listed in the Additional Data
section. User Action 1. Open the file again. This situation might be a temporary problem
that corrects itself when the program runs again. 2. If the file still cannot be
accessed and - It is on the network, your network administrator should verify that
there is not a problem with the network and that the server can be contacted. -
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000185 Disk type: 0

Error - 8/13/2010 3:57:11 PM | Computer Name = Wolfe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: onaccess.exe, version: 3.0.0.86, time stamp:
0x4c3e4dd6 Faulting module name: onaccess_fw.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4c3e4da0 Exception code: 0xc0000005 Fault offset: 0x022becc4 Faulting process
id: 0xbbc Faulting application start time: 0x01cb3b219eae23e4 Faulting application
path: C:\Program Files (x86)\StopSign\OnAccess\onaccess.exe Faulting module path:
onaccess_fw.dll Report Id: f5b8ed9c-a714-11df-9f6b-705ab6d9668f

[ System Events ]
Error - 8/12/2010 5:18:53 AM | Computer Name = Wolfe-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/12/2010 5:18:53 AM | Computer Name = Wolfe-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/12/2010 5:18:53 AM | Computer Name = Wolfe-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/12/2010 5:18:53 AM | Computer Name = Wolfe-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/12/2010 5:18:53 AM | Computer Name = Wolfe-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/12/2010 5:19:31 AM | Computer Name = Wolfe-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 8/12/2010 5:27:22 AM | Computer Name = Wolfe-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/12/2010 5:27:22 AM | Computer Name = Wolfe-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/12/2010 5:27:22 AM | Computer Name = Wolfe-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/12/2010 2:05:57 PM | Computer Name = Wolfe-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:04:34 AM on ?8/?12/?2010 was unexpected.


< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 17 August 2010 - 12:11 PM

Run OTL Script

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {5E753934-1350-1A8D-7616-466B1E540184} - C:\Windows\SysWow64\d3dd8thk.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O33 - MountPoints2\{590afdcb-9953-11df-b057-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{590afdcb-9953-11df-b057-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wolfetundra

wolfetundra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 17 August 2010 - 05:20 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E753934-1350-1A8D-7616-466B1E540184}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E753934-1350-1A8D-7616-466B1E540184}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{590afdcb-9953-11df-b057-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590afdcb-9953-11df-b057-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{590afdcb-9953-11df-b057-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590afdcb-9953-11df-b057-806e6f6e6963}\ not found.
File F:\WD SmartWare.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Wolfe\Desktop\cmd.bat deleted successfully.
C:\Users\Wolfe\Desktop\cmd.txt deleted successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Wolfe
->Temp folder emptied: 46799125 bytes
->Temporary Internet Files folder emptied: 92554765 bytes
->FireFox cache emptied: 61918777 bytes
->Flash cache emptied: 5826 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1116416 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67362 bytes
RecycleBin emptied: 18156119 bytes

Total Files Cleaned = 210.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Wolfe
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.10.0 log created on 08172010_150826

Files\Folders moved on Reboot...
C:\Users\Wolfe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Wolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTEBS64N\ads[1].htm not found!
File\Folder C:\Users\Wolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTEBS64N\ads[4].htm not found!
File\Folder C:\Users\Wolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTEBS64N\iframescript[3].htm not found!
File\Folder C:\Users\Wolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRLTL4M6\mail[4].htm not found!
File\Folder C:\Users\Wolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRLTL4M6\topic338390[1].htm not found!
File\Folder C:\Users\Wolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HQ60L61Q\mail[2].htm not found!
File\Folder C:\Users\Wolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4LSY9B14\mail[1].htm not found!
C:\Windows\temp\~DF232CFE6D79152956.TMP moved successfully.
C:\Windows\temp\~DFA37365917E73726F.TMP moved successfully.

Registry entries deleted on Reboot...


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 17 August 2010 - 05:29 PM

please give me status of the computer


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 wolfetundra

wolfetundra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 17 August 2010 - 05:34 PM

Seems like the computer is running fine. I don't see anything that is operating incorrectly.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 17 August 2010 - 06:02 PM

Hello

very good

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis
  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 20 August 2010 - 07:38 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 wolfetundra

wolfetundra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 20 August 2010 - 11:39 PM

I have been having issues with my internet so I haven't been able to get online. My laptop is now freezing (like there's a lack of memory). After about 5 min of doing nothing, it will return to normal. Doing any basic operations will cause it to freeze.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 20 August 2010 - 11:53 PM

ok follow my last instructions and let me have those reports


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 wolfetundra

wolfetundra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 21 August 2010 - 12:48 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4438

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/20/2010 10:13:23 PM
mbam-log-2010-08-20 (22-13-23).txt

Scan type: Quick scan
Objects scanned: 127983
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:57 PM, on 8/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\StopSign\OnAccess\onaccess.exe
C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files (x86)\eAcceleration\Station\station_bk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Users\Wolfe\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...d4z195t4522n275
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~2\StopSign\POPUPB~1\sspopupblocker.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [webscan] "C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files (x86)\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files (x86)\StopSign\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [StopSignPopupBlocker] C:\PROGRA~2\StopSign\POPUPB~1\sspopupblockerctrl.exe /Startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~2\StopSign\POPUPB~1\sspopupblocker.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~2\StopSign\POPUPB~1\sspopupblocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FWService - eAcceleration Corp - C:\Program Files (x86)\StopSign\Firewall\FWService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StopSign Firewall Security Center Provider (ssfwmonsvc) - eAcceleration Corp - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: StopSign Update Manager - eAcceleration - C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9573 bytes


The computer is still running rediculously slow. Still freezing on simple actions.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 21 August 2010 - 02:45 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
      O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

      NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brakets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Report from ESET
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 24 August 2010 - 02:09 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 wolfetundra

wolfetundra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 26 August 2010 - 01:40 AM

I've been having issues with the blue screen again. I'll have it up by tomorrow.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users