Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Preparing computer for malware removal guide


  • This topic is locked This topic is locked
51 replies to this topic

#1 flaps604

flaps604

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 25 November 2010 - 11:24 AM

Hi,

first off a big thank you to those of you who give your time to helping the likes of me, it is greatly appreciated.

I have a problem with my PC that keeps directing me to websites i don't want to go to, redirecting me from search results and generally being very annoying, so I have started at step 1 and worked my way through the Malware removal guide posted here (http://www.bleepingcomputer.com/forums/topic34773.html).

I have got as far as step 8 and everything has gone fine, but I am having trouble with the step 'create a GMER log'.
I click the link, save the file, right click on th saved file, click 'extract all' and then it starts to deviate from the guide, perhaps because I am running Win 7?

I get a window open saying 'Select a Destination and Extract Files' and it has my desktop as the destination so I click extract. I then get and icon appear on my desktop which says 'gmer' and by hovering the mouse over it i can tell it is file version 1.0.15.15530.
When I double click the icon and run the program I do get a prompt from user account control asking if I want to allow this program to make changes to this computer, so I click yes and the program launches.
I get a window just like the one shown in the guide appear, but the only boxes I can tick are 'services', 'registry' and 'files', all the rest are there but greyed out so I can't tick them. I am a bit stuck as to how to proceed from here, any ideas welcome please!

Here is the DDS text log that I generated:


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Flaps at 15:42:49.74 on 25/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4061.2716 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Flaps\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Flaps\AppData\Roaming\Mozilla\Firefox\Profiles\la296cnv.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-11-8 121936]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-11-8 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-11-8 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-8 40384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-12 62208]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-12 240160]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-8 40384]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-10-12 138752]
R3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-3 526320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-4 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-10-12 332272]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-7 1255736]

=============== Created Last 30 ================

2010-11-24 17:28:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-24 17:28:11 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-24 17:07:16 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{1A348275-A922-4C38-9836-EA67C974FF84}\mpengine.dll
2010-11-24 17:00:24 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 17:00:24 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-15 11:47:50 -------- d-----w- C:\Program Files\iTunes
2010-11-13 10:02:02 -------- d-----w- C:\Users\Flaps\AppData\Local\Diagnostics
2010-11-10 15:53:28 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-11-10 15:53:28 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-11-10 15:53:28 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-11-10 14:10:18 -------- d-----w- C:\Program Files\Bonjour
2010-11-08 20:24:10 -------- d-----w- C:\Windows\en
2010-11-08 20:21:18 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-11-08 20:21:18 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-11-08 20:21:17 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-11-08 20:21:17 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-08 20:21:06 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78c899bb1cb7f820a\DSETUP.dll
2010-11-08 20:21:06 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78c899bb1cb7f820a\DXSETUP.exe
2010-11-08 20:21:06 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78c899bb1cb7f820a\dsetup32.dll
2010-11-08 20:21:05 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7784de961cb7f8209\DSETUP.dll
2010-11-08 20:21:05 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7784de961cb7f8209\DXSETUP.exe
2010-11-08 20:21:05 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7784de961cb7f8209\dsetup32.dll
2010-11-08 20:20:25 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-08 20:20:25 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-08 20:20:24 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-08 20:20:24 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-08 20:20:24 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-08 20:20:23 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-08 20:20:23 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-08 20:09:53 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-11-08 20:09:14 38848 ----a-w- C:\Windows\avastSS.scr
2010-11-08 13:16:01 38912 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EP0NPP01.DLL
2010-11-08 12:37:03 -------- d-----w- C:\Users\Flaps\AppData\Local\NOS
2010-11-07 19:24:19 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-07 17:50:06 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2010-11-07 17:44:41 389632 ----a-w- C:\Windows\System32\winlogon.exe
2010-11-07 17:44:41 2870272 ----a-w- C:\Windows\explorer.exe
2010-11-07 17:44:41 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2010-11-07 12:33:31 -------- d-----w- C:\Users\Flaps\AppData\Roaming\Malwarebytes
2010-11-07 12:33:23 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-07 12:33:22 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-07 12:33:21 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-07 12:33:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-07 11:32:19 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-07 11:32:19 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-07 11:32:19 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-07 11:32:19 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-07 11:32:19 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-07 11:32:19 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-07 11:32:19 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-07 11:32:19 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-07 11:32:19 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-07 11:32:19 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-07 11:25:35 -------- d-----w- C:\Windows\SysWow64\Wat
2010-11-07 11:25:35 -------- d-----w- C:\Windows\System32\Wat
2010-11-06 20:29:08 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-11-06 20:29:08 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-11-06 20:26:43 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2010-11-06 20:22:14 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-11-06 20:22:14 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-11-06 20:20:56 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-11-06 20:19:58 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-11-06 20:16:33 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-06 20:16:32 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-11-06 20:16:32 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-06 20:16:32 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-11-06 20:16:32 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-06 20:16:26 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-11-06 11:37:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 11:37:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2010-11-05 17:44:36 -------- d-----w- C:\Users\Flaps\AppData\Local\Sunbelt Software
2010-11-05 17:44:14 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-05 17:44:02 -------- d-----w- C:\Program Files (x86)\Lavasoft
2010-11-05 16:47:14 -------- d-----w- C:\Users\Flaps\Tracing
2010-11-05 16:18:14 -------- d-----w- C:\Users\Flaps\AppData\Roaming\Trusteer
2010-11-05 16:17:33 -------- d-----w- C:\Program Files (x86)\Trusteer
2010-11-05 16:16:08 -------- d-----w- C:\PROGRA~3\Trusteer
2010-11-05 14:06:46 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-11-05 10:42:43 -------- d-----w- C:\Users\Flaps\AppData\Local\Apple Computer
2010-11-05 10:42:12 -------- d-----w- C:\Program Files\iPod
2010-11-05 10:42:11 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-05 10:42:11 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-11-05 10:41:08 -------- d-----w- C:\Users\Flaps\AppData\Local\Apple
2010-11-05 10:40:49 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-11-05 10:31:48 -------- d-----w- C:\Users\Flaps\AppData\Local\Adobe
2010-11-05 10:27:40 -------- d-----w- C:\Users\Flaps\AppData\Local\Mozilla
2010-11-05 10:23:15 -------- d-----w- C:\Users\Flaps\AppData\Local\CyberLink
2010-11-05 10:23:14 -------- d-----w- C:\Users\Flaps\AppData\Local\Acer Arcade Deluxe
2010-11-05 10:23:10 -------- d-----w- C:\Users\Flaps\AppData\Roaming\SoftDMA
2010-11-05 10:23:09 -------- d-----w- C:\Users\Flaps\AppData\Local\PlayMovie
2010-11-05 10:22:56 -------- d-----w- C:\Users\Flaps\AppData\Local\PowerCinema
2010-11-05 10:22:53 -------- d-----w- C:\Users\Flaps\AppData\Roaming\PowerCinema
2010-11-05 10:08:54 -------- d-----w- C:\Users\Flaps\AppData\Local\Windows Live
2010-11-05 10:04:43 -------- d-----w- C:\Users\Flaps\AppData\Local\Microsoft Help
2010-11-05 10:01:00 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-11-05 09:43:41 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-11-05 09:42:30 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-11-05 09:42:28 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-11-05 01:38:45 -------- d-----w- C:\Windows\NAPP_Dism_Log
2010-11-04 19:11:41 -------- d-----w- C:\Users\Flaps\AppData\Local\Google
2010-11-04 18:57:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-11-04 18:57:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-11-04 18:57:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-11-04 18:55:01 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-11-04 18:53:58 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2010-11-04 18:53:03 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-11-04 18:53:03 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-11-04 18:53:03 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-11-04 18:53:03 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-11-04 18:53:02 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-11-04 18:50:56 -------- d-----w- C:\Program Files (x86)\Acer Arcade Deluxe
2010-11-04 18:48:23 -------- d-----w- C:\Windows\Driver Cache
2010-11-04 18:46:53 -------- d---a-w- C:\book
2010-11-04 18:46:50 -------- d-----w- C:\PROGRA~3\McQcModifier-5c47-a7b0
2010-11-04 18:46:49 -------- d-----w- C:\Users\Flaps\AppData\Local\EgisTec
2010-11-04 18:46:12 -------- d-----w- C:\Users\Flaps\AppData\Local\VirtualStore
2010-11-04 18:44:39 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-11-04 18:44:39 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-11-04 18:44:39 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-11-04 18:44:39 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-11-04 18:44:09 -------- d-----w- C:\Program Files\Acer Accessory Store
2010-11-04 18:44:04 -------- d-----w- C:\Program Files (x86)\OEM
2010-11-04 18:01:16 540192 ----a-w- C:\Windows\System32\NVUNINST.EXE
2010-11-04 17:58:20 -------- d-----w- C:\Windows\SysWow64\x64
2010-11-04 17:58:20 -------- d-----w- C:\Windows\SysWow64\Lang
2010-11-04 17:58:19 997912 ----a-w- C:\Windows\SysWow64\igxpun.exe

==================== Find3M ====================

2010-11-04 18:05:41 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2010-09-28 15:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 15:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2010-09-23 00:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 00:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 14:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 14:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 11:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 11:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

============= FINISH: 15:43:32.01 ===============

Also here is the DDS log that I need to attach:

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 25 November 2010 - 05:40 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:32 PM

Posted 27 November 2010 - 10:37 AM

Hi,

Please do the following:


  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


NEXT


Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 flaps604

flaps604
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 27 November 2010 - 11:48 AM

Hi,

thanks for your time. I've done as you said, here's the files:

OTL logfile created on: 27/11/2010 16:40:07 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Flaps\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.00 Gb Total Space | 144.66 Gb Free Space | 64.01% Space Free | Partition Type: NTFS
Drive D: | 226.00 Gb Total Space | 225.48 Gb Free Space | 99.77% Space Free | Partition Type: NTFS

Computer Name: FLAPS-PC | User Name: Flaps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/27 16:33:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Flaps\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/10/12 19:27:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/29 11:31:58 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/09/29 10:51:14 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/09/10 13:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 09:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 07:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/12 22:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/12 21:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/04 05:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/18 03:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2010/11/27 16:33:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Flaps\Desktop\OTL.exe
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/09/10 13:42:00 | 000,268,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\sysenv.dll
MOD - [2009/09/10 13:41:42 | 000,120,104 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
MOD - [2009/07/14 01:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2009/07/14 01:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/14 01:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2009/07/14 01:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2008/11/11 10:16:38 | 000,133,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\xmllite.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/03 23:43:48 | 000,526,320 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/10 13:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 09:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 17:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/12 22:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/07 15:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/07/21 07:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 20:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 01:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 11:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 11:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 11:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/25 20:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 23:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 23:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2010/10/03 23:43:50 | 000,056,816 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)
DRV - [2010/10/03 23:43:48 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17361110ln07974380sj5sy4l1hu52
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/07 20:57:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/24 17:28:11 | 000,000,000 | ---D | M]

[2010/11/07 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Flaps\AppData\Roaming\Mozilla\Extensions
[2010/11/09 15:15:11 | 000,000,000 | ---D | M] -- C:\Users\Flaps\AppData\Roaming\Mozilla\Firefox\Profiles\la296cnv.default\extensions
[2010/11/05 10:27:51 | 000,000,000 | ---D | M] -- C:\Users\Flaps\AppData\Roaming\Mozilla\Firefox\Profiles\notrcesi.default\extensions
[2010/11/25 18:09:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/24 17:28:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/24 17:28:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 16:32:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Flaps\Desktop\OTL.exe
[2010/11/25 18:35:13 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Desktop\Wall Pics
[2010/11/25 15:33:49 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/25 11:41:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/24 17:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/24 17:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/24 17:28:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/24 17:28:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/24 17:28:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/24 17:28:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/24 17:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/11/15 11:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/13 10:02:02 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Diagnostics
[2010/11/10 15:53:28 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/11/10 15:53:28 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/11/10 15:53:28 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/11/10 15:53:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/11/10 15:11:22 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Documents\Share-deal Receipts
[2010/11/10 15:11:16 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Documents\Phone pics
[2010/11/10 15:11:16 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Documents\My Received Files
[2010/11/10 15:11:16 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Documents\My Art
[2010/11/10 15:11:16 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Documents\Letters
[2010/11/10 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Documents\Downloads
[2010/11/10 15:11:01 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Documents\BA Rosters
[2010/11/10 14:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/10 14:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/10 14:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/08 20:24:10 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/08 20:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/08 20:21:18 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/08 20:21:18 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/08 20:21:17 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/08 20:21:17 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/08 20:20:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/11/08 20:20:25 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/11/08 20:20:24 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/11/08 20:20:24 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/11/08 20:20:24 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/11/08 20:20:23 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/11/08 20:20:23 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/11/08 20:09:54 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/11/08 20:09:54 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/11/08 20:09:53 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/11/08 20:09:53 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/11/08 20:09:53 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/11/08 20:09:14 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/11/08 20:09:14 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/08 12:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/11/08 12:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/11/08 12:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/11/08 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\NOS
[2010/11/07 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/11/07 17:44:41 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/11/07 17:44:41 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/11/07 17:44:41 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/11/07 12:33:31 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Malwarebytes
[2010/11/07 12:33:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/07 12:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/07 12:33:21 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/07 12:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/07 11:32:19 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/11/07 11:32:19 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/11/07 11:32:19 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/11/07 11:32:19 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/11/07 11:32:19 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/11/07 11:32:19 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/11/07 11:32:19 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/11/07 11:32:19 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/11/07 11:25:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/11/07 11:25:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/11/06 20:26:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/11/06 20:21:57 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/11/06 20:21:56 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/11/06 20:21:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/11/06 20:21:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/11/06 20:21:52 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/11/06 20:21:47 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/11/06 20:21:41 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/11/06 20:21:41 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/11/06 20:21:36 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/11/06 20:21:36 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/11/06 20:21:36 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/11/06 20:21:36 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/11/06 20:21:36 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/11/06 20:21:36 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/11/06 20:21:35 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/11/06 20:21:35 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/11/06 20:21:35 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/11/06 20:21:35 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/11/06 20:21:35 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/11/06 20:21:35 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/11/06 20:21:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/11/06 20:21:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/11/06 20:21:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/11/06 20:21:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/11/06 20:21:14 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/11/06 20:21:14 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/11/06 20:21:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/11/06 20:21:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/11/06 20:21:13 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/11/06 20:21:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/11/06 20:21:13 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/11/06 20:21:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/11/06 20:21:13 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/11/06 20:21:07 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/11/06 20:21:06 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/11/06 20:21:06 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/11/06 20:20:56 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/11/06 20:20:54 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/11/06 20:20:51 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/11/06 20:20:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/11/06 20:20:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/11/06 20:20:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/11/06 20:20:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/11/06 20:20:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/11/06 20:20:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/11/06 20:20:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/11/06 20:20:06 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/11/06 20:20:04 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/11/06 20:19:58 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/11/06 20:19:58 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/11/06 20:19:57 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/11/06 20:19:57 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/11/06 20:19:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/11/06 20:19:57 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/11/06 20:19:51 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/11/06 20:19:50 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/11/06 20:19:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/11/06 20:19:48 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/11/06 20:19:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/11/06 20:19:44 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/11/06 20:19:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/11/06 20:19:30 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/11/06 20:19:30 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/11/06 20:19:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/11/06 20:19:30 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/11/06 20:19:30 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/11/06 20:19:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/11/06 20:19:19 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/11/06 20:19:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/11/06 20:19:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/11/06 20:19:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/06 20:19:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/11/06 20:19:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/11/06 20:19:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/11/06 20:19:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/11/06 20:19:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/11/06 20:19:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/11/06 20:19:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/11/06 20:19:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/11/06 20:19:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/11/06 20:19:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/11/06 20:19:12 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/11/06 20:19:11 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/11/06 20:19:10 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/11/06 20:19:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/11/06 20:16:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/11/05 17:44:36 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Sunbelt Software
[2010/11/05 17:44:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/05 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/11/05 17:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/11/05 16:48:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/05 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\Flaps\Tracing
[2010/11/05 16:18:14 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Trusteer
[2010/11/05 16:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2010/11/05 16:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2010/11/05 14:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/11/05 10:42:43 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Apple Computer
[2010/11/05 10:42:43 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Apple Computer
[2010/11/05 10:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/05 10:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/05 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/11/05 10:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/11/05 10:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/05 10:41:08 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Apple
[2010/11/05 10:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/11/05 10:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/11/05 10:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/11/05 10:31:48 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Adobe
[2010/11/05 10:27:40 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Mozilla
[2010/11/05 10:27:40 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Mozilla
[2010/11/05 10:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/05 10:23:15 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\CyberLink
[2010/11/05 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Acer Arcade Deluxe
[2010/11/05 10:23:10 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\SoftDMA
[2010/11/05 10:23:09 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\PlayMovie
[2010/11/05 10:22:58 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\CyberLink
[2010/11/05 10:22:56 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\PowerCinema
[2010/11/05 10:22:53 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\PowerCinema
[2010/11/05 10:08:54 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Windows Live
[2010/11/05 10:04:43 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Microsoft Help
[2010/11/05 10:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/11/05 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/05 09:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/05 09:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/05 01:38:45 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2010/11/04 19:11:44 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Adobe
[2010/11/04 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Google
[2010/11/04 19:11:41 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Google
[2010/11/04 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver
[2010/11/04 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Macromedia
[2010/11/04 18:57:24 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/11/04 18:57:24 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/11/04 18:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/11/04 18:56:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/11/04 18:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/11/04 18:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/11/04 18:53:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2010/11/04 18:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2010/11/04 18:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe
[2010/11/04 18:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/11/04 18:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/11/04 18:48:23 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache
[2010/11/04 18:46:53 | 000,000,000 | ---D | C] -- C:\book
[2010/11/04 18:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McQcModifier-5c47-a7b0
[2010/11/04 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\EgisTec
[2010/11/04 18:46:25 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Searches
[2010/11/04 18:46:17 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Identities
[2010/11/04 18:46:14 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Contacts
[2010/11/04 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\VirtualStore
[2010/11/04 18:44:40 | 000,000,000 | -H-D | C] -- C:\Users\Flaps\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/04 18:44:39 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/11/04 18:44:39 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/11/04 18:44:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/11/04 18:44:39 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/11/04 18:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store
[2010/11/04 18:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2010/11/04 18:43:34 | 000,000,000 | --SD | C] -- C:\Users\Flaps\AppData\Roaming\Microsoft
[2010/11/04 18:43:34 | 000,000,000 | RHSD | C] -- C:\Users\Flaps\Documents\My Videos
[2010/11/04 18:43:34 | 000,000,000 | RHSD | C] -- C:\Users\Flaps\Documents\My Pictures
[2010/11/04 18:43:34 | 000,000,000 | RHSD | C] -- C:\Users\Flaps\Documents\My Music
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Videos
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Saved Games
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Pictures
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Music
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Links
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Favorites
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Downloads
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\My Documents
[2010/11/04 18:43:34 | 000,000,000 | R--D | C] -- C:\Users\Flaps\Desktop
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\AppData\Local\Temporary Internet Files
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\Templates
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\Start Menu
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\SendTo
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\Recent
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\PrintHood
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\NetHood
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\My Documents
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\Local Settings
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\AppData\Local\History
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\Cookies
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\Application Data
[2010/11/04 18:43:34 | 000,000,000 | -HSD | C] -- C:\Users\Flaps\AppData\Local\Application Data
[2010/11/04 18:43:34 | 000,000,000 | -H-D | C] -- C:\Users\Flaps\AppData
[2010/11/04 18:43:34 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Temp
[2010/11/04 18:43:34 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Local\Microsoft
[2010/11/04 18:43:34 | 000,000,000 | ---D | C] -- C:\Users\Flaps\AppData\Roaming\Media Center Programs
[2010/11/04 18:43:22 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/11/04 18:07:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/04 18:01:16 | 000,540,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2010/11/04 17:58:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/11/04 17:58:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2010/11/04 17:58:19 | 000,997,912 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2010/11/04 17:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/11/04 17:54:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2009/10/12 19:11:41 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2010/11/27 16:35:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 16:35:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 16:33:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Flaps\Desktop\OTL.exe
[2010/11/27 16:33:02 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/27 16:33:02 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/27 16:33:02 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/27 16:27:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 16:27:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/27 16:26:57 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/26 17:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/26 16:58:28 | 326,356,466 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/25 16:00:18 | 000,296,448 | ---- | M] () -- C:\Users\Flaps\Desktop\gmer.exe
[2010/11/25 15:59:39 | 000,288,107 | ---- | M] () -- C:\Users\Flaps\Desktop\gmer.zip
[2010/11/25 15:41:36 | 000,000,000 | ---- | M] () -- C:\Users\Flaps\defogger_reenable
[2010/11/24 17:28:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/24 17:28:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/24 17:28:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/24 17:28:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/20 19:32:01 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/15 12:02:32 | 000,028,655 | ---- | M] () -- C:\Users\Flaps\AppData\Roaming\UserTile.png
[2010/11/15 11:48:12 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/10 14:11:14 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/08 20:09:54 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/08 20:09:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/11/07 20:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Flaps\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 20:57:49 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/07 17:50:21 | 000,001,011 | ---- | M] () -- C:\Users\Flaps\Desktop\SpywareBlaster.lnk
[2010/11/07 13:04:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/07 12:33:26 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 11:30:33 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/11/07 11:26:59 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/06 20:29:06 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/11/06 19:53:26 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2010/11/05 09:42:28 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/05 01:38:45 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2010/11/04 19:11:36 | 000,001,445 | ---- | M] () -- C:\Users\Flaps\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/04 18:47:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/11/04 18:44:10 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Acer Accessory Store.lnk
[2010/11/04 18:44:04 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/11/04 18:43:51 | 000,015,100 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2010/11/04 18:42:40 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/11/04 18:42:40 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/11/04 18:05:41 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd

========== Files Created - No Company Name ==========

[2010/11/25 15:59:38 | 000,288,107 | ---- | C] () -- C:\Users\Flaps\Desktop\gmer.zip
[2010/11/25 15:41:36 | 000,000,000 | ---- | C] () -- C:\Users\Flaps\defogger_reenable
[2010/11/15 11:48:12 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/10 17:06:54 | 000,028,655 | ---- | C] () -- C:\Users\Flaps\AppData\Roaming\UserTile.png
[2010/11/10 15:11:22 | 000,219,136 | ---- | C] () -- C:\Users\Flaps\Documents\House Info.xls
[2010/11/10 14:11:14 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/08 20:09:54 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/08 20:09:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/11/08 12:55:00 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/08 10:32:38 | 000,296,448 | ---- | C] () -- C:\Users\Flaps\Desktop\gmer.exe
[2010/11/07 20:57:49 | 000,001,971 | ---- | C] () -- C:\Users\Flaps\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 20:57:49 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/07 17:50:21 | 000,001,011 | ---- | C] () -- C:\Users\Flaps\Desktop\SpywareBlaster.lnk
[2010/11/07 13:04:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/07 12:33:26 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 11:30:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/06 20:29:06 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/11/06 19:53:26 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2010/11/05 09:42:28 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/05 01:39:49 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2010/11/04 19:14:25 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/04 19:14:23 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/04 19:11:36 | 000,001,445 | ---- | C] () -- C:\Users\Flaps\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/04 18:50:52 | 000,008,403 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2010/11/04 18:47:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/11/04 18:44:10 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Acer Accessory Store.lnk
[2010/11/04 18:44:04 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/11/04 18:43:51 | 000,015,100 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2010/11/04 18:43:34 | 000,000,290 | ---- | C] () -- C:\Users\Flaps\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/04 18:43:34 | 000,000,272 | ---- | C] () -- C:\Users\Flaps\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/04 18:07:22 | 326,356,466 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/04 17:54:33 | 3193,835,520 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/12 19:11:20 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >



OTL Extras logfile created on: 27/11/2010 16:40:07 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Flaps\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.00 Gb Total Space | 144.66 Gb Free Space | 64.01% Space Free | Partition Type: NTFS
Drive D: | 226.00 Gb Total Space | 225.48 Gb Free Space | 99.77% Space Free | Partition Type: NTFS

Computer Name: FLAPS-PC | User Name: Flaps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{ffe145b4-041a-4060-b002-1a042eceb196}" = Nero 9 Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Rapport_msi" = Rapport
"SpywareBlaster_is1" = SpywareBlaster 4.4
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2010 07:48:29 | Computer Name = Flaps-PC | Source = Bonjour Service | ID = 100
Description = 472: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 07:48:29 | Computer Name = Flaps-PC | Source = Bonjour Service | ID = 100
Description = 356: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 07:48:29 | Computer Name = Flaps-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 07:48:29 | Computer Name = Flaps-PC | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/11/2010 07:21:13 | Computer Name = Flaps-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 13/11/2010 06:14:52 | Computer Name = Flaps-PC | Source = System Restore | ID = 8210
Description =

Error - 15/11/2010 07:45:55 | Computer Name = Flaps-PC | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 15/11/2010 07:45:55 | Computer Name = Flaps-PC | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 15/11/2010 07:45:55 | Computer Name = Flaps-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 15/11/2010 07:46:12 | Computer Name = Flaps-PC | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 19/11/2010 08:42:20 | Computer Name = Flaps-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 19/11/2010 08:42:20 | Computer Name = Flaps-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 19/11/2010 08:42:20 | Computer Name = Flaps-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 19/11/2010 08:47:27 | Computer Name = FLAPS-PC | Source = BugCheck | ID = 1001
Description =

Error - 20/11/2010 11:53:43 | Computer Name = Flaps-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 20/11/2010 13:16:15 | Computer Name = Flaps-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 21/11/2010 08:22:45 | Computer Name = Flaps-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 22/11/2010 07:41:12 | Computer Name = FLAPS-PC | Source = BugCheck | ID = 1001
Description =

Error - 25/11/2010 08:36:23 | Computer Name = Flaps-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 25/11/2010 11:06:52 | Computer Name = Flaps-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:36:01 on ?25/?11/?2010 was unexpected.


< End of report >



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: AMI
System Manufacturer: Acer
System Product Name: Aspire X3810
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 154):
0x02C15000 \SystemRoot\system32\ntoskrnl.exe
0x031F1000 \SystemRoot\system32\hal.dll
0x00B9D000 \SystemRoot\system32\kdcom.dll
0x00CBF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D03000 \SystemRoot\system32\PSHED.dll
0x00D17000 \SystemRoot\system32\CLFS.SYS
0x00EB2000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F72000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F81000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FD8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D75000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FEB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00DA8000 \SystemRoot\System32\drivers\partmgr.sys
0x00DBD000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01049000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01165000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0116E000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01198000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x011A3000 \SystemRoot\system32\drivers\fltmgr.sys
0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
0x01220000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01494000 \SystemRoot\System32\Drivers\msrpc.sys
0x014F2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0150C000 \SystemRoot\System32\Drivers\cng.sys
0x0157F000 \SystemRoot\System32\drivers\pcw.sys
0x01590000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C2000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x017B4000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
0x0159A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01693000 \SystemRoot\System32\Drivers\mup.sys
0x016A5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01450000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02B8B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02BB5000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02BE2000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x02BEB000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x02A00000 \SystemRoot\System32\Drivers\Null.SYS
0x02A09000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A10000 \SystemRoot\System32\drivers\vga.sys
0x02A1E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A43000 \SystemRoot\System32\drivers\watchdog.sys
0x02A53000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01480000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01489000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015D4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015DF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03800000 \SystemRoot\System32\drivers\tcpip.sys
0x03A02000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03A4C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03A6A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A77000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03A87000 \SystemRoot\system32\drivers\afd.sys
0x03B11000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03B1B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B60000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B69000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B8F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B9E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BB9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CEF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D40000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x03D53000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D5F000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x03D72000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x03D7A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D85000 \SystemRoot\System32\drivers\discache.sys
0x03D94000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DB2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DC3000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0468F000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03EA8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03F9C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E00000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
0x03E49000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04D91000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04600000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03E8B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03E9A000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x0463E000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x04646000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04653000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0465C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0466C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03C3C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04682000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C60000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03C8F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03CAA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03CCB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DE7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03EA2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00C76000 \SystemRoot\system32\DRIVERS\ks.sys
0x03DE6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04E9F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04EF9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0542A000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04F0E000 \SystemRoot\system32\drivers\portcls.sys
0x05400000 \SystemRoot\system32\drivers\drmk.sys
0x05422000 \SystemRoot\system32\drivers\ksthunk.sys
0x04F4B000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x04F72000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05428000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x055E8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04F8F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04FA8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04FB6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04FC3000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x04FCC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04FE7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02A5C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04E00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x04E13000 \SystemRoot\System32\drivers\Dxapi.sys
0x04E1F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x04E2D000 \SystemRoot\system32\drivers\luafv.sys
0x04E50000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x04E8A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x03BCD000 \SystemRoot\system32\drivers\WudfPf.sys
0x03FE2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x013C3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02605000 \SystemRoot\system32\drivers\HTTP.sys
0x026CD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x026EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02703000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02730000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0277E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0623E000 \SystemRoot\system32\drivers\peauth.sys
0x062E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x062EF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0631C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0632E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A3F000 \SystemRoot\System32\DRIVERS\srv.sys
0x06AD5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06B77000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x76DB0000 \Windows\System32\ntdll.dll
0x47FC0000 \Windows\System32\smss.exe
0xFF0D0000 \Windows\System32\apisetschema.dll
0xFF3D0000 \Windows\System32\autochk.exe

Processes (total 76):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
480 csrss.exe
520 C:\Windows\System32\wininit.exe
540 csrss.exe
616 C:\Windows\System32\services.exe
624 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
996 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
384 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
916 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\svchost.exe
1508 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1740 C:\Windows\System32\spoolsv.exe
1780 C:\Windows\System32\svchost.exe
1900 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1952 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1988 C:\Windows\System32\svchost.exe
1080 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1244 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1056 C:\Windows\System32\taskhost.exe
2080 C:\Windows\System32\dwm.exe
2088 C:\Windows\explorer.exe
2348 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2384 C:\Windows\System32\svchost.exe
2424 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2452 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
2480 C:\Windows\System32\igfxtray.exe
2520 C:\Windows\System32\hkcmd.exe
2528 C:\Windows\System32\igfxpers.exe
2536 C:\Program Files\Microsoft Security Essentials\msseces.exe
2544 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2812 C:\Windows\System32\igfxsrvc.exe
2916 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2464 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2508 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2416 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2624 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
2408 C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
1412 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
476 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
2728 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
3080 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3096 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3104 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3396 C:\Windows\System32\SearchIndexer.exe
3800 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
4084 C:\Windows\System32\svchost.exe
3424 C:\Program Files\iPod\bin\iPodService.exe
3784 WUDFHost.exe
4144 C:\Windows\System32\svchost.exe
4444 C:\Program Files\Windows Media Player\wmpnetwk.exe
5096 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
4176 dllhost.exe
3940 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
4072 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
3548 C:\Windows\servicing\TrustedInstaller.exe
2332 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2112 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
3032 C:\Windows\System32\taskeng.exe
2100 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1340 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3744 C:\Windows\System32\audiodg.exe
4928 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4136 C:\Windows\SysWOW64\ctfmon.exe
2780 dllhost.exe
4104 dllhost.exe
4384 C:\Users\Flaps\Desktop\MBRCheck.exe
4520 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`71500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`f1000000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC44

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:32 PM

Posted 27 November 2010 - 12:08 PM

Hi

Please do the following:

Re-run MBRCheck again.
When prompted, enter Y
Then enter 1 to dump the MBR to physical disk
Name the dumped file as Dump.dat

Enter -1 to exit

A log file named "dump.dat" will be located in the same folder as MBRCheck was saved, please zip it up and attach it in your next reply, as well upload it to Virus total for analysis


Please do the following:


submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file locate the path to the zipped dump.dat and click on it
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 flaps604

flaps604
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 27 November 2010 - 12:37 PM

Hi,

ok I'm getting this a bit wrong somewhere I think.

I open up MBRCheck and re-run it and I get a prompt saying:

"Enter 'Y' and hit enter for more options, or 'N' to exit:" so I input "y" and hit enter.

It then generates a list of options:

"[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit." so I input "1" and hit enter.

It then says:

"Enter the physical disk number to dump (0-99, -1 to exit):"
What should I enter here?

#6 flaps604

flaps604
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 27 November 2010 - 12:39 PM

Also, how do I zip up the Dump.dat file when I do get it to work?

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:32 PM

Posted 27 November 2010 - 02:31 PM

Hi

"Enter the physical disk number to dump (0-99, -1 to exit):"


Enter "0"

Right click Dump.dat > send to "compressed (zipped) folder"

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 flaps604

flaps604
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 27 November 2010 - 05:21 PM

Ok, that worked a treat, so the zipped up file is attached.

I also uploaded the file to virustotal and here is the link to the result:

http://www.virustotal.com/file-scan/report.html?id=208544b2b28c20b38bab54c3f6ba38244a5a526bf3c8e85f6b1c46180960e503-1290896341

Attached Files

  • Attached File  Dump.zip   597bytes   1 downloads


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:32 PM

Posted 27 November 2010 - 06:33 PM

Verify that you can access the Recovery Environment

To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.

If the option Repair your computer is available, select it.

Select a language, a keyboard or an input method, and then click Next

It will ask for a password > if you have one > enter it now, or just hit OK if you don't have one.

(If Recovery Environment is not preinstalled, you will need to insert your installation DVD and restart, then press any key when prompted to boot from the CD.

At the Install Windows screen, select Repair your computer
)


In the System Recovery Options dialog box, click Command Prompt

Type bootrec /fixmbr and then press ENTER

You should see "The operation completed successfully"


Type EXIT at the command prompt, then select the RESTART button to reboot your system normally.

Edited by CatByte, 28 November 2010 - 12:13 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 flaps604

flaps604
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 28 November 2010 - 06:21 AM

Hi,

Ok, followed all the steps through with no problem up until the last step, the final restart.

I clicked restart and it put me into some sort of a boot menu and gave me two options.
I could either restart in some sort of startup recovery/ repair mode or start normally.
I selected start normally, so the computer began restarting and got as far as the four coloured balls flying in at the start of the Win 7 start up and then crashed!
It then took me back to the same menu with the two options, so I tried start normally again, same thing happened.
So I am now down to the trusty iPhone to communicate with you!

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:32 PM

Posted 28 November 2010 - 10:26 AM

Please disregard this post - move on to the next

Edited by CatByte, 28 November 2010 - 12:14 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:32 PM

Posted 28 November 2010 - 12:06 PM

Hi

I was discussing this matter with a colleague and it appears the type of infection you had leaves leftovers in a part of the boot sequence data causing the machine not to boot

full credit to GMER and noahdfear for the fix:

Please do the following:


Please start your system and tap F10 repeatedly, you should be taken to the "Edit Boot Options" screen.

You should see the following:

Edit Windows boot options for: Windows 7

Path: \Windows\System32\winload.exe

Partition: 1
Hard Disk: {Some random looking numbers}

[ /NOEXECUTE=OPTIN /MININT [] ]



This is what you should have:

[ /NOEXECUTE=OPTIN] without the /MININT []


so please delete the /MININT [] part from that entry (make sure the brackets are left around the entry)



(Note: If there is anything there other than /MININT [] please let me know before doing anything else)



Reboot the machine - It should start normally now - then do the following:


Start > type CMD > Right click the CMD program and select "Run as Administrator"

Then please copy/paste the below command into the command prompt window and hit enter:

bcdedit /set {current} winpe no


reboot ( the OS should start as usual)

now do the following:

Start > type CMD > Right click the CMD program and select "Run as Administrator"

Then please copy/paste the below command to the command prompt window and hit enter:


bcdedit /deletevalue {current} winpe



Reboot, things should be back to normal now:

Let me know how that goes

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 flaps604

flaps604
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 29 November 2010 - 06:45 AM

Hi,

Ok, got into the boot menu and it was exactly as you described, so followed those steps through and deleted the /MININT[] part, hit return and the computer booted just fine.
I logged on, opened the command prompt as described and input "bcdedit /set {current} winpe no" and hit return and got the following:

An unknown command was specified
Run "bcdedit/?" for command line assistance

So I restarted the computer and now it's gone back to it's old trick of putting me into some sort of a boot menu where I can either choose to start normally or start in recovery mode.
I tried start normally, but it's gone back to doing the same thing of trying to boot, getting the four coloured balls come flying in and then crashing. So I restarted again and did the F10 thing again and the stuff I deleted (/MININT) has returned!

If it's any help here us a precise description of what I see when I press F10 and go into the boot menu:

Edit Boot Options

Edit windows boot options for : windows 7

Path: \windows\system32\winload.exe

Partition: 3
Hard disk: dad9c6f5

[ /NOEXECUTE=OPTIN /MININT ]

And that's it, so not sure if that'll give you any clues!

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:32 PM

Posted 29 November 2010 - 06:51 AM

Hi

Please boot back into the Edit Boot Options menu and delete the /MININT []

Now boot normally and execute only the first command

Start > type CMD > Right click the CMD program and select "Run as Administrator"

Then please copy/paste the below command into the command prompt window and hit enter:

bcdedit /set {current} winpe no


reboot ( the OS should start as usual)

Let me know if you still receive the same error


make careful note of the spaces bcdedit[space]/set[space]{current}[space]winpe[space]no

Edited by CatByte, 29 November 2010 - 06:57 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 flaps604

flaps604
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 29 November 2010 - 07:02 AM

Done! Wooooooohhhhhhhhhhhhoooooooooooooo!

Thanks ever so much, booted fine and have logged on, seems to be working.

Is there anything else I need to do? I want to make quite sure that I it is all gone as I we use this computer for things like internet banking and the like, so I want to make sure we're safe and no-one will be stealing confidential info!

Do you have any suggestions for software that will help prevent this from happening again? I am currently running Microsoft Security Essentials and Avast free edition.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users