Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirects google search results


  • This topic is locked This topic is locked
28 replies to this topic

#1 daemian2k

daemian2k

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 06 October 2010 - 07:32 AM

I have often used this site to help others remove some rogue program malware, but
now it seems that I have the problem and hopefully you guys can help me out. My google
search results are redirecting to some pretty scrupulous websites when they are clicked on
while using firefox. I haven't tried IE since I really don't trust using it now with all this going
on.

DDS log is below and attach is well attached to this post, thanks for all you do.

DDS (Ver_10-03-17.01) - NTFSx86
Run by daemian2k at 6:28:46.60 on Wed 10/06/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.1989 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\DAEMIA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\daemian2k\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uWinlogon: Shell=c:\users\daemian2k\appdata\roaming\hotfix.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100919185100.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [BitTorrent DNA] "c:\users\daemian2k\program files\dna\btdna.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eRecoveryService]
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Skytel] Skytel.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NPSStartup]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Easy Dock]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SecurDisc] c:\program files\nero\nero8\incd\NBHGui.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [InCD] c:\program files\nero\nero8\incd\InCD.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [CloneCDTray] "c:\program files\elaborate bytes\clonecd\CloneCDTray.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\daemia~1\appdata\local\micros~1\windows\tempor~1\content.ie5\xuoc02lo\syncme~2.sh! c:\users\daemia~1\appdata\local\temp\hsperf~1.sh! c:\users\daemia~1\appdata\local\micros~1\windows\tempor~1\content.ie5\xuoc02lo\syncme~4.sh! c:\users\daemia~1\appdata\local\micros~1\windows\tempor~1\content.ie5\xuoc02lo\SYD43A~1.SH!
StartupFolder: c:\users\daemia~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\daemia~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\daemia~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\daemia~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\orion.lnk - c:\program files\convesoft\orion\Messenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\IM-me.lnk -
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\daemia~1\appdata\roaming\mozilla\firefox\profiles\s6iiw3nk.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\daemian2k\appdata\roaming\mozilla\firefox\profiles\s6iiw3nk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\program files\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-21 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-16 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-4-16 164808]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-4-16 54776]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-9-11 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-9-11 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-10-14 24576]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-29 237984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-4-2 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-16 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-16 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-8-8 53032]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-9-11 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-9-11 233472]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-16 55840]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-29 36608]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-14 113664]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-14 152992]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-16 312904]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca0e209d513e10;Google Update Service (gupdate1ca0e209d513e10);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-14 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-16 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-14 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-21 40552]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-5-29 90240]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-5-29 14976]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-5-29 121856]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-06 08:47:36 0 ----a-w- c:\users\daemian2k\defogger_reenable
2010-10-04 03:23:14 0 d-----w- c:\programdata\Blizzard Entertainment
2010-10-02 23:36:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 23:36:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 03:54:07 0 d-----w- c:\program files\DAMN NFO Viewer
2010-10-02 03:52:53 0 ---ha-w- c:\windows\system32\dfrgvdircu.tmp
2010-10-02 03:46:50 0 d-sh--w- c:\programdata\SysWoW32
2010-10-02 03:46:34 203776 --sh--w- c:\programdata\unrar.exe
2010-10-01 12:27:30 0 d-----w- c:\program files\eRightSoft
2010-10-01 03:05:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 02:15:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-21 05:27:12 0 d-----w- c:\users\daemia~1\appdata\roaming\My Games
2010-09-21 05:03:02 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-09-19 23:20:59 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-19 23:20:48 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-19 23:20:42 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-19 23:20:29 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-09-20 00:16:28 86016 ----a-w- c:\windows\inf\infpub.dat
2010-09-20 00:16:28 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-20 00:16:28 143360 ----a-w- c:\windows\inf\infstor.dat
2010-08-24 19:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57:38 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 19:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 19:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57:38 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 19:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-12 23:34:10 107936 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-17 16:48:47 87608 ----a-w- c:\users\daemia~1\appdata\roaming\inst.exe
2010-07-17 16:48:47 47360 ----a-w- c:\users\daemia~1\appdata\roaming\pcouffin.sys
2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2009-10-26 22:59:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-08 13:03:54 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 6:29:37.83 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-06 07:29:55
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\DAEMIA~1\AppData\Local\Temp\axtdyuob.sys


---- Kernel code sections - GMER 1.0.15 ----

C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xADDE241C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xADDE3000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3392] kernel32.dll!LoadLibraryW 77C59362 5 Bytes JMP 6DAC9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3392] kernel32.dll!LoadLibraryA 77C594DC 5 Bytes JMP 6DAC9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[3948] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 763FB37C 4 Bytes [00, 26, 95, 00]
.text D:\Program Files\firefox.exe[5244] ntdll.dll!LdrLoadDll 77D39390 5 Bytes JMP 009A13F0 D:\Program Files\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:02 AM

Posted 13 October 2010 - 09:20 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 daemian2k

daemian2k
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 14 October 2010 - 01:17 AM

Thanks for replying the redirect is still there and just as annoying it's not every single google search that it redirects it just seems to be random very annoying. I have run rkill and malwarebytes and that doesn't seem to find anything. Before you ask I did have Limewire install but it has been uninstalled since the last time I run the DDS and GMer scans and posted them here. I also turned off my selective start-up.

Here's the DDS log:


DDS (Ver_10-10-10.03) - NTFSx86
Run by daemian2k at 22:12:30.19 on Wed 10/13/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.1917 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\DAEMIA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\daemian2k\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uWinlogon: Shell=c:\users\daemian2k\appdata\roaming\hotfix.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100919185100.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [BitTorrent DNA] "c:\users\daemian2k\program files\dna\btdna.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eRecoveryService]
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Skytel] Skytel.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NPSStartup]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Easy Dock]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SecurDisc] c:\program files\nero\nero8\incd\NBHGui.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [InCD] c:\program files\nero\nero8\incd\InCD.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [CloneCDTray] "c:\program files\elaborate bytes\clonecd\CloneCDTray.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\daemia~1\appdata\local\micros~1\windows\tempor~1\content.ie5\xuoc02lo\syncme~2.sh! c:\users\daemia~1\appdata\local\temp\hsperf~1.sh! c:\users\daemia~1\appdata\local\micros~1\windows\tempor~1\content.ie5\xuoc02lo\syncme~4.sh! c:\users\daemia~1\appdata\local\micros~1\windows\tempor~1\content.ie5\xuoc02lo\SYD43A~1.SH!
StartupFolder: c:\users\daemia~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\IM-me.lnk -
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\daemia~1\appdata\roaming\mozilla\firefox\profiles\s6iiw3nk.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\daemian2k\appdata\roaming\mozilla\firefox\profiles\s6iiw3nk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-21 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-16 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-4-16 164808]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-4-16 54776]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-9-11 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-9-11 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-10-14 24576]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-29 237984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-4-2 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-16 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-16 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-8-8 53032]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-9-11 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-9-11 233472]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-16 55840]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-29 36608]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-14 113664]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-14 152992]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-16 312904]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca0e209d513e10;Google Update Service (gupdate1ca0e209d513e10);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-14 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-16 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-14 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-21 40552]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-5-29 90240]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-5-29 14976]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-5-29 121856]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-07 01:20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 01:20:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-04 03:23:14 -------- d-----w- c:\progra~2\Blizzard Entertainment
2010-10-02 03:54:07 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-10-02 03:52:53 0 ---ha-w- c:\windows\system32\dfrgvdircu.tmp
2010-10-02 03:46:50 -------- d-sh--w- c:\progra~2\SysWoW32
2010-10-02 03:46:34 203776 --sh--w- c:\progra~2\unrar.exe
2010-10-01 03:05:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-01 03:01:46 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-21 05:27:12 -------- d-----w- c:\users\daemia~1\appdata\roaming\My Games
2010-09-21 05:03:02 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-09-19 23:20:59 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-19 23:20:48 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-19 23:20:42 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-19 23:20:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-09-19 23:20:29 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 22:13:02.65 ===============


Here's the GMer log:

GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-14 00:55:42
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\DAEMIA~1\AppData\Local\Temp\axtdyuob.sys


---- Kernel code sections - GMER 1.0.15 ----

C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0x90D6241C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0x90D63000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3460] kernel32.dll!LoadLibraryW 75F69362 5 Bytes JMP 6CB89AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3460] kernel32.dll!LoadLibraryA 75F694DC 5 Bytes JMP 6CB89A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[4008] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 762EB37C 4 Bytes [00, 26, 80, 01]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

again thanks for posting a reply

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 21 October 2010 - 06:16 PM

Hello, daemian2k.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1

Scan With RKUnHooker

  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 daemian2k

daemian2k
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 26 October 2010 - 06:36 PM

Greetings and thanks for the reply, sorry for the replying so late had some stuff going on at the house this past week. Here are the scans you asked for, thanks again.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E608000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82802000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82802000 PnpManager 3903488 bytes
0x82802000 RAW 3903488 bytes
0x82802000 WMIxWDM 3903488 bytes
0x8F001000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3706880 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x8F80F000 C:\Windows\system32\drivers\RTKVHDA.sys 2129920 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9ACC0000 Win32k 2109440 bytes
0x9ACC0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8AA0A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8A871000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8FAA6000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x9001F000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DE000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xADEF3000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E400000 C:\Windows\System32\Drivers\dump_iaStor.sys 888832 bytes
0x82E01000 C:\Windows\system32\DRIVERS\iaStor.sys 888832 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8F66E000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x82404000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8ECEC000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E503000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8060F000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A800000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80414000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8250B000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82F42000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xADE7C000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9AF10000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7007000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x80741000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90C09000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80698000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8049D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x807A3000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8EDA4000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8FA69000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x90C96000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A9A7000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xADE03000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AB1A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8F628000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82BBB000 ACPI_HAL 208896 bytes
0x82BBB000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82F00000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x901B0000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E590000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x82FA8000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8FA17000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A97C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x805CE000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x824C4000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9014B000 C:\Windows\System32\Drivers\Mpfp.sys 167936 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xADE54000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8AB6A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x90124000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x806EF000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB705E000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8FA44000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90CF3000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x82FD7000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x90DDB000 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 135168 bytes (Cyberlink Corp., FCL Driver)
0x8ABA2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8FBB5000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0x825C3000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F74E000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8F7A5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8F7D6000 C:\Windows\system32\drivers\InCDFs.sys 126976 bytes (Nero AG, InCD File System Driver)
0x90DBC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82EE2000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xADED5000 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys 122880 bytes (Cyberlink Corp., NTIPPKernel Driver)
0x82578000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x90109000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x90DA1000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x82595000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8E5C0000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xADE3C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90CDC000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8ABD9000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F737000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB70AE000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB70E5000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x90C51000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x90174000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x825AE000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807E4000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F39B000 C:\Windows\system32\DRIVERS\winbondcir.sys 86016 bytes (Winbond Electronics Corporation, Winbond MCE CIR Port Driver)
0x8A9E2000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F723000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0x9019C000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F3B0000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8F76F000 C:\Windows\system32\DRIVERS\MOBK.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0x824F8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90C83000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9018A000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xADFDA000 C:\Windows\system32\DRIVERS\PSDVdisk.sys 73728 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Virtual Disk Driver)
0x8AB91000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F38A000 C:\Windows\system32\DRIVERS\L1E60x86.sys 69632 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller)
0x8F65D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80484000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82F32000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FBE1000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x824B4000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8078B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x805BE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E5D8000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x90D92000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AB5B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80716000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8ABF0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8EDE2000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80732000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9AF00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F603000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x90C67000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x90C75000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90008000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x90D7B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FBA8000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8F61B000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8068B000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB7052000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x80600000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x825E4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F799000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8ED8D000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8FBD6000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8F3CD000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8F3DA000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F7F5000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E5F2000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E5E7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8E4E2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8ED99000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80728000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8F3C3000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x90D88000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8F611000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x824EE000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90CD2000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xADFEC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8F3E5000 C:\Windows\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0x8ABC3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0xB7084000 C:\Windows\system32\FsUsbExDisk.SYS 36864 bytes
0x8F782000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90D62000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8F3F6000 C:\Windows\system32\drivers\InCDPass.sys 36864 bytes (Nero AG, Nero InCD RW Filter Driver)
0x8EDF1000 C:\Windows\system32\drivers\InCDRm.sys 36864 bytes (Nero AG, Nero MRW Filter Driver)
0x8F800000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xB70FB000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82F9F000 C:\Windows\system32\DRIVERS\psdfilter.sys 36864 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Filter Driver)
0xADFD1000 C:\Windows\system32\DRIVERS\PSDNServ.sys 36864 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Named Pipe Driver)
0x90016000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9AEE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8E4ED000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E4FA000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806DE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82EDA000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80495000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x90D6B000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x90D73000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x8FBF8000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F3EE000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 32768 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8F7C6000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F7CE000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AB53000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8079B000 C:\Windows\System32\Drivers\UBHelper.sys 32768 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)
0xADFF6000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F792000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8FBF1000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xADECA000 C:\Windows\system32\drivers\int15.sys 28672 bytes (Acer, Inc., int15)
0x8040D000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F78B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E4F6000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8F809000 C:\Windows\system32\drivers\InCDRec.sys 16384 bytes (Nero AG, Nero InCD File System Recognizer)
0xADED1000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80725000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8EDFA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F3D8000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x04170000 Hidden Image-->eSettings.Model.Computer.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 151552 bytes
0x04110000 Hidden Image-->log4net.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 282624 bytes
0x004A0000 Hidden Image-->Framework.Model.ControllerInterface.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 28672 bytes
0x00B30000 Hidden Image-->Framework.PluginInterface.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 28672 bytes
0x01030000 Hidden Image-->eAudioSrvPlugin.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 28672 bytes
0x01040000 Hidden Image-->ePowerSrvPlugin.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 28672 bytes
0x03A20000 Hidden Image-->Framework.Service.Utility.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 28672 bytes
0x03CC0000 Hidden Image-->eRecovery.RemoteServerInterface.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 28672 bytes
0x03F00000 Hidden Image-->eSettings.ServicePlugin.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 28672 bytes
0x04160000 Hidden Image-->eSettings.Logger.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 28672 bytes
0x04820000 Hidden Image-->Framework.Model.ControllerInterface.dll [ EPROCESS 0xB0CCCD90 ] PID: 2420, 28672 bytes
0x004D0000 Hidden Image-->Framework.Host.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 36864 bytes
0x03CA0000 Hidden Image-->eRecovery.ServicePlugin.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 36864 bytes
0x00220000 Hidden Image-->Framework.Model.Controller.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 45056 bytes
0x00B20000 Hidden Image-->Framework.Utility.CommonFunctions.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 45056 bytes
0x033C0000 Hidden Image-->WMIInterface.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 45056 bytes
0x03CB0000 Hidden Image-->Framework.Utility.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 45056 bytes
0x041A0000 Hidden Image-->eSettings.Model.ComputerInterface.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 45056 bytes
0x00B00000 Hidden Image-->Framework.Utility.dll [ EPROCESS 0xB0CCCD90 ] PID: 2420, 45056 bytes
0x01C20000 Hidden Image-->WMIInterface.dll [ EPROCESS 0xB0CCCD90 ] PID: 2420, 45056 bytes
0x00A40000 Hidden Image-->MobilityInterface.dll [ EPROCESS 0xB0E97AD8 ] PID: 2952, 45056 bytes
0xB70C4730 Unknown thread object [ ETHREAD 0x89DDFC70 ] , 600 bytes
0xB708D730 Unknown thread object [ ETHREAD 0x8A39AD78 ] , 600 bytes
0x004B0000 Hidden Image-->Framework.Library.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 69632 bytes
0x03D50000 Hidden Image-->eRecovery.RemoteServer.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 69632 bytes
0x01C50000 Hidden Image-->Framework.Library.dll [ EPROCESS 0xB0CCCD90 ] PID: 2420, 69632 bytes
0x03150000 Hidden Image-->WMIServiceDLL.dll [ EPROCESS 0xB0CC4D90 ] PID: 2312, 98304 bytes


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6930
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 174):
0x82802000 \SystemRoot\system32\ntkrnlpa.exe
0x82BBB000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079B000 \SystemRoot\System32\Drivers\UBHelper.sys
0x82E01000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82EDA000 \SystemRoot\system32\drivers\atapi.sys
0x82EE2000 \SystemRoot\system32\drivers\ataport.SYS
0x82F00000 \SystemRoot\system32\drivers\fltmgr.sys
0x82F32000 \SystemRoot\system32\drivers\fileinfo.sys
0x82F42000 \SystemRoot\system32\drivers\mfehidk.sys
0x82F9F000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A800000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A871000 \SystemRoot\system32\drivers\ndis.sys
0x8A97C000 \SystemRoot\system32\drivers\msrpc.sys
0x8A9A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AA0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1A000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB53000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5B000 \SystemRoot\System32\Drivers\mup.sys
0x8AB6A000 \SystemRoot\System32\drivers\ecache.sys
0x8AB91000 \SystemRoot\system32\drivers\disk.sys
0x8ABA2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E4E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E4ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E4F6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E4FA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E608000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8ECEC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8ED8D000 \SystemRoot\System32\drivers\watchdog.sys
0x8ED99000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EDA4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EDE2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E503000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F001000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F38A000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8F39B000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F3B0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F3C3000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F3CD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E590000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F3D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F3DA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F3E5000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x8E5C0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F3EE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F3F6000 \SystemRoot\system32\drivers\InCDPass.sys
0x8EDF1000 \SystemRoot\system32\drivers\InCDRm.sys
0x8E5D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x82FA8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x807A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E5E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ABD9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E5F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82FD7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ABF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A9E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x80600000 \SystemRoot\System32\Drivers\pcouffin.sys
0x805BE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EDFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805CE000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F603000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8F611000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F61B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F628000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F65D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F80F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FA17000 \SystemRoot\system32\drivers\portcls.sys
0x8FA44000 \SystemRoot\system32\drivers\drmk.sys
0x8FA69000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FAA6000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F66E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FBA8000 \SystemRoot\system32\drivers\modem.sys
0x8FBB5000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8FBD6000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8FBE1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FBF1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F800000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8FBF8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F723000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F737000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F74E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F76F000 \SystemRoot\system32\DRIVERS\MOBK.sys
0x8F782000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F78B000 \SystemRoot\System32\Drivers\Null.SYS
0x8F792000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F799000 \SystemRoot\System32\drivers\vga.sys
0x8F7A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F7C6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F7CE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F809000 \SystemRoot\system32\drivers\InCDRec.sys
0x8F7D6000 \SystemRoot\system32\drivers\InCDFs.sys
0x8F7F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90008000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90016000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9001F000 \SystemRoot\System32\drivers\tcpip.sys
0x90109000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90124000 \SystemRoot\system32\drivers\mfewfpk.sys
0x9014B000 \SystemRoot\System32\Drivers\Mpfp.sys
0x90174000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9018A000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9019C000 \SystemRoot\system32\DRIVERS\smb.sys
0x901B0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90C09000 \SystemRoot\system32\drivers\afd.sys
0x90C51000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90C67000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x90C75000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90C83000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90C96000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90CD2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90CDC000 \SystemRoot\System32\Drivers\dfsc.sys
0x90CF3000 \SystemRoot\system32\drivers\mfeavfk.sys
0x90D62000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90D6B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x90D73000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x90D7B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9ACC0000 \SystemRoot\System32\win32k.sys
0x90D88000 \SystemRoot\System32\drivers\Dxapi.sys
0x90D92000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9AEE0000 \SystemRoot\System32\TSDDD.dll
0x9AF00000 \SystemRoot\System32\cdd.dll
0x9AF10000 \SystemRoot\System32\ATMFD.DLL
0x90DA1000 \SystemRoot\system32\drivers\luafv.sys
0x82404000 \SystemRoot\system32\drivers\spsys.sys
0x824B4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x824C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x824EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x824F8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8250B000 \SystemRoot\system32\drivers\HTTP.sys
0x82578000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82595000 \SystemRoot\system32\DRIVERS\bowser.sys
0x825AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x825C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x90DBC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xADE03000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xADE3C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xADE54000 \SystemRoot\System32\DRIVERS\srv2.sys
0xADE7C000 \SystemRoot\System32\DRIVERS\srv.sys
0xADECA000 \??\C:\Windows\system32\drivers\int15.sys
0xADED1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xADED5000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xADEF3000 \SystemRoot\system32\drivers\peauth.sys
0xADFD1000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xADFDA000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xADFEC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x825E4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xADFF6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x90DDB000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0xB7007000 \SystemRoot\system32\drivers\mfefirek.sys
0xB7052000 \SystemRoot\system32\drivers\cfwids.sys
0xB705E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7084000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xB70AE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB70E5000 \SystemRoot\system32\drivers\mfeapfk.sys
0x76E70000 \Windows\System32\ntdll.dll

Processes (total 100):
0 System Idle Process
4 SYSTEM
580 C:\Windows\System32\smss.exe
712 csrss.exe
756 C:\Windows\System32\wininit.exe
768 csrss.exe
800 C:\Windows\System32\services.exe
816 C:\Windows\System32\lsass.exe
828 C:\Windows\System32\lsm.exe
900 C:\Windows\System32\winlogon.exe
1016 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\audiodg.exe
1392 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\SLsvc.exe
1476 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\wlanext.exe
1912 C:\Windows\System32\spoolsv.exe
1936 C:\Windows\System32\svchost.exe
692 C:\Windows\System32\dwm.exe
12 C:\Windows\System32\taskeng.exe
820 C:\Windows\explorer.exe
1164 C:\Windows\System32\taskeng.exe
2144 C:\Program Files\Bonjour\mDNSResponder.exe
2204 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
2216 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2228 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2260 C:\Windows\RtHDVCpl.exe
2280 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2292 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2312 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2336 C:\Windows\System32\hkcmd.exe
2356 C:\Windows\System32\igfxpers.exe
2420 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
2460 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
2492 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2524 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
2532 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
2544 C:\Program Files\McAfee.com\Agent\mcagent.exe
2552 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2624 C:\Windows\System32\igfxsrvc.exe
2696 C:\Windows\System32\FsUsbExService.Exe
2828 C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
2852 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2888 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
2904 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
2952 C:\ACER\Mobility Center\MobilityService.exe
2980 C:\Windows\System32\rundll32.exe
3012 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
3056 C:\Program Files\McAfee\MPF\MpfSrv.exe
3076 C:\Program Files\McAfee\MSK\msksrver.exe
3136 C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
3220 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
3300 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
3392 C:\Windows\System32\svchost.exe
3504 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3512 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
3564 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
3616 C:\Program Files\Acer\Acer VCM\RS_Service.exe
3664 C:\Windows\System32\svchost.exe
3696 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
3736 C:\Windows\System32\svchost.exe
3764 C:\Windows\System32\SearchIndexer.exe
3820 C:\Windows\System32\drivers\XAudio.exe
3872 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3936 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3980 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1388 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
704 C:\Windows\System32\wbem\unsecapp.exe
3632 WmiPrvSE.exe
564 C:\Users\DAEMIA~1\AppData\Local\Temp\RtkBtMnt.exe
4488 C:\Program Files\Windows Media Player\wmpnscfg.exe
4508 C:\Windows\System32\alg.exe
4672 C:\Program Files\Windows Media Player\wmpnetwk.exe
4976 C:\Program Files\Launch Manager\QtZgAcer.EXE
4992 C:\Program Files\Nero\Nero8\InCD\InCD.exe
5012 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
5040 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
5052 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
5060 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
5068 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
5096 C:\Windows\ehome\ehtray.exe
5104 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
5480 C:\Windows\ehome\ehmsas.exe
5692 C:\Windows\System32\igfxext.exe
5724 C:\Windows\System32\igfxsrvc.exe
5864 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
336 C:\Windows\System32\wuauclt.exe
616 C:\Program Files\Common Files\McAfee\Core\mchost.exe
4112 D:\Program Files\firefox.exe
2428 D:\Program Files\plugin-container.exe
3640 C:\Windows\System32\SearchProtocolHost.exe
5116 C:\Windows\System32\SearchFilterHost.exe
3328 dllhost.exe
1732 dllhost.exe
3784 C:\Users\daemian2k\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 28 October 2010 - 04:31 PM

Hello, daemian2k.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case ). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Step 1

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 daemian2k

daemian2k
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 28 October 2010 - 09:45 PM

Thanks for the reply etavares, I did what you suggested and uninstalled my P2P program, I had already uninstalled one before I started on this adventure, but I went ahead and uninstalled the other. I have also updated my McAfee a few times since our last encounter, it seems like it updates 2-3 times a day. No Windows updates were installed, I tried to keep them at bay. Also I updated firefox before this scan. Here is the log file from CF:


ComboFix 10-10-27.A3 - daemian2k 10/28/2010 21:24:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.1874 [GMT -5:00]
Running from: c:\users\daemian2k\Desktop\etavaresCF.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu277114954v4
c:\programdata\SysWoW32\mu277114954v4.kwd
c:\programdata\SysWoW32\mu277114954v5
c:\programdata\SysWoW32\mu277114954v5.kwd
c:\programdata\SysWoW32\mu277114954v6
c:\programdata\SysWoW32\mu277114954v6.kwd
c:\programdata\SysWoW32\mu277114954v7
c:\programdata\SysWoW32\mu277114954v7.kwd
c:\programdata\SysWoW32\wu277114954v0
c:\programdata\SysWoW32\wu277114954v0.kwd
c:\programdata\SysWoW32\wu277114954v1
c:\programdata\SysWoW32\wu277114954v1.kwd
c:\programdata\SysWoW32\wu277114954v2
c:\programdata\SysWoW32\wu277114954v2.kwd
c:\programdata\SysWoW32\wu277114954v3
c:\programdata\SysWoW32\wu277114954v3.kwd
c:\programdata\unrar.exe
c:\users\daemian2k\AppData\Roaming\.#
c:\users\daemian2k\AppData\Roaming\.#\MBX@1364@1DB2990.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@1364@1DB29C0.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@1364@1DB29F0.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@17B4@1DF2990.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@17B4@1DF29C0.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@17B4@1DF29F0.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@944@1862990.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@944@18629C0.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@944@18629F0.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@DE4@1822990.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@DE4@18229C0.###
c:\users\daemian2k\AppData\Roaming\.#\MBX@DE4@18229F0.###
c:\users\daemian2k\AppData\Roaming\02000000fb7723c41018C.manifest
c:\users\daemian2k\AppData\Roaming\02000000fb7723c41018O.manifest
c:\users\daemian2k\AppData\Roaming\02000000fb7723c41018P.manifest
c:\users\daemian2k\AppData\Roaming\02000000fb7723c41018S.manifest
c:\users\daemian2k\AppData\Roaming\inst.exe
c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{c36c5c88-65d0-4e59-8005-e24d84a2220a}
c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{c36c5c88-65d0-4e59-8005-e24d84a2220a}\chrome.manifest
c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{c36c5c88-65d0-4e59-8005-e24d84a2220a}\chrome\xulcache.jar
c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{c36c5c88-65d0-4e59-8005-e24d84a2220a}\defaults\preferences\xulcache.js
c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{c36c5c88-65d0-4e59-8005-e24d84a2220a}\install.rdf
c:\windows\Readme.txt

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-29 02:34 . 2010-10-29 02:35 -------- d-----w- c:\users\daemian2k\AppData\Local\temp
2010-10-29 02:34 . 2010-10-29 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-29 02:19 . 2010-10-29 02:20 -------- d-----w- c:\users\daemian2k\AppData\Local\CutePDF Writer
2010-10-29 02:19 . 2010-10-29 02:19 -------- d-----w- c:\program files\GPLGS
2010-10-29 02:18 . 2010-10-29 02:18 -------- d-----w- c:\program files\Acro Software
2010-10-29 02:18 . 2009-11-05 13:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-10-28 05:33 . 2010-10-28 05:33 -------- d-----w- c:\program files\Wanadoo
2010-10-21 02:46 . 2010-10-21 02:46 -------- d-----w- c:\program files\PopCap Games
2010-10-19 03:25 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-19 03:25 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-19 03:25 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-19 03:25 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-19 03:24 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-19 03:24 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-19 03:24 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-19 03:24 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-19 03:22 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 03:22 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-07 01:20 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 01:20 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-04 03:23 . 2010-10-04 03:23 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-10-02 03:54 . 2010-10-02 03:54 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-10-02 03:52 . 2010-10-02 03:52 0 ---ha-w- c:\windows\system32\dfrgvdircu.tmp
2010-10-01 03:05 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-01 03:01 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 09:50 . 2010-04-16 23:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-24 19:57 . 2010-04-16 20:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57 . 2010-04-16 20:48 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57 . 2010-04-16 20:48 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 19:57 . 2010-04-16 20:48 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57 . 2010-04-16 20:48 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57 . 2010-04-16 20:48 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 19:57 . 2010-01-05 23:04 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57 . 2009-10-21 18:26 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 19:57 . 2008-10-14 22:55 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57 . 2008-10-14 22:55 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-17 14:11 . 2010-09-19 23:20 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 17:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 544768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-08-08 2049320]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-08-08 1083176]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

c:\users\daemian2k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-9-11 1216512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca0e209d513e10;Google Update Service (gupdate1ca0e209d513e10);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 cpuz130;cpuz130;c:\users\DAEMIA~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2009-05-13 90240]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2009-05-13 14976]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2009-05-13 121856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-02-06 54776]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-21 237984]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-02-06 229688]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-08-08 53032]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-11 233472]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - mfefirek01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 18:40]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 18:40]

2010-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-04 17:22]

2010-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-04 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
d:\program files\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKCU-Run-BitTorrent DNA - c:\users\daemian2k\Program Files\DNA\btdna.exe
HKCU-Run-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NPSStartup - (no file)
HKLM-Run-Easy Dock - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
HKLM-Run-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
HKLM-Run-McAfee Backup - c:\program files\McAfee\MBK\McAfeeDataBackup.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-CloneCDTray - c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 21:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4159225764-1826731248-3143191500-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ac,3b,55,47,19,a0,b4,1f,e9,99,55,08,a1,53,8d,35,f3,ec,10,1c,1e,1d,b5,
a9,e1,55,c6,14,6f,f0,af,7c,96,65,d7,a9,1c,dc,22,86,f8,31,d3,d1,4e,da,5b,a0,\
"??"=hex:de,c2,f1,00,6b,13,52,1e,8d,7b,f0,04,df,b8,e0,7f

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-28 21:37:10
ComboFix-quarantined-files.txt 2010-10-29 02:37

Pre-Run: 24,456,966,144 bytes free
Post-Run: 24,539,930,624 bytes free

- - End Of File - - 73A74275E9DDC2092A5D02172DABA536

Edited by daemian2k, 28 October 2010 - 10:08 PM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 29 October 2010 - 06:26 PM

Hello, daemian2k.

No Windows updates were installed, I tried to keep them at bay

Not installing updates creates considerable risk for your computer. Updates fix known security holes that are exploited by all sorts of viruses. I strong recommend you install all Windows updates, especially the "critical" ones. Not fixing them can allow a remote user to take over your computer.


Now, Combofix did remove a rogue FireFox extension. Are you still getting redirected?



Step 1

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\users\daemian2k\appdata\roaming\hotfix.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 daemian2k

daemian2k
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 29 October 2010 - 06:57 PM

hey etavares, I did the show hidden files tutorial and tried both of the websites you linked to in your last post and I couldn't find a hotfix.exe in my appdata folder. Is there another way?? Oh and BTW I didn't mean I don't install windows updates I just haven't installed them since you started helping me with this to keep from making changes to my system. The redirects seem to be at bay for now, I've tried last night with some googling after performing combofix on the system to see if they were still there, they seem to be gone now. What type of firefox rogue extension was it??

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 30 October 2010 - 06:32 AM

Hello, daemian2k.

OK, thanks for the info on the updates. Makes me feel better. :) You can install the updates after running this Combofix script. The file may have disappeared...it was in your original log, but it didn't appear CF got it. Your onboard antivirus may have gotten it.

We call the infection you had Goored. I just looked for a website to explain it, but couldn't find a good one. It basically creates a hidden Firefox extension that takes your URLs and redirects them.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
File::
c:\users\daemian2k\appdata\roaming\hotfix.exe
c:\windows\system32\dfrgvdircu.tmp
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 daemian2k

daemian2k
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 30 October 2010 - 11:41 PM

Okay, before I run the script for CF, you had me to rename the CF file to etavaresCF. Now will I have to name the script file the same as etavaresCFScript or will CFScript do?? Also, I installed Windows updates yesterday, will that hurt an any way running the script in CF?

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 31 October 2010 - 07:14 AM

Hi daemian2k,

You can name it CFScript.txt and drag it into etavaresCF.exe on your desktop. It will still work, thanks for asking.

No worries on the Windows Updates, you should be good to run the script.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 daemian2k

daemian2k
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 31 October 2010 - 06:37 PM

Okay, I run the script in combo fix, here's the log. One thing, last night I did notice a stutter with Firefox, when I clicked on a link the browser froze for about a second and the screen went a little opaque before opening up the link. What do you think that could be??

ComboFix 10-10-31.01 - daemian2k 10/31/2010 18:15:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.1957 [GMT -5:00]
Running from: c:\users\daemian2k\Desktop\etavaresCF.exe
Command switches used :: c:\users\daemian2k\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\daemian2k\appdata\roaming\hotfix.exe"
"c:\windows\system32\dfrgvdircu.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dfrgvdircu.tmp

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 23:24 . 2010-10-31 23:24 -------- d-----w- c:\users\daemian2k\AppData\Local\temp
2010-10-31 23:24 . 2010-10-31 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-29 03:16 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-29 03:16 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-29 03:16 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-29 02:23 . 2010-10-29 02:37 -------- d-----w- C:\etavaresCF
2010-10-29 02:19 . 2010-10-29 23:35 -------- d-----w- c:\users\daemian2k\AppData\Local\CutePDF Writer
2010-10-29 02:19 . 2010-10-29 02:19 -------- d-----w- c:\program files\GPLGS
2010-10-29 02:18 . 2010-10-29 02:18 -------- d-----w- c:\program files\Acro Software
2010-10-29 02:18 . 2009-11-05 13:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-10-28 05:33 . 2010-10-28 05:33 -------- d-----w- c:\program files\Wanadoo
2010-10-21 02:46 . 2010-10-21 02:46 -------- d-----w- c:\program files\PopCap Games
2010-10-19 03:25 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-19 03:25 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-19 03:25 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-19 03:25 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-19 03:24 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-19 03:24 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-19 03:24 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-19 03:24 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-19 03:22 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 03:22 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-07 01:20 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 01:20 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-04 03:23 . 2010-10-04 03:23 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-10-02 03:54 . 2010-10-02 03:54 -------- d-----w- c:\program files\DAMN NFO Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 09:50 . 2010-04-16 23:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-29 03:16 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-29 03:16 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-29 03:16 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-29 03:16 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-24 19:57 . 2010-04-16 20:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57 . 2010-04-16 20:48 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57 . 2010-04-16 20:48 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 19:57 . 2010-04-16 20:48 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57 . 2010-04-16 20:48 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57 . 2010-04-16 20:48 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 19:57 . 2010-01-05 23:04 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57 . 2009-10-21 18:26 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 19:57 . 2008-10-14 22:55 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57 . 2008-10-14 22:55 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-17 14:11 . 2010-09-19 23:20 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 17:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 544768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-08-08 2049320]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-08-08 1083176]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

c:\users\daemian2k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-9-11 1216512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca0e209d513e10;Google Update Service (gupdate1ca0e209d513e10);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 cpuz130;cpuz130;c:\users\DAEMIA~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2009-05-13 90240]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2009-05-13 14976]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2009-05-13 121856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-02-06 54776]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-21 237984]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-02-06 229688]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-08-08 53032]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-11 233472]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - mfefirek01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 18:40]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 18:40]

2010-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-04 17:22]

2010-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-04 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
d:\program files\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
d:\program files\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 18:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4159225764-1826731248-3143191500-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ac,3b,55,47,19,a0,b4,1f,e9,99,55,08,a1,53,8d,35,f3,ec,10,1c,1e,1d,b5,
a9,e1,55,c6,14,6f,f0,af,7c,96,65,d7,a9,1c,dc,22,86,f8,31,d3,d1,4e,da,5b,a0,\
"??"=hex:de,c2,f1,00,6b,13,52,1e,8d,7b,f0,04,df,b8,e0,7f
.
Completion time: 2010-10-31 18:26:45
ComboFix-quarantined-files.txt 2010-10-31 23:26

Pre-Run: 25,140,830,208 bytes free
Post-Run: 24,365,236,224 bytes free

- - End Of File - - 13CFF96BB023BA83B9533B6812739129

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 01 November 2010 - 05:27 PM

Hello, daemian2k.

That happens to me in Firefox a fair amount, I just think it's the program. Let's keep an eye on it for now. The logs are looking better. We'll close a known security hole and get a second opinion.



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

Please download TFC by OldTimer and save it to your desktop.
alternate download link


  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




Step 2

Please go to the Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 4

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 daemian2k

daemian2k
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 02 November 2010 - 09:11 PM

Greetings and salutations evtavares, here are the scan logs that you asked for. Keep in mind that the kaspersky scan was an adventure in itself, first was waiting to download and install the files espcially over Hughes Net and second, I had forgotten about the scan and plugged in my external HDD to do some work about 3hrs into the scan and my computer went haywire, just short of locking up. So I had to ctrl+alt+del restart the system and restart the scan. So everything is back and still running fine.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, November 2, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 01, 2010 15:06:17
Records in database: 4198858
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Objects scanned: 238245
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 04:16:15


File name / Threat / Threats count
C:\Users\daemian2k\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-590d26e4 Infected: Exploit.Java.Agent.du 1
C:\Users\daemian2k\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-17737de6 Infected: Exploit.Java.Agent.f 1

Selected area has been scanned.


MBAM LOG:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5020

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/2/2010 7:30:39 AM
mbam-log-2010-11-02 (07-30-39).txt

Scan type: Quick scan
Objects scanned: 157858
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL Log:
OTL logfile created on: 11/2/2010 8:54:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\daemian2k\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 22.73 Gb Free Space | 15.78% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 48.91 Gb Free Space | 34.81% Space Free | Partition Type: NTFS

Computer Name: DAEMIAN2K-PC | User Name: daemian2k | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/02 09:06:41 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\daemian2k\Desktop\OTL.exe
PRC - [2010/11/01 18:38:59 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\daemian2k\AppData\Local\temp\RtkBtMnt.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 06:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/08/21 11:48:34 | 000,237,984 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/18 10:43:20 | 000,173,352 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/09/11 22:46:38 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/08/08 12:28:12 | 002,049,320 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
PRC - [2008/08/08 12:28:12 | 000,053,032 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
PRC - [2008/08/08 12:28:10 | 001,442,088 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
PRC - [2008/08/08 12:27:50 | 001,083,176 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCD.exe
PRC - [2008/08/01 11:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 19:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/07/24 17:54:10 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/07/20 04:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 04:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/18 18:04:36 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/06/17 00:39:32 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/04 07:03:36 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/06/02 11:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/07 03:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/25 23:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/05 13:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/16 20:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/01/10 19:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/03/27 14:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe


========== Modules (SafeList) ==========

MOD - [2010/11/02 09:06:41 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\daemian2k\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/24 19:09:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/21 11:48:34 | 000,237,984 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/08 12:28:12 | 000,053,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/08/08 12:28:10 | 001,442,088 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/20 04:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/06/02 11:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 20:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/01/10 19:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DAEMIA~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DAEMIA~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2010/02/05 21:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/11/20 23:07:55 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/08/05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/13 11:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/05/13 11:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2009/05/13 11:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009/04/10 23:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/02/16 16:13:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/08 12:28:00 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/08/08 12:28:00 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/08/08 12:28:00 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/07/29 19:53:12 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/29 19:53:10 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/29 19:53:10 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/07/20 19:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/07/18 18:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/06/12 05:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/04 04:54:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/06/02 11:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/19 06:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/07 06:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/28 06:56:16 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/04/24 21:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/25 17:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 17:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/03/25 17:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/01/30 04:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 04:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/16 20:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/10/18 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/28 09:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2006/11/02 08:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB 96 B0 04 0F D4 14 40 AB 74 E6 78 10 20 E5 91 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB 96 B0 04 0F D4 14 40 AB 74 E6 78 10 20 E5 91 [binary data]

IE - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CB 96 B0 04 0F D4 14 40 AB 74 E6 78 10 20 E5 91 [binary data]
IE - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/02 05:08:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Program Files\components [2010/10/28 18:03:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Program Files\plugins [2010/10/28 18:03:31 | 000,000,000 | ---D | M]

[2009/08/28 13:24:20 | 000,000,000 | ---D | M] -- C:\Users\daemian2k\AppData\Roaming\Mozilla\Extensions
[2009/08/28 13:24:20 | 000,000,000 | ---D | M] -- C:\Users\daemian2k\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/03/07 00:57:52 | 000,000,000 | ---D | M] -- C:\Users\daemian2k\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/02 02:14:56 | 000,000,000 | ---D | M] -- C:\Users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions
[2010/07/21 17:39:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/29 07:06:04 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/10/15 03:42:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/12 09:09:42 | 000,000,000 | ---D | M] -- C:\Users\daemian2k\AppData\Roaming\Mozilla\Firefox\Profiles\s6iiw3nk.default\extensions\personas@christopher.beard
[2009/03/16 13:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2010/10/31 18:24:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100919185100.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.17.71 205.171.3.65
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\daemian2k\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\daemian2k\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-4159225764-1826731248-3143191500-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 09:04:07 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\daemian2k\Desktop\OTL.exe
[2010/11/02 07:02:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/02 07:02:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/01 18:32:57 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\daemian2k\Desktop\TFC.exe
[2010/10/31 18:26:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/31 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\daemian2k\AppData\Local\temp
[2010/10/31 18:12:31 | 000,000,000 | ---D | C] -- C:\etavaresCF9845e
[2010/10/31 18:11:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/31 01:04:14 | 000,000,000 | ---D | C] -- C:\Users\daemian2k\Desktop\CUSA Safe Work Practices Forms
[2010/10/28 22:16:14 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/28 22:16:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/28 22:16:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/28 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\daemian2k\Desktop\etavaresCFlog
[2010/10/28 21:23:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/28 21:23:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/28 21:23:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/28 21:23:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/28 21:23:02 | 000,000,000 | ---D | C] -- C:\etavaresCF
[2010/10/28 21:22:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/28 21:19:44 | 000,000,000 | ---D | C] -- C:\Users\daemian2k\AppData\Local\CutePDF Writer
[2010/10/28 21:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/10/28 21:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/10/28 00:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Wanadoo
[2010/10/21 07:26:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/21 07:26:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/21 07:26:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/20 21:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/10/18 22:25:12 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/18 22:25:06 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/18 22:24:46 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/18 22:24:07 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/18 22:24:07 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/18 22:23:54 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/18 22:23:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/18 22:23:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/18 22:23:48 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/18 22:23:48 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/18 22:23:47 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/18 22:23:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/18 22:23:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/18 22:23:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/18 22:23:46 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/18 22:23:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/18 22:23:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/18 22:23:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/18 22:23:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/18 22:23:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/18 22:23:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/18 22:23:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/18 22:23:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/18 22:22:46 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/18 22:22:42 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/06 20:19:43 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\daemian2k\Desktop\mbam-setup-1.46.exe
[2010/10/03 22:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/10/03 22:23:13 | 000,000,000 | ---D | C] -- C:\Users\daemian2k\Documents\StarCraft II
[2009/05/27 22:56:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\daemian2k\AppData\Roaming\pcouffin.sys
[2008/07/22 03:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/11/02 20:50:22 | 000,089,085 | ---- | M] () -- C:\Users\daemian2k\Desktop\Ensco 68 POB.xlsx
[2010/11/02 20:09:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/02 20:09:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/02 20:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/02 19:03:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/02 18:10:46 | 000,012,147 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/11/02 18:10:12 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/11/02 18:10:09 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2010/11/02 18:10:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/11/02 18:09:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/02 09:06:41 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\daemian2k\Desktop\OTL.exe
[2010/11/02 07:02:18 | 000,000,806 | ---- | M] () -- C:\Users\daemian2k\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/02 02:37:01 | 000,012,818 | ---- | M] () -- C:\Users\daemian2k\Desktop\PINC and Sub-Part O topics.docx
[2010/11/01 18:33:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\daemian2k\Desktop\TFC.exe
[2010/11/01 03:25:05 | 000,050,176 | ---- | M] () -- C:\Users\daemian2k\Desktop\Field WAR.doc
[2010/11/01 02:47:50 | 000,036,864 | ---- | M] () -- C:\Users\daemian2k\Desktop\Worksite Observation Tracking.xls
[2010/11/01 01:25:02 | 000,031,232 | ---- | M] () -- C:\Users\daemian2k\Desktop\New FEEDBK (2).doc
[2010/11/01 01:02:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/10/31 18:24:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/31 18:09:26 | 003,896,823 | R--- | M] () -- C:\Users\daemian2k\Desktop\etavaresCF.exe
[2010/10/31 10:34:25 | 000,085,504 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/30 23:49:27 | 001,032,686 | ---- | M] () -- C:\Users\daemian2k\Desktop\Christopher Dickerson Chevron CAI application008.pdf
[2010/10/30 06:45:48 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/10/30 02:19:33 | 000,016,387 | ---- | M] () -- C:\Users\daemian2k\Desktop\BBS Trends.xlsx
[2010/10/29 07:56:13 | 000,052,736 | ---- | M] () -- C:\Users\daemian2k\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 00:47:01 | 000,331,776 | ---- | M] () -- C:\Users\daemian2k\Desktop\Christopher Dickerson.xls
[2010/10/19 20:41:14 | 001,738,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/18 23:43:35 | 000,001,741 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/16 04:22:18 | 000,000,600 | ---- | M] () -- C:\Users\daemian2k\AppData\Roaming\AutoGK.ini
[2010/10/15 19:38:12 | 001,413,632 | ---- | M] () -- C:\Users\daemian2k\Desktop\2010_10%20Hazard%20Hunt%20Topic%20-%20Electrical%20v01.ppt
[2010/10/15 19:36:06 | 000,085,850 | ---- | M] () -- C:\Users\daemian2k\Desktop\October%20IFO%20Topic%20Rev%202.pptx
[2010/10/15 19:35:09 | 000,016,680 | ---- | M] () -- C:\Users\daemian2k\Desktop\HAZARD HUNT 10-15-10.docx
[2010/10/15 01:30:17 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/10/14 22:14:56 | 000,013,240 | ---- | M] () -- C:\Users\daemian2k\Desktop\HAZARD HUNT 10-14-10.docx
[2010/10/14 22:14:36 | 000,040,448 | ---- | M] () -- C:\Users\daemian2k\Desktop\HAZARD HUNT 10-1-10.doc
[2010/10/14 01:07:52 | 000,642,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/14 01:07:52 | 000,120,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/13 20:01:06 | 000,120,960 | ---- | M] () -- C:\Users\daemian2k\Desktop\GOMSiteSafeNotificationForm_Christopher Bordelon_Illness_10-13-10.xlsx
[2010/10/13 00:06:48 | 000,000,219 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/10/06 04:43:14 | 000,079,823 | ---- | M] () -- C:\Users\daemian2k\Desktop\BBS Card Database.xlsx
[2010/10/06 03:47:36 | 000,000,000 | ---- | M] () -- C:\Users\daemian2k\defogger_reenable
[2010/10/04 21:53:15 | 000,000,088 | ---- | M] () -- C:\Users\daemian2k\AppData\Roaming\default.pls

========== Files Created - No Company Name ==========

[2010/11/02 07:02:18 | 000,000,806 | ---- | C] () -- C:\Users\daemian2k\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/01 01:25:01 | 000,031,232 | ---- | C] () -- C:\Users\daemian2k\Desktop\New FEEDBK (2).doc
[2010/10/31 18:08:47 | 003,896,823 | R--- | C] () -- C:\Users\daemian2k\Desktop\etavaresCF.exe
[2010/10/31 01:04:14 | 000,089,085 | ---- | C] () -- C:\Users\daemian2k\Desktop\Ensco 68 POB.xlsx
[2010/10/30 23:49:13 | 001,032,686 | ---- | C] () -- C:\Users\daemian2k\Desktop\Christopher Dickerson Chevron CAI application008.pdf
[2010/10/28 21:23:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/28 21:23:11 | 000,085,504 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/28 21:23:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/28 21:23:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/28 21:23:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/28 21:18:40 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/10/27 02:36:09 | 000,012,818 | ---- | C] () -- C:\Users\daemian2k\Desktop\PINC and Sub-Part O topics.docx
[2010/10/15 19:36:45 | 001,413,632 | ---- | C] () -- C:\Users\daemian2k\Desktop\2010_10%20Hazard%20Hunt%20Topic%20-%20Electrical%20v01.ppt
[2010/10/15 19:35:48 | 000,085,850 | ---- | C] () -- C:\Users\daemian2k\Desktop\October%20IFO%20Topic%20Rev%202.pptx
[2010/10/15 19:35:07 | 000,016,680 | ---- | C] () -- C:\Users\daemian2k\Desktop\HAZARD HUNT 10-15-10.docx
[2010/10/14 22:14:51 | 000,013,240 | ---- | C] () -- C:\Users\daemian2k\Desktop\HAZARD HUNT 10-14-10.docx
[2010/10/13 20:01:06 | 000,120,960 | ---- | C] () -- C:\Users\daemian2k\Desktop\GOMSiteSafeNotificationForm_Christopher Bordelon_Illness_10-13-10.xlsx
[2010/10/06 05:08:13 | 000,001,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IM-me.lnk
[2010/10/06 05:08:13 | 000,001,115 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/10/06 05:08:13 | 000,000,627 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2010/10/06 03:47:36 | 000,000,000 | ---- | C] () -- C:\Users\daemian2k\defogger_reenable
[2010/10/04 21:53:15 | 000,000,088 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\default.pls
[2010/10/02 08:23:23 | 000,000,018 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\1a5e2d17
[2010/10/01 22:47:37 | 000,000,149 | -HS- | C] () -- C:\ProgramData\445545024
[2010/10/01 22:47:35 | 000,001,185 | ---- | C] () -- C:\ProgramData\983847276
[2010/10/01 22:45:56 | 000,000,552 | ---- | C] () -- C:\Users\daemian2k\AppData\Local\d3d8caps.dat
[2010/07/26 19:08:20 | 000,000,037 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\AVSMediaPlayer.m3u
[2010/06/22 08:28:45 | 000,000,133 | ---- | C] () -- C:\Windows\VobEdit.INI
[2010/05/29 09:37:35 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/05/29 09:37:35 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/03/14 22:56:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/09/06 20:25:55 | 000,000,600 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\AutoGK.ini
[2009/09/04 17:22:29 | 000,004,096 | -H-- | C] () -- C:\Users\daemian2k\AppData\Local\keyfile3.drm
[2009/08/30 10:23:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/06 13:05:29 | 000,002,131 | ---- | C] () -- C:\Windows\aopr.ini
[2009/07/28 12:51:52 | 000,001,057 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\vso_ts_preview.xml
[2009/05/31 17:12:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/31 17:12:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/27 22:57:50 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2009/05/27 22:57:09 | 000,000,034 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\pcouffin.log
[2009/05/27 22:56:04 | 000,007,887 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\pcouffin.cat
[2009/05/27 22:56:04 | 000,001,144 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\pcouffin.inf
[2009/04/13 08:47:07 | 000,000,097 | ---- | C] () -- C:\Users\daemian2k\AppData\Local\fusioncache.dat
[2009/03/31 13:34:16 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/03/11 22:29:31 | 000,001,741 | ---- | C] () -- C:\Windows\wininit.ini
[2009/03/10 12:50:51 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2009/03/07 12:27:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/25 16:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/13 23:13:14 | 000,052,736 | ---- | C] () -- C:\Users\daemian2k\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/08 18:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/27 18:20:05 | 000,000,000 | ---- | C] () -- C:\Users\daemian2k\AppData\Roaming\wklnhst.dat
[2008/12/26 23:51:35 | 000,005,972 | ---- | C] () -- C:\Users\daemian2k\AppData\Local\d3d9caps.dat
[2008/10/14 18:22:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/10/14 18:22:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/10/14 18:04:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/14 18:04:00 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/10/14 18:03:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/10/14 17:54:42 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/14 17:44:57 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/09/11 15:15:21 | 000,003,540 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2008/05/04 17:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/03/26 10:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007/02/20 14:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/02/20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/02/20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/02/20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/02/20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/02/20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/20 14:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:C95B63DA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2B99FE60
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3E7393FC
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4BB26BE9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:8173A019

< End of report >


OTL Extras Log:
OTL Extras logfile created on: 11/2/2010 8:54:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\daemian2k\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 22.73 Gb Free Space | 15.78% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 48.91 Gb Free Space | 34.81% Space Free | Partition Type: NTFS

Computer Name: DAEMIAN2K-PC | User Name: daemian2k | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4159225764-1826731248-3143191500-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- D:\Program Files\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001F91DA-E8E1-4347-96BC-D60DD994AB27}" = rport=2869 | protocol=6 | dir=out | app=system |
"{00A70A1B-82D3-4050-B447-7E436F3FD729}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0433AB18-C1F8-4B8F-887A-7128F1E1AC5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07F95D49-8A83-4473-9671-A8E160FCE5FF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0AD7C4F5-D78A-484D-B85E-2159F98DE69D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F5B3563-A201-43BC-BA9A-E92D3ED095C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12416EA5-655E-4ACB-BD1F-9766AAC727B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{14487AE2-F285-401F-B7FB-3E52FE950E95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{154FA49D-E1B1-4BE8-A391-7DA97825A315}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1A2DA851-4601-4052-A056-50FF061621A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{30947D63-A264-413C-8DA2-1091BA3151F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3305787C-36EE-4025-9357-D72DEB1CB549}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{38173B8B-6A6F-47E1-A8A0-F4ABED53D1FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CB3EFFB-ED4E-4DCE-99F1-5607725D93DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{542669D8-5EF9-4519-9099-67A208BD56E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5610732B-119B-4220-B3FF-E6C51FBC2E6E}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{5CB9CCBF-5528-4614-8C05-FE55CEC45828}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6BCAD8A6-6719-43AB-AB48-0B011DDB652D}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C5F220B-BCEE-493C-90D0-F8E48E34F413}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70F40551-0467-498F-8243-789D72E648C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8012EF85-197D-4F8D-806F-B4A1096BAA34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81AB3E79-8922-46C5-872C-096A36C83294}" = rport=2178 | protocol=6 | dir=out | app=system |
"{842DBF10-9283-4CD1-A484-A4C5C1351151}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{87A9E9DA-0011-48A1-823A-07242AF98437}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ABE25F9D-BF61-42FF-B803-CF1D2581C654}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ABE7E12C-E9F2-44EC-A1F7-45AEC800551A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B2624FC9-AB54-46F6-8F18-419E48C65293}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3396B3D-F01D-4A70-9B43-54DFF47D9752}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC525B1B-4284-4CD6-BE38-D9CF089860EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFA769BF-1ABD-4BBA-9C5F-14B8DE962F4E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7A60866-AE6A-45AD-A3DB-9BC06AB9897F}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC6A604C-54EF-4707-B82F-D9714509385D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD264473-4C4E-4F18-8196-CB1DD6F62F66}" = rport=137 | protocol=17 | dir=out | app=system |
"{CE9D79E6-2A26-4B6C-A035-74D249F143B9}" = lport=138 | protocol=17 | dir=in | app=system |
"{E264B7B5-057B-4873-9D1C-4941EC506088}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{E61D03B4-8563-41A5-9DA4-8449BB2F707F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F0668502-BC74-4045-B532-8901F5869EF8}" = rport=445 | protocol=6 | dir=out | app=system |
"{F635E80A-534E-45AA-9CA0-3C49A8DFDA36}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F9723830-9A8C-4CAF-8CC1-E0E6BD22FCBA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FAFBB360-6D82-48A3-981B-1E55F2E3F1CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{FEBE62CA-3666-41AC-8866-8C022B81CEBC}" = lport=2178 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C5F26B-D655-4C36-A8AB-E91FAE44EF2D}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{09DC32B4-E0BF-4C1E-A430-68A1A1EB8AE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C8098A8-2A4E-40C7-98D0-B620ED51B3E4}" = protocol=6 | dir=out | app=system |
"{0E94C84B-858B-4901-806B-385B80C42AD5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{178ADA2D-A070-4E54-B0F6-C05954727D30}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{19E753E8-1F47-4628-B57D-9FA9395B826F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{1ACD8ED4-74D8-4A9B-92A9-25C311244365}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{2100E131-A5DE-4F8C-8AFF-C7225575E020}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2424CC2F-BE9E-4E1A-BFBB-0E41F2C3755B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{279656FB-DAD5-4D32-98F7-E7F84E29F6EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27B5A52C-5920-41CD-B038-B7AD9A5DDD14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E52DA84-BC85-4782-8ED1-4E4224F10B93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{303CE1D8-4F67-4F5E-8877-F2B77A05E855}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{30EFAD04-3B8E-45E4-BE32-1BF868A41523}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{373E508F-ECF0-4847-A085-41CEDC38B8CE}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{3A598B70-64E9-484A-82E9-E7E6B30DD66E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CCB4177-A5B5-4704-B507-3D6BABCD6D19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{436FD1DA-174F-437A-AF1A-29DBC1F9FE7C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{596F08B9-5354-490D-8FFE-126ACFEE539F}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{5E12CAC7-D893-494B-8D24-D40E46B58210}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{61A42CBA-0DD6-4F44-A67E-64AA2A71B494}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6D4C42B3-3F02-407D-A9CD-ACE0DA53D0C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E0AA999-2F71-4B7E-A952-C0E41552C409}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{6EAE2624-6803-4F70-8013-BF071C4E0A5C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7112FA36-0482-48C4-9B76-13F896789AF4}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{7AABD160-458D-4882-806A-0A6B9BC0D56E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{7E232E07-0334-4F06-8C7E-E5800C4A2753}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81088E8D-4294-4D7D-B905-7E762142374F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8800327C-FD2C-43BD-8B6E-4931F839A517}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{892191BD-0BCF-4A7D-954C-880C8FF09298}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{92D09E0C-E70C-41E9-B04F-E4C98DCED650}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{930EF457-1C37-4E4A-85CA-D7595884A7AD}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\empire earth iii\ee3.exe |
"{982C69CE-2A4F-4D02-98F5-168E5CD85863}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A3CC530-691F-45E1-998B-E2B702269BA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC5ECBBA-3326-4E1B-AE74-D2FFFCEE3562}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{AE6E0FB8-1429-47E6-B49F-FB27C2EFF0E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{B1A893C2-E49C-4B19-9530-75AE402972DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{C53CEAD9-E126-4711-BC59-C311CDC56429}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D47C6E8A-18AB-4CF6-96DD-7EEDEA7A75C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4B0F853-A96F-4FEE-9FE7-82509CA2F32A}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\empire earth iii\ee3.exe |
"{E98D5901-347B-46E8-B805-D4EEB2FFEF9B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{EF7BB042-1598-400D-8BE3-D18ABA0A09DD}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"TCP Query User{103F022B-F510-49D8-A484-092A10A6E31A}C:\program files\acer arcade deluxe\homemedia\homemedia.exe" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"TCP Query User{1CF4AE71-AB35-4E5D-BCBD-B334315C761A}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{2C6A8789-3F86-4D04-A06F-B5C80C319E18}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{3B97ED7B-E2F9-4DC5-BB12-CE840FCC5C65}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{68344594-9AB0-43AE-8E40-35D79132DC36}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6CE1C191-9EA2-494B-83FD-2EBF233365B8}C:\users\daemian2k\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\daemian2k\program files\dna\btdna.exe |
"TCP Query User{8CB5167D-A8B4-48EB-B17F-B36C4CF4B3E3}C:\program files\acer arcade deluxe\homemedia\homemedia.exe" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"TCP Query User{B79ADDB8-8FF1-423D-9848-21180ECFD759}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{0F5C5AF8-2603-40E9-9E5B-281FB0568740}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{24CD657B-9588-4DE6-975E-4C0D19561C84}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{3B96BB57-0FD1-4AD7-8E6C-D2C6B85A10D5}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3D705865-D31B-4DB1-BBEF-C46156EA38AA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{5D4C1753-32B2-4150-9172-D43D1D7B1EBE}C:\users\daemian2k\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\daemian2k\program files\dna\btdna.exe |
"UDP Query User{9B322DB8-F815-450A-A615-C032DB847A45}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{A3C5A5D3-E8BF-46CD-9F06-4800BA93D3B9}C:\program files\acer arcade deluxe\homemedia\homemedia.exe" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"UDP Query User{D2352847-BBCD-4C0D-AE64-9E05AE44E969}C:\program files\acer arcade deluxe\homemedia\homemedia.exe" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15C5D9F6-B789-4A5F-BD76-B3EFBD516FF4}" = Crosby API Lift Guide
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 22
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{670689BE-C7B8-4490-8A30-C1F566E81033}" = Nero 8 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Bejeweled Twist 1.0.3" = Bejeweled Twist 1.0.3
"BookWorm Deluxe" = BookWorm Deluxe
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Company of Heroes" = Company of Heroes
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GridVista" = Acer GridVista
"Haegemonia_Demo" = Haegemonia_Demo (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSC" = McAfee Internet Security
"Peggle Deluxe1.0" = Peggle Deluxe
"Plants vs. Zombies" = Plants vs. Zombies
"ProInst" = Intel PROSet Wireless
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sins of a Solar Empire" = Sins of a Solar Empire
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VLC media player" = VLC media player 1.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4159225764-1826731248-3143191500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/16/2010 5:55:38 AM | Computer Name = daemian2k-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/16/2010 5:55:46 AM | Computer Name = daemian2k-PC | Source = VSS | ID = 8194
Description =

Error - 10/18/2010 11:11:28 PM | Computer Name = daemian2k-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2010 11:11:37 PM | Computer Name = daemian2k-PC | Source = VSS | ID = 8194
Description =

Error - 10/18/2010 11:12:20 PM | Computer Name = daemian2k-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/18/2010 11:12:20 PM | Computer Name = daemian2k-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/19/2010 9:41:39 PM | Computer Name = daemian2k-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/19/2010 9:41:47 PM | Computer Name = daemian2k-PC | Source = VSS | ID = 8194
Description =

Error - 10/26/2010 7:10:32 PM | Computer Name = daemian2k-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/26/2010 7:10:39 PM | Computer Name = daemian2k-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 11/2/2010 7:58:51 AM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/2/2010 8:23:38 AM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/2/2010 8:35:45 AM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/2/2010 9:13:27 AM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/2/2010 9:25:34 AM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/2/2010 9:47:41 AM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/2/2010 10:09:48 AM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/2/2010 7:10:04 PM | Computer Name = daemian2k-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/2/2010 7:10:12 PM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/2/2010 7:10:12 PM | Computer Name = daemian2k-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 10.1.0.101, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users