Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No AV picks up this


  • Please log in to reply
21 replies to this topic

#1 uncle scotty

uncle scotty

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 25 October 2010 - 08:54 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:35 PM, on 10/22/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\us\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27360910t225l0464z1m5t5682o35s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27360910t225l0464z1m5t5682o35s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27360910t225l0464z1m5t5682o35s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27360910t225l0464z1m5t5682o35s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5136 bytes




StartupList report, 10/22/2010, 11:50:59 PM
StartupList version: 1.52.2
Started from : C:\Users\us\Desktop\HijackThis.EXE
Detected: Windows 7 (WinNT 6.00.3504)
Detected: Internet Explorer v8.00 (8.00.7600.16385)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\us\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IAStorIcon = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\System32\Acer.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

Acer Registration - Reminder Recall task.job
GoogleUpdateTaskUserS-1-5-21-3607930112-2011910011-3308181592-1000Core.job
GoogleUpdateTaskUserS-1-5-21-3607930112-2011910011-3308181592-1000UA.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\System32\mswsock.dll
NameSpace #3: C:\Windows\System32\winrnr.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

1394 OHCI Compliant Host Controller: \SystemRoot\system32\DRIVERS\1394ohci.sys (manual start)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
ACPI Power Meter Driver: \SystemRoot\system32\DRIVERS\acpipmi.sys (manual start)
adp94xx: \SystemRoot\system32\DRIVERS\adp94xx.sys (manual start)
adpahci: \SystemRoot\system32\DRIVERS\adpahci.sys (manual start)
adpu320: \SystemRoot\system32\DRIVERS\adpu320.sys (manual start)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (manual start)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\DRIVERS\aliide.sys (manual start)
amdide: \SystemRoot\system32\DRIVERS\amdide.sys (manual start)
AMD K8 Processor Driver: \SystemRoot\system32\DRIVERS\amdk8.sys (manual start)
AMD Processor Driver: \SystemRoot\system32\DRIVERS\amdppm.sys (manual start)
amdsata: \SystemRoot\system32\DRIVERS\amdsata.sys (manual start)
amdsbs: \SystemRoot\system32\DRIVERS\amdsbs.sys (manual start)
amdxata: system32\DRIVERS\amdxata.sys (system)
@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\DRIVERS\arc.sys (manual start)
arcsas: \SystemRoot\system32\DRIVERS\arcsas.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\DRIVERS\atapi.sys (system)
Atheros Extensible Wireless LAN device driver: system32\DRIVERS\athrx.sys (manual start)
Windows Audio Endpoint Builder: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom NetXtreme II VBD: \SystemRoot\system32\DRIVERS\bxvbda.sys (manual start)
Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60a.sys (manual start)
@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
blbdrive: \SystemRoot\system32\DRIVERS\blbdrive.sys (system)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\DRIVERS\BrFiltLo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\DRIVERS\BrFiltUp.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (manual start)
Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (manual start)
Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\DRIVERS\bthmodem.sys (manual start)
@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k bthsvcs (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\DRIVERS\circlass.sys (manual start)
@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft .NET Framework NGEN v2.0.50727_X64: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (manual start)
Microsoft ACPI Control Method Battery Driver: \SystemRoot\system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\DRIVERS\cmdide.sys (manual start)
: System32\Drivers\cng.sys (system)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
Composite Bus Enumerator Driver: \SystemRoot\system32\DRIVERS\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: \SystemRoot\system32\DRIVERS\crcdisk.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)
Disk Driver: system32\DRIVERS\disk.sys (system)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Trusted Audio Drivers: system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\DRIVERS\evbda.sys (manual start)
@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (manual start)
elxstor: \SystemRoot\system32\DRIVERS\elxstor.sys (manual start)
Acer ePower Service: C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (autostart)
Microsoft Hardware Error Device Driver: \SystemRoot\system32\DRIVERS\errdev.sys (manual start)
Windows Event Log: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Floppy Disk Controller Driver: \SystemRoot\system32\DRIVERS\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: \SystemRoot\system32\DRIVERS\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\DRIVERS\gagp30kx.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (manual start)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: \SystemRoot\system32\DRIVERS\HDAudBus.sys (manual start)
HID UPS Battery Driver: \SystemRoot\system32\DRIVERS\HidBatt.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\DRIVERS\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\DRIVERS\hidir.sys (manual start)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
HpSAMD: \SystemRoot\system32\DRIVERS\HpSAMD.sys (manual start)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (manual start)
Intel AHCI Controller: system32\DRIVERS\iaStor.sys (system)
Intel® Rapid Storage Technology: "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" (autostart)
iaStorV: \SystemRoot\system32\DRIVERS\iaStorV.sys (manual start)
igfx: system32\DRIVERS\igdkmd64.sys (manual start)
iirsp: \SystemRoot\system32\DRIVERS\iirsp.sys (manual start)
IKE and AuthIP IPsec Keying Modules: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RTKVHD64.sys (manual start)
intelide: \SystemRoot\system32\DRIVERS\intelide.sys (manual start)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
IP Helper: %SystemRoot%\System32\svchost.exe -k NetSvcs (manual start)
IPMIDRV: \SystemRoot\system32\DRIVERS\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
isapnp: \SystemRoot\system32\DRIVERS\isapnp.sys (manual start)
iScsiPort Driver: \SystemRoot\system32\DRIVERS\msiscsi.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (manual start)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
Kernel Streaming Thunks: \SystemRoot\system32\drivers\ksthunk.sys (manual start)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller: system32\DRIVERS\L1C62x64.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Lavasoft Ad-Aware Service: "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" (autostart)
Lavasoft helper driver: \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys (manual start)
Lbd: system32\DRIVERS\Lbd.sys (system)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (disabled)
LSI_FC: \SystemRoot\system32\DRIVERS\lsi_fc.sys (manual start)
LSI_SAS: \SystemRoot\system32\DRIVERS\lsi_sas.sys (manual start)
LSI_SAS2: \SystemRoot\system32\DRIVERS\lsi_sas2.sys (manual start)
LSI_SCSI: \SystemRoot\system32\DRIVERS\lsi_scsi.sys (manual start)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
megasas: \SystemRoot\system32\DRIVERS\megasas.sys (manual start)
MegaSR: \SystemRoot\system32\DRIVERS\MegaSR.sys (manual start)
Multimedia Class Scheduler: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
mpio: \SystemRoot\system32\DRIVERS\mpio.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\DRIVERS\msahci.sys (manual start)
msdsm: \SystemRoot\system32\DRIVERS\msdsm.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
msisadrv: system32\DRIVERS\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: \SystemRoot\system32\DRIVERS\mssmbios.sys (system)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft Input Configuration Driver: \SystemRoot\system32\DRIVERS\MTConfig.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
nfrd960: \SystemRoot\system32\DRIVERS\nfrd960.sys (manual start)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
NTI IScheduleSvc: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (autostart)
NTIDrvr: \??\C:\Windows\system32\drivers\NTIDrvr.sys (manual start)
nvraid: \SystemRoot\system32\DRIVERS\nvraid.sys (manual start)
nvstor: \SystemRoot\system32\DRIVERS\nvstor.sys (manual start)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\DRIVERS\nv_agp.sys (manual start)
1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\DRIVERS\ohci1394.sys (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Parallel port driver: \SystemRoot\system32\DRIVERS\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
Program Compatibility Assistant Service: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
pciide: \SystemRoot\system32\DRIVERS\pciide.sys (manual start)
pcmcia: \SystemRoot\system32\DRIVERS\pcmcia.sys (manual start)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\sysWow64\perfhost.exe,-2: %SystemRoot%\SysWow64\perfhost.exe (manual start)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
Power: %SystemRoot%\system32\svchost.exe -k DcomLaunch (manual start)
@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\DRIVERS\processr.sys (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
ql2300: \SystemRoot\system32\DRIVERS\ql2300.sys (manual start)
ql40xx: \SystemRoot\system32\DRIVERS\ql40xx.sys (manual start)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)
WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (manual start)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
Remote Desktop Device Redirector Bus Driver: \SystemRoot\system32\DRIVERS\rdpbus.sys (manual start)
@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)
@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)
@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)
ReadyBoost: System32\drivers\rdyboost.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k regsvc (disabled)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
RtsUStor.Sys Realtek USB Card Reader: \SystemRoot\System32\Drivers\RtsUStor.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
sbp2port: \SystemRoot\system32\DRIVERS\sbp2port.sys (manual start)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
Secondary Logon: %windir%\system32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\sensrsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Serenum Filter Driver: \SystemRoot\system32\DRIVERS\serenum.sys (manual start)
Serial: \SystemRoot\system32\DRIVERS\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\DRIVERS\sermouse.sys (manual start)
Remote Desktop Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
SFF Storage Class Driver: \SystemRoot\system32\DRIVERS\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\DRIVERS\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\DRIVERS\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\DRIVERS\sfloppy.sys (manual start)
Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiSRaid2: \SystemRoot\system32\DRIVERS\SiSRaid2.sys (manual start)
SiSRaid4: \SystemRoot\system32\DRIVERS\sisraid4.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
Print Spooler: %SystemRoot%\System32\spoolsv.exe (disabled)
@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)
@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
stexstor: \SystemRoot\system32\DRIVERS\stexstor.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (disabled)
Software Bus Driver: \SystemRoot\system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: \SystemRoot\system32\DRIVERS\termdd.sys (system)
Remote Desktop Services: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Windows Modules Installer: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (manual start)
Microsoft Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\DRIVERS\uagp35.sys (manual start)
UBHelper: \??\C:\Windows\system32\drivers\UBHelper.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\DRIVERS\uliagpkx.sys (manual start)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
Microsoft UMPass Driver: \SystemRoot\system32\DRIVERS\umpass.sys (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\DRIVERS\usbcir.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: \SystemRoot\system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: \SystemRoot\system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: \SystemRoot\system32\DRIVERS\usbprint.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: \SystemRoot\system32\DRIVERS\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
Microsoft Virtual Drive Enumerator Driver: system32\DRIVERS\vdrvroot.sys (system)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
: \SystemRoot\System32\drivers\vga.sys (system)
vhdmp: \SystemRoot\system32\DRIVERS\vhdmp.sys (manual start)
viaide: \SystemRoot\system32\DRIVERS\viaide.sys (manual start)
Volume Manager Driver: system32\DRIVERS\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\DRIVERS\volsnap.sys (system)
vsmraid: \SystemRoot\system32\DRIVERS\vsmraid.sys (manual start)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
Virtual WiFi Bus Driver: system32\DRIVERS\vwifibus.sys (manual start)
Virtual WiFi Filter Driver: system32\DRIVERS\vwififlt.sys (system)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Wacom Serial Pen HID Driver: \SystemRoot\system32\DRIVERS\wacompen.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (system)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Wd: \SystemRoot\system32\DRIVERS\wd.sys (manual start)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Event Collector: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)
WIMMount: system32\drivers\wimmount.sys (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Remote Management (WS-Management): %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
WLAN AutoConfig: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (disabled)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\DRIVERS\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (manual start)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\System32\drivers\ws2ifsl.sys,-1000: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Windows Search: %systemroot%\system32\SearchIndexer.exe /Embedding (manual start)
Windows Update: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
User Mode Driver Frameworks Platform Driver: system32\drivers\WudfPf.sys (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\System32\wwansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 46,517 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 03 November 2010 - 06:30 PM

Hello uncle scotty

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 uncle scotty

uncle scotty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 10 November 2010 - 03:24 PM

ok...I had to run the recovery to get this to run....I was locked out of running anything as administrator.

below is the results of running OTL


OTL Extras logfile created on: 11/10/2010 3:01:41 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\s\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.78 Gb Total Space | 189.38 Gb Free Space | 86.17% Space Free | Partition Type: NTFS

Computer Name: S-PC | User Name: s | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\s\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft Security Essentials" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2010 6:18:49 AM | Computer Name = s-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 11/9/2010 6:19:03 AM | Computer Name = s-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/9/2010 6:19:03 AM | Computer Name = s-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/9/2010 6:19:03 AM | Computer Name = s-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/9/2010 6:19:03 AM | Computer Name = s-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 11/9/2010 7:17:34 AM | Computer Name = s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Redistributable
Package (KB973924).

Error - 11/9/2010 7:38:03 AM | Computer Name = s-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Audio service depends on the Multimedia Class Scheduler
service which failed to start because of the following error: %%1058

Error - 11/9/2010 7:47:10 AM | Computer Name = s-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Audio service depends on the Multimedia Class Scheduler
service which failed to start because of the following error: %%1058

Error - 11/9/2010 7:47:50 AM | Computer Name = s-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Audio service depends on the Multimedia Class Scheduler
service which failed to start because of the following error: %%1058

Error - 11/9/2010 7:48:31 AM | Computer Name = s-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Audio service depends on the Multimedia Class Scheduler
service which failed to start because of the following error: %%1058

Error - 11/9/2010 7:48:39 AM | Computer Name = s-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Audio service depends on the Multimedia Class Scheduler
service which failed to start because of the following error: %%1058

Error - 11/9/2010 7:52:31 AM | Computer Name = s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Windows Live Essentials 2011 (KB2434419).

Error - 11/9/2010 7:52:31 AM | Computer Name = s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Microsoft .NET Framework 4 Client Profile for Windows 7
x64-based Systems (KB982670).

Error - 11/9/2010 8:04:47 AM | Computer Name = s-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel®
Rapid Storage Technology service to connect.

Error - 11/9/2010 8:04:47 AM | Computer Name = s-PC | Source = Service Control Manager | ID = 7000
Description = The Intel® Rapid Storage Technology service failed to start due
to the following error: %%1053


< End of report >


OTL logfile created on: 11/10/2010 3:14:54 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\s\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.78 Gb Total Space | 189.38 Gb Free Space | 86.17% Space Free | Partition Type: NTFS

Computer Name: S-PC | User Name: s | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/10 15:01:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\s\Desktop\OTL.exe
PRC - [2010/11/01 13:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\s\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/03/03 05:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 05:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 05:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 10:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2009/12/24 17:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 17:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/12/23 16:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 16:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (SafeList) ==========

MOD - [2010/11/10 15:01:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\s\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/03 05:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 10:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2009/12/23 16:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/11/05 16:51:20 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2009/11/05 16:50:50 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/22 02:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/17 09:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/01 19:54:18 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 04:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 18:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 18:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 18:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/09/01 17:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361110t225l0464z1m5t5682o35s
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361110t225l0464z1m5t5682o35s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361110t225l0464z1m5t5682o35s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361110t225l0464z1m5t5682o35s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361110t225l0464z1m5t5682o35s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Global Registration] C:\Program Files (x86)\Acer\Registration\GREG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 15:01:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\s\Desktop\OTL.exe
[2010/11/10 02:15:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/09 18:59:54 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\Google
[2010/11/09 18:59:27 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\Apps
[2010/11/09 18:59:26 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\Deployment
[2010/11/09 03:45:18 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\Windows Live
[2010/11/09 03:44:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/11/09 03:44:25 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/11/09 03:44:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/11/09 03:44:24 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/11/09 03:44:24 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/11/09 03:44:23 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/11/09 03:44:23 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/11/09 03:44:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/11/09 03:44:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/11/09 03:23:26 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/11/09 03:23:26 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/11/09 03:23:26 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/11/09 03:23:26 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/11/09 03:23:26 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/11/09 03:23:26 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/11/09 03:23:25 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/11/09 03:23:25 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/11/09 03:11:51 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/11/09 03:11:50 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/11/09 03:11:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/11/09 03:11:18 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/11/09 03:11:18 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/11/09 03:11:18 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/11/09 03:11:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/11/09 03:11:18 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/11/09 03:11:18 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/11/09 03:11:18 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/11/09 03:11:15 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/11/09 03:11:15 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/11/09 03:11:14 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/11/09 03:11:05 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/11/09 03:10:41 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/11/09 03:10:39 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/11/09 03:10:37 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/11/09 03:10:35 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/11/09 03:10:29 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/11/09 03:10:29 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/11/09 03:10:28 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/11/09 03:10:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/11/09 03:10:24 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/11/09 03:10:24 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/11/09 03:10:21 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/11/09 03:09:16 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/11/09 03:08:59 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/11/09 03:08:59 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/11/09 03:08:58 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/11/09 03:08:57 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/11/09 03:08:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/11/09 03:07:42 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/11/09 03:07:42 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/11/09 03:07:35 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/11/09 03:07:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/11/09 03:07:33 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/11/09 03:07:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/11/09 03:07:33 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/11/09 03:07:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/09 03:07:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/11/09 03:07:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/11/09 03:07:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/11/09 03:07:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/11/09 03:07:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/11/09 03:07:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/11/09 03:07:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/11/09 03:07:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/11/09 03:07:26 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/11/09 03:07:26 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/11/09 03:07:26 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/11/09 03:07:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/11/09 03:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/09 03:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/09 03:05:35 | 008,731,168 | ---- | C] (Microsoft Corporation) -- C:\Users\s\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/11/09 03:03:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/11/09 03:03:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/11/09 03:03:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/11/09 03:03:07 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/11/09 01:15:19 | 000,000,000 | ---D | C] -- C:\Windows\OEMTemp
[2010/11/09 00:53:33 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Roaming\Google
[2010/11/09 00:47:33 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\Adobe
[2010/11/09 00:45:04 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Roaming\Adobe
[2010/11/09 00:30:14 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\Diagnostics
[2010/11/08 23:37:04 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/11/08 23:37:04 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/11/08 23:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/11/08 23:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/11/08 23:36:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/11/08 23:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/11/08 23:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/11/08 23:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/11/08 23:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2010/11/08 23:33:14 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/11/08 23:33:14 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/11/08 23:33:14 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/11/08 23:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/11/08 23:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/11/08 23:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/11/08 23:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Crystal Eye webcam
[2010/11/08 23:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2010/11/08 23:28:57 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Roaming\Intel Corporation
[2010/11/08 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\EgisTec IPS
[2010/11/08 23:28:43 | 000,000,000 | ---D | C] -- C:\book
[2010/11/08 23:28:42 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Roaming\Macromedia
[2010/11/08 23:28:24 | 000,000,000 | R--D | C] -- C:\Users\s\Searches
[2010/11/08 23:28:24 | 000,000,000 | -H-D | C] -- C:\Users\s\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/08 23:28:16 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Roaming\Identities
[2010/11/08 23:28:13 | 000,000,000 | R--D | C] -- C:\Users\s\Contacts
[2010/11/08 23:28:11 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\VirtualStore
[2010/11/08 23:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2010/11/08 23:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\AppData\Local\Temporary Internet Files
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Templates
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Start Menu
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\SendTo
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Recent
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\PrintHood
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\NetHood
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Documents\My Videos
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Documents\My Pictures
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Documents\My Music
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\My Documents
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Local Settings
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\AppData\Local\History
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Cookies
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\Application Data
[2010/11/08 23:25:01 | 000,000,000 | -HSD | C] -- C:\Users\s\AppData\Local\Application Data
[2010/11/08 23:25:00 | 000,000,000 | --SD | C] -- C:\Users\s\AppData\Roaming\Microsoft
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\Videos
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\Saved Games
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\Pictures
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\Music
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\Links
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\Favorites
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\Downloads
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\My Documents
[2010/11/08 23:25:00 | 000,000,000 | R--D | C] -- C:\Users\s\Desktop
[2010/11/08 23:25:00 | 000,000,000 | -H-D | C] -- C:\Users\s\AppData
[2010/11/08 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\Temp
[2010/11/08 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Local\Microsoft
[2010/11/08 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\s\AppData\Roaming\Media Center Programs
[2010/11/08 23:24:44 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/11/08 23:20:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/11/08 23:18:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2010/11/08 23:18:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/11/08 23:18:57 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2010/11/08 23:17:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/08 23:12:50 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log

========== Files - Modified Within 30 Days ==========

[2010/11/10 15:05:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1192473185-1943868580-2991228626-1000UA.job
[2010/11/10 15:01:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\s\Desktop\OTL.exe
[2010/11/10 15:00:56 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/10 15:00:56 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/10 15:00:07 | 000,007,588 | ---- | M] () -- C:\Users\s\AppData\Local\Resmon.ResmonCfg
[2010/11/10 14:53:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/10 14:53:07 | 2360,844,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 14:52:30 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2010/11/10 13:25:58 | 000,341,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/09 19:05:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1192473185-1943868580-2991228626-1000Core.job
[2010/11/09 19:00:29 | 000,002,262 | ---- | M] () -- C:\Users\s\Desktop\Google Chrome.lnk
[2010/11/09 03:45:48 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/09 03:45:48 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/09 03:45:48 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/09 03:28:32 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/11/09 03:06:11 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/09 03:05:46 | 008,731,168 | ---- | M] (Microsoft Corporation) -- C:\Users\s\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/11/09 03:00:51 | 000,001,405 | ---- | M] () -- C:\Users\s\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/08 23:32:58 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/11/08 23:32:58 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/11/08 23:32:58 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/11/08 23:31:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/11/08 23:29:23 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2010/11/08 23:25:24 | 000,015,270 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2010/11/08 23:24:27 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/11/08 23:24:27 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/11/08 23:20:17 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010/11/08 23:12:50 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag

========== Files Created - No Company Name ==========

[2010/11/09 19:00:29 | 000,002,262 | ---- | C] () -- C:\Users\s\Desktop\Google Chrome.lnk
[2010/11/09 19:00:01 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1192473185-1943868580-2991228626-1000UA.job
[2010/11/09 19:00:01 | 000,000,840 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1192473185-1943868580-2991228626-1000Core.job
[2010/11/09 03:28:32 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/11/09 03:06:11 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/09 03:00:51 | 000,001,405 | ---- | C] () -- C:\Users\s\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/09 02:27:18 | 000,007,588 | ---- | C] () -- C:\Users\s\AppData\Local\Resmon.ResmonCfg
[2010/11/08 23:31:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/11/08 23:29:23 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2010/11/08 23:25:24 | 000,015,270 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2010/11/08 23:25:00 | 000,000,290 | ---- | C] () -- C:\Users\s\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/08 23:25:00 | 000,000,272 | ---- | C] () -- C:\Users\s\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/08 23:20:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010/11/08 23:17:11 | 2360,844,288 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 23:14:04 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/07/13 21:08:49 | 000,005,132 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files


Edited by uncle scotty, 10 November 2010 - 03:25 PM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 10 November 2010 - 06:43 PM

Hi I really do not see any signs of malware what are your symptoms in detail please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 uncle scotty

uncle scotty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 04 December 2010 - 11:06 PM

Ok, OTL runs but only gives me the OTL.txt file. The extras.txt file is not being shown.

attached is the OTL.txt file

I ran SuperAntispyware and it found 2 IE trojans and fixed them, but There seems to be other things going on and I think that whatever it is is spoofing the digital driver signing.

I have tried Malwarebytes Antimalware, AVG free, and Trend Housecall and neither found anything.

Attached Files

  • Attached File  OTL.Txt   80.7KB   2 downloads


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 05 December 2010 - 06:18 PM

What makes you think you are infected?
Please post the findings of the superantispyware scanner log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 uncle scotty

uncle scotty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 15 December 2010 - 04:29 AM

I think every computer in the house is infected.

Both of my computers are having all sorts of things going on that lead me to believe that they are hijacked and under remote control. and are being redirected.
All of the drivers are obviously hacked and the error logs are just full of things that dont make any sense other than to point to total infection

what I wanna do is 100% nuke this computer all the way down to the motherboard and start over with it.

I want to clear all the possible hiding places and start over with the recovery media.



What do I need to do to accomplish this???

I want this computer 100% WIPED CLEAN.

It is an ACER Aspire 5734Z

HOW???

Edited by uncle scotty, 15 December 2010 - 04:32 AM.


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 15 December 2010 - 07:54 AM

If all of the computers are showing signs of redirects then it sounds like it is coming from your router.
Please do this as a test.
Take one of the computers and disconnect it from the router and take the plug from the modem and plug it directly into the computer and see if then it is redirected.
It is highly unlikely that all computers are infected.
Let me know if that fixes the redirects if you still want to reformat after that then I will give you instructions.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 uncle scotty

uncle scotty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 16 December 2010 - 08:30 PM

Yeah....I only connect to the router by wire.

Regardless of all of this....what I really want to do is get rid of the phantom partition on the hdd and 'clear' all of the possible hiding places on the motherboard and in the processor.

I see multiple instances of the same things in the device manager with different drivers, and these things were not there when the computer was new, and all sorts of new 'services' that shouldnt be there, either.

Also, the vga drivers and the webcam seem to be related to all of this.

Also....is there a link you could post that will show me how to 'lock up' win7 against all of these kinds of issues?? It seems that win 7 is just wide open to exploitation through UAC.

Thanks for your help...I really just want to get this computer 100% wiped and start over with it, and just diong a 'recovery' does not get rid of these things that just come right back.

Edited by uncle scotty, 16 December 2010 - 08:32 PM.


#10 uncle scotty

uncle scotty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 17 December 2010 - 12:20 AM

OK....now this is REALLY weird.....I just started using another computer, here...a new, out of the box, computer.....First boot was tuesday.....and it now has some OTL.txt files in the 'downloads' folder from the Acer laptop from 04DEC10

There is NO WAY IN HELL that I downloaded them or put them on THIS computer.....how can this happen?

There is something REALLY strange going on here.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 17 December 2010 - 07:14 AM

Not sure how that is even possible unless the system was used before by someone else.

If you want to wipe and reinstall then please tell me the type of computer this is?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 uncle scotty

uncle scotty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 17 December 2010 - 09:30 AM

Not sure how that is even possible unless the system was used before by someone else.

If you want to wipe and reinstall then please tell me the type of computer this is?



OK....the Acer Aspire 5734Z is the first one.

I have the recovery discs.


And I am starting to worry about the network in this house.....is it possible somebody has hacked the router and has done these things????

and how to stop all of this if so???

I am starting to think that someone has done this

#13 uncle scotty

uncle scotty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 17 December 2010 - 09:45 AM

Ok so I think somebody hacked the router and has changed the routing table

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 17 December 2010 - 02:28 PM

This is why I asked to unhook from the router.
The router is more than likely infected.
You will need to reset it to get rid of any infected parts.
You will however lose all settings inside so if you do not know how to set it back up let me know.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 uncle scotty

uncle scotty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 17 December 2010 - 08:50 PM

OK the router is all good....but I still need to wipe the Acer......TOTALLY wipe it

steps???




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users