Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vista update failure\Google redirect


  • This topic is locked This topic is locked
32 replies to this topic

#1 dlb4210

dlb4210

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 February 2011 - 03:49 AM

Okay I am running windows (Vista Home Prem oem act acer incorporated) On my acer Aspire M5640. I am having problems running ie and windows update! I ran maleware bytes untill nothing was found! also ran cc cleaner, Norton 2008 is installed and up to date its the trial that came with the computer. I have reformated drive D nothing is on it! I scanned everything in c drive found nothing that looked like maleware or spyware, but im no good with windows vista! I do not have the recovery disk with this computer I think I can get one from Acer if one is needed. However I did run the recovery with alt and f12 I think it was f12 anyway I still have the same problems even after three reinstalls of vista home useing the Alt F12 method. If I were to reformat drive C i would lose the ability to recover vista Yes or No please let me know that would be easier in my book but It's probably not that simple. I hope this is enough info for u to help fix my problem! Thanks

DDS (Ver_10-12-12.02) - NTFSx86
Run by Nation Family Pc at 1:49:52.79 on Sat 02/26/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2815.1923 [GMT -6:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nation Family Pc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Apanel] c:\acersw\config\SetApanel.cmd
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

============= SERVICES / DRIVERS ===============

R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [2007-12-14 132120]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20110215.001\IDSvix86.sys [2011-2-22 287792]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-2-5 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2007-12-30 21752]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2007-12-30 54520]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2007-12-30 136440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-25 102448]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-5 1251720]

=============== Created Last 30 ================

2011-02-20 17:18:10 187392 ----a-w- c:\windows\Acer(Normal).scr
2011-02-20 17:18:09 187392 ----a-w- c:\windows\Acer(Wide).scr
2011-02-20 17:18:09 -------- d-----w- c:\windows\Acer_Wide
2011-02-20 17:18:09 -------- d-----w- c:\program files\Acer Inc
2011-02-20 17:18:06 -------- d-----w- c:\windows\Acer_Normal
2011-02-20 02:46:57 -------- d-----w- c:\users\nation~1\appdata\roaming\Acer
2011-02-20 02:31:22 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-02-20 02:31:22 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2011-02-20 02:31:22 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2011-02-20 02:31:22 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-02-20 02:30:49 -------- d-----w- c:\program files\ATI
2011-02-20 02:30:19 -------- d-----w- c:\program files\Acer Assist
2011-02-20 02:30:18 -------- d-----w- c:\program files\Acer Registration
2011-02-20 02:30:05 -------- d-----w- c:\users\nation~1\appdata\roaming\Symantec
2011-02-19 16:56:11 55808 ----a-w- c:\windows\devcon.exe
2011-02-19 15:02:40 -------- d-----w- c:\program files\Motorola

==================== Find3M ====================

2011-02-19 16:56:11 1699 ----a-w- c:\windows\CLEANUP.CMD

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: ST325031 rev.3.AA -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87AB4555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87aba7b0]; MOV EAX, [0x87aba82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81CFCFEF] -> \Device\Harddisk0\DR0[0x87515AC8]
3 CLASSPNP[0x8239A745] -> ntkrnlpa!IofCallDriver[0x81CFCFEF] -> [0x86BB4700]
5 acpi[0x822946A0] -> ntkrnlpa!IofCallDriver[0x81CFCFEF] -> [0x85DD6B88]
\Driver\nvstor32[0x8781ECD8] -> IRP_MJ_CREATE -> 0x87AB4555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
detected disk devices:
\Device\00000062 -> \??\SCSI#Disk&Ven_ST325031&Prod_0AS#4&28799283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 1:50:49.82 ===============

Attached Files


Edited by Orange Blossom, 26 February 2011 - 07:35 PM.
Removed BB code for readability. ~ OB


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:26 AM

Posted 02 March 2011 - 10:09 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:



Please be sure to include an update on how your computer is currently running.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 dlb4210

dlb4210
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 March 2011 - 02:21 PM

Thanks ST, I am failry good with computers But I cant stand working in Vista! This my aunts cp and I done all that I have ever done with xp that I know and still no luck. So I apperciate your time. I am running tdsskiller as i type lol.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:26 AM

Posted 02 March 2011 - 02:25 PM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 dlb4210

dlb4210
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 March 2011 - 02:33 PM

2011/03/02 13:14:02.0596 4416 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/02 13:14:04.0608 4416 ================================================================================
2011/03/02 13:14:04.0608 4416 SystemInfo:
2011/03/02 13:14:04.0608 4416
2011/03/02 13:14:04.0608 4416 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/02 13:14:04.0608 4416 Product type: Workstation
2011/03/02 13:14:04.0608 4416 ComputerName: NATIONFAMILY-PC
2011/03/02 13:14:04.0624 4416 UserName: Nation Family Pc
2011/03/02 13:14:04.0624 4416 Windows directory: C:\Windows
2011/03/02 13:14:04.0624 4416 System windows directory: C:\Windows
2011/03/02 13:14:04.0624 4416 Processor architecture: Intel x86
2011/03/02 13:14:04.0624 4416 Number of processors: 2
2011/03/02 13:14:04.0624 4416 Page size: 0x1000
2011/03/02 13:14:04.0624 4416 Boot type: Normal boot
2011/03/02 13:14:04.0624 4416 ================================================================================
2011/03/02 13:14:05.0060 4416 Initialize success
2011/03/02 13:14:11.0129 4576 ================================================================================
2011/03/02 13:14:11.0129 4576 Scan started
2011/03/02 13:14:11.0129 4576 Mode: Manual;
2011/03/02 13:14:11.0129 4576 ================================================================================
2011/03/02 13:14:12.0470 4576 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/02 13:14:13.0531 4576 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/02 13:14:14.0951 4576 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/02 13:14:18.0242 4576 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/02 13:14:21.0830 4576 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/02 13:14:25.0278 4576 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/02 13:14:27.0821 4576 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/02 13:14:30.0254 4576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/02 13:14:33.0437 4576 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/02 13:14:35.0870 4576 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/02 13:14:38.0023 4576 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/02 13:14:40.0457 4576 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/02 13:14:43.0218 4576 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/02 13:14:46.0853 4576 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/02 13:14:50.0238 4576 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/02 13:14:53.0514 4576 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/02 13:14:56.0353 4576 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/02 13:14:58.0927 4576 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/02 13:15:01.0673 4576 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/02 13:15:03.0904 4576 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/02 13:15:06.0758 4576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/02 13:15:08.0864 4576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/02 13:15:11.0329 4576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/02 13:15:13.0919 4576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/02 13:15:16.0540 4576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/02 13:15:18.0926 4576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/02 13:15:21.0688 4576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/02 13:15:24.0355 4576 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/02 13:15:26.0851 4576 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/02 13:15:29.0191 4576 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/02 13:15:31.0157 4576 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/02 13:15:33.0200 4576 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/02 13:15:35.0556 4576 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
2011/03/02 13:15:37.0553 4576 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/03/02 13:15:40.0189 4576 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\Windows\system32\drivers\CO_Mon.sys
2011/03/02 13:15:42.0935 4576 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/02 13:15:45.0790 4576 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/02 13:15:48.0644 4576 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/02 13:15:50.0750 4576 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/02 13:15:51.0811 4576 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/02 13:15:52.0856 4576 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/02 13:15:53.0902 4576 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/02 13:15:55.0196 4576 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/02 13:15:55.0415 4576 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/02 13:15:57.0692 4576 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/02 13:16:00.0220 4576 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/02 13:16:02.0622 4576 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/02 13:16:05.0258 4576 FAMv4 (4a1ac7c62a01a0127307f3538fc48fab) C:\Windows\system32\DRIVERS\FAMv4.sys
2011/03/02 13:16:07.0832 4576 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/02 13:16:10.0687 4576 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/02 13:16:13.0511 4576 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/02 13:16:16.0631 4576 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/02 13:16:19.0205 4576 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/02 13:16:21.0950 4576 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/02 13:16:24.0774 4576 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/02 13:16:27.0488 4576 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/02 13:16:29.0719 4576 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/02 13:16:32.0293 4576 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/02 13:16:34.0820 4576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/02 13:16:38.0268 4576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/02 13:16:39.0750 4576 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/02 13:16:42.0340 4576 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/02 13:16:45.0210 4576 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/03/02 13:16:47.0940 4576 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/02 13:16:51.0091 4576 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/02 13:16:54.0211 4576 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
2011/03/02 13:16:57.0409 4576 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/02 13:16:57.0565 4576 IDSvix86 (b147ccf3b7a42b64af8ec0520b4b15e3) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20110215.001\IDSvix86.sys
2011/03/02 13:17:00.0139 4576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/02 13:17:00.0358 4576 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/03/02 13:17:03.0556 4576 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/02 13:17:06.0192 4576 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/02 13:17:09.0265 4576 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/02 13:17:12.0058 4576 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/02 13:17:18.0563 4576 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/02 13:17:20.0606 4576 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/02 13:17:21.0714 4576 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/02 13:17:22.0822 4576 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/02 13:17:23.0882 4576 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/02 13:17:25.0162 4576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/02 13:17:26.0363 4576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/02 13:17:27.0455 4576 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/02 13:17:28.0500 4576 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/02 13:17:29.0623 4576 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/02 13:17:30.0918 4576 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/02 13:17:32.0072 4576 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/02 13:17:33.0133 4576 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/02 13:17:34.0241 4576 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/02 13:17:35.0426 4576 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/02 13:17:36.0487 4576 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/02 13:17:37.0579 4576 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/02 13:17:38.0718 4576 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/02 13:17:39.0779 4576 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/03/02 13:17:40.0933 4576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/02 13:17:42.0041 4576 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/02 13:17:43.0492 4576 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/02 13:17:44.0552 4576 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/02 13:17:45.0644 4576 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/02 13:17:46.0705 4576 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/02 13:17:47.0828 4576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/02 13:17:48.0983 4576 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/02 13:17:50.0044 4576 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/02 13:17:51.0151 4576 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/02 13:17:52.0212 4576 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/02 13:17:53.0288 4576 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/02 13:17:54.0396 4576 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/02 13:17:55.0628 4576 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/02 13:17:56.0705 4576 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/02 13:17:58.0140 4576 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/02 13:17:59.0404 4576 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/02 13:18:00.0558 4576 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/02 13:18:01.0619 4576 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/02 13:18:02.0742 4576 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/02 13:18:03.0803 4576 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/02 13:18:04.0848 4576 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/02 13:18:06.0034 4576 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/02 13:18:06.0158 4576 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110225.018\NAVENG.SYS
2011/03/02 13:18:06.0236 4576 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110225.018\NAVEX15.SYS
2011/03/02 13:18:07.0375 4576 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/02 13:18:08.0436 4576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/02 13:18:09.0528 4576 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/02 13:18:10.0604 4576 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/02 13:18:11.0650 4576 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/02 13:18:12.0835 4576 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/02 13:18:13.0880 4576 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/02 13:18:14.0988 4576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/02 13:18:16.0064 4576 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/02 13:18:17.0219 4576 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/02 13:18:18.0654 4576 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/02 13:18:19.0684 4576 NTIDrvr (0a24ff62b9129096b5d8a0cf1c2be000) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/03/02 13:18:20.0713 4576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/02 13:18:21.0790 4576 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/02 13:18:22.0850 4576 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/03/02 13:18:24.0083 4576 nvlddmkm (23c24fdbc46b61a828db3779a808a68b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/02 13:18:25.0175 4576 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/02 13:18:26.0298 4576 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
2011/03/02 13:18:27.0328 4576 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/03/02 13:18:28.0342 4576 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/02 13:18:29.0371 4576 nvstor32 (689a2160b851f8bf88f20728fd2f30bd) C:\Windows\system32\drivers\nvstor32.sys
2011/03/02 13:18:30.0385 4576 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/02 13:18:33.0614 4576 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/02 13:18:34.0675 4576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/02 13:18:35.0752 4576 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/02 13:18:36.0937 4576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/02 13:18:37.0982 4576 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/02 13:18:38.0981 4576 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/02 13:18:39.0995 4576 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/02 13:18:41.0087 4576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/02 13:18:42.0210 4576 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/02 13:18:43.0224 4576 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/02 13:18:44.0238 4576 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/02 13:18:45.0252 4576 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/03/02 13:18:46.0282 4576 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/03/02 13:18:47.0296 4576 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/03/02 13:18:48.0341 4576 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/02 13:18:49.0386 4576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/02 13:18:50.0431 4576 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/02 13:18:51.0461 4576 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/02 13:18:52.0506 4576 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/02 13:18:53.0536 4576 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/02 13:18:54.0581 4576 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/02 13:18:55.0642 4576 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/02 13:18:56.0656 4576 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/02 13:18:57.0701 4576 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/02 13:18:58.0715 4576 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/02 13:18:59.0744 4576 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/02 13:19:00.0836 4576 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/02 13:19:01.0850 4576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/02 13:19:02.0911 4576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/02 13:19:03.0941 4576 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/02 13:19:05.0002 4576 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/03/02 13:19:06.0016 4576 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/02 13:19:07.0076 4576 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/02 13:19:08.0090 4576 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/02 13:19:09.0120 4576 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/02 13:19:10.0134 4576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/02 13:19:11.0257 4576 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/02 13:19:12.0271 4576 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/02 13:19:13.0285 4576 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/02 13:19:14.0330 4576 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/02 13:19:15.0407 4576 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/03/02 13:19:15.0578 4576 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/03/02 13:19:16.0608 4576 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/02 13:19:17.0669 4576 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
2011/03/02 13:19:18.0714 4576 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/03/02 13:19:19.0744 4576 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/03/02 13:19:20.0789 4576 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
2011/03/02 13:19:21.0803 4576 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/02 13:19:22.0817 4576 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/02 13:19:23.0862 4576 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/02 13:19:24.0892 4576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/02 13:19:25.0984 4576 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/03/02 13:19:27.0060 4576 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/03/02 13:19:28.0121 4576 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\Windows\System32\Drivers\SYMFW.SYS
2011/03/02 13:19:29.0166 4576 SymIM (8eab28dd6cd25355b951ae460fa86b48) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/03/02 13:19:31.0210 4576 SYMNDISV (c94eaca4b522012ee0691f1e79c42a7d) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/03/02 13:19:32.0239 4576 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/03/02 13:19:33.0284 4576 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/03/02 13:19:34.0283 4576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/02 13:19:35.0312 4576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/02 13:19:36.0389 4576 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
2011/03/02 13:19:37.0450 4576 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/02 13:19:38.0464 4576 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/02 13:19:39.0493 4576 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/02 13:19:40.0492 4576 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/02 13:19:41.0537 4576 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/02 13:19:42.0566 4576 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/02 13:19:43.0658 4576 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/02 13:19:44.0672 4576 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/02 13:19:45.0733 4576 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/02 13:19:46.0747 4576 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
2011/03/02 13:19:47.0792 4576 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/02 13:19:48.0853 4576 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/02 13:19:49.0992 4576 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/02 13:19:51.0037 4576 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/02 13:19:52.0036 4576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/02 13:19:53.0065 4576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/02 13:19:54.0079 4576 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/02 13:19:55.0124 4576 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/02 13:19:56.0201 4576 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/02 13:19:57.0215 4576 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/02 13:19:58.0244 4576 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/02 13:19:59.0258 4576 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/02 13:20:00.0272 4576 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/02 13:20:01.0302 4576 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/02 13:20:02.0332 4576 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/02 13:20:03.0377 4576 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/02 13:20:04.0375 4576 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/02 13:20:05.0405 4576 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/02 13:20:06.0434 4576 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/02 13:20:07.0448 4576 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/02 13:20:08.0478 4576 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/02 13:20:09.0492 4576 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/02 13:20:10.0522 4576 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/02 13:20:11.0536 4576 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/02 13:20:12.0581 4576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/02 13:20:13.0626 4576 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/02 13:20:13.0642 4576 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/02 13:20:14.0687 4576 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/02 13:20:15.0732 4576 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/02 13:20:16.0855 4576 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/02 13:20:17.0900 4576 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/02 13:20:18.0961 4576 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/02 13:20:19.0991 4576 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
2011/03/02 13:20:20.0038 4576 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/02 13:20:20.0100 4576 ================================================================================
2011/03/02 13:20:20.0100 4576 Scan finished
2011/03/02 13:20:20.0100 4576 ================================================================================
2011/03/02 13:20:20.0131 4936 Detected object count: 1
2011/03/02 13:20:50.0848 4936 \HardDisk0 - will be cured after reboot
2011/03/02 13:20:50.0848 4936 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/02 13:21:06.0055 3108 Deinitialize success

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:26 AM

Posted 02 March 2011 - 02:35 PM

TDSSKiller has found the main infection you were infected with.

Please post the OTL logs when you get a chance.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 dlb4210

dlb4210
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 March 2011 - 02:39 PM

OTL logfile created on: 3/2/2011 1:32:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Nation Family Pc\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.70 Gb Total Space | 100.63 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
Drive D: | 103.42 Gb Total Space | 103.33 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive J: | 119.98 Mb Total Space | 65.25 Mb Free Space | 54.38% Space Free | Partition Type: FAT

Computer Name: NATIONFAMILY-PC | User Name: Nation Family Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/02 13:22:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Nation Family Pc\Desktop\OTL.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/01/25 20:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 20:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/09 20:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/01/03 03:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/03 03:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/12/07 15:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007/10/17 12:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/10/11 12:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/02/01 18:37:40 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/02 13:22:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Nation Family Pc\Desktop\OTL.exe
MOD - [2008/01/20 20:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/22 13:18:30 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/25 20:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 03:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/17 12:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 06:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/21 17:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)


========== Driver Services (SafeList) ==========

DRV - [2098/01/01 00:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110225.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2098/01/01 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2098/01/01 00:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110225.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/25 01:43:11 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/06 21:58:24 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20110215.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2007/12/21 09:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/14 13:35:32 | 000,132,120 | ---- | M] (FAMv4) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4)
DRV - [2007/12/07 23:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/12/07 23:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/06 11:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 11:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/09/10 12:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/08 09:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/07 07:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/07/02 20:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/02/01 18:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3651872654-1274603032-265443457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3651872654-1274603032-265443457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com/ [binary data]
IE - HKU\S-1-5-21-3651872654-1274603032-265443457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3651872654-1274603032-265443457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3651872654-1274603032-265443457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3651872654-1274603032-265443457-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3651872654-1274603032-265443457-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Apanel] File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3651872654-1274603032-265443457-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.0.32.14 72.242.142.5
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer03.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer03.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/02 13:32:02 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Nation Family Pc\Desktop\OTL.exe
[2011/03/02 13:30:06 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Local\Adobe
[2011/02/26 01:52:47 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\Desktop\gmer
[2011/02/25 01:42:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/25 01:37:01 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\Desktop\Copy of recovery disk xp
[2011/02/23 01:36:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/22 13:19:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2011/02/20 11:18:09 | 000,000,000 | ---D | C] -- C:\Windows\Acer_Wide
[2011/02/20 11:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2011/02/20 11:18:06 | 000,000,000 | ---D | C] -- C:\Windows\Acer_Normal
[2011/02/20 11:16:58 | 000,197,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServeres.dll
[2011/02/20 11:16:58 | 000,197,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerel.dll
[2011/02/20 11:16:58 | 000,197,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerit.dll
[2011/02/20 11:16:58 | 000,197,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerde.dll
[2011/02/20 11:16:58 | 000,196,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerfr.dll
[2011/02/20 11:16:58 | 000,196,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServersl.dll
[2011/02/20 11:16:58 | 000,196,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServersk.dll
[2011/02/20 11:16:58 | 000,196,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerptb.dll
[2011/02/20 11:16:58 | 000,196,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerpt.dll
[2011/02/20 11:16:58 | 000,196,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerpl.dll
[2011/02/20 11:16:58 | 000,196,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServernl.dll
[2011/02/20 11:16:58 | 000,196,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServercs.dll
[2011/02/20 11:16:58 | 000,195,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServertr.dll
[2011/02/20 11:16:58 | 000,195,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerth.dll
[2011/02/20 11:16:58 | 000,195,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerru.dll
[2011/02/20 11:16:58 | 000,195,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerhu.dll
[2011/02/20 11:16:58 | 000,194,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServersv.dll
[2011/02/20 11:16:58 | 000,194,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerno.dll
[2011/02/20 11:16:58 | 000,194,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerfi.dll
[2011/02/20 11:16:58 | 000,194,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerda.dll
[2011/02/20 11:16:58 | 000,194,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerhe.dll
[2011/02/20 11:16:58 | 000,194,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerenu.dll
[2011/02/20 11:16:58 | 000,194,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServereng.dll
[2011/02/20 11:16:58 | 000,193,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerar.dll
[2011/02/20 11:16:58 | 000,188,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerko.dll
[2011/02/20 11:16:58 | 000,188,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerja.dll
[2011/02/20 11:16:58 | 000,187,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerzht.dll
[2011/02/20 11:16:58 | 000,186,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServerzhc.dll
[2011/02/20 11:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/02/20 11:16:57 | 000,638,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidServer.dll
[2011/02/20 11:16:56 | 000,165,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardde.dll
[2011/02/20 11:16:56 | 000,163,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardpt.dll
[2011/02/20 11:16:56 | 000,163,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardel.dll
[2011/02/20 11:16:56 | 000,162,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardit.dll
[2011/02/20 11:16:56 | 000,162,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardfr.dll
[2011/02/20 11:16:56 | 000,162,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardes.dll
[2011/02/20 11:16:56 | 000,160,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardsl.dll
[2011/02/20 11:16:56 | 000,160,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardptb.dll
[2011/02/20 11:16:56 | 000,159,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardnl.dll
[2011/02/20 11:16:56 | 000,159,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardru.dll
[2011/02/20 11:16:56 | 000,159,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardpl.dll
[2011/02/20 11:16:56 | 000,158,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardhu.dll
[2011/02/20 11:16:56 | 000,158,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardtr.dll
[2011/02/20 11:16:56 | 000,157,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardsk.dll
[2011/02/20 11:16:56 | 000,157,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardno.dll
[2011/02/20 11:16:56 | 000,157,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardth.dll
[2011/02/20 11:16:56 | 000,157,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardsv.dll
[2011/02/20 11:16:56 | 000,156,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardfi.dll
[2011/02/20 11:16:56 | 000,156,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardda.dll
[2011/02/20 11:16:56 | 000,154,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardenu.dll
[2011/02/20 11:16:56 | 000,154,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardeng.dll
[2011/02/20 11:16:56 | 000,153,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardhe.dll
[2011/02/20 11:16:56 | 000,141,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardko.dll
[2011/02/20 11:16:56 | 000,141,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardja.dll
[2011/02/20 11:16:56 | 000,137,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardzht.dll
[2011/02/20 11:16:56 | 000,136,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardzhc.dll
[2011/02/20 11:16:56 | 000,056,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvfr.dll
[2011/02/20 11:16:56 | 000,056,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSves.dll
[2011/02/20 11:16:56 | 000,055,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvpt.dll
[2011/02/20 11:16:56 | 000,055,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvit.dll
[2011/02/20 11:16:56 | 000,055,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvel.dll
[2011/02/20 11:16:56 | 000,055,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvde.dll
[2011/02/20 11:16:56 | 000,055,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvsl.dll
[2011/02/20 11:16:56 | 000,055,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvptb.dll
[2011/02/20 11:16:56 | 000,055,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvpl.dll
[2011/02/20 11:16:56 | 000,055,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvnl.dll
[2011/02/20 11:16:56 | 000,054,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvhu.dll
[2011/02/20 11:16:56 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvtr.dll
[2011/02/20 11:16:56 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvth.dll
[2011/02/20 11:16:56 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvsk.dll
[2011/02/20 11:16:56 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvfi.dll
[2011/02/20 11:16:56 | 000,053,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvsv.dll
[2011/02/20 11:16:56 | 000,053,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvru.dll
[2011/02/20 11:16:56 | 000,053,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvno.dll
[2011/02/20 11:16:56 | 000,053,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvhe.dll
[2011/02/20 11:16:56 | 000,053,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvda.dll
[2011/02/20 11:16:56 | 000,053,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvenu.dll
[2011/02/20 11:16:56 | 000,053,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSveng.dll
[2011/02/20 11:16:56 | 000,049,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvja.dll
[2011/02/20 11:16:56 | 000,049,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvko.dll
[2011/02/20 11:16:56 | 000,047,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvzht.dll
[2011/02/20 11:16:56 | 000,047,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvzhc.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionzht.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionzhc.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectiontr.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionth.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionsv.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionsl.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionsk.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionru.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionptb.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionpt.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionpl.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionno.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionnl.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionko.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionja.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionit.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionhu.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionhe.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionfr.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionfi.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectiones.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionenu.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectioneng.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionel.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionde.dll
[2011/02/20 11:16:56 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionda.dll
[2011/02/20 11:16:55 | 000,567,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizard.dll
[2011/02/20 11:16:55 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsataconnection.exe
[2011/02/20 11:16:55 | 000,196,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
[2011/02/20 11:16:55 | 000,160,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardcs.dll
[2011/02/20 11:16:55 | 000,150,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidWizardar.dll
[2011/02/20 11:16:55 | 000,054,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvcs.dll
[2011/02/20 11:16:55 | 000,052,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRaidSvar.dll
[2011/02/20 11:16:55 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectioncs.dll
[2011/02/20 11:16:55 | 000,032,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvSataConnectionar.dll
[2011/02/19 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Acer
[2011/02/19 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Leadertech
[2011/02/19 20:36:33 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Macromedia
[2011/02/19 20:32:39 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Adobe
[2011/02/19 20:31:22 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe
[2011/02/19 20:31:22 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe
[2011/02/19 20:31:22 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2011/02/19 20:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Install Manager
[2011/02/19 20:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/02/19 20:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Assist
[2011/02/19 20:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Registration
[2011/02/19 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Symantec
[2011/02/19 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Local\PowerCinema
[2011/02/19 20:29:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/19 20:29:31 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/19 20:29:31 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Searches
[2011/02/19 20:29:31 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/19 20:29:24 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Identities
[2011/02/19 20:29:22 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Contacts
[2011/02/19 20:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Local\VirtualStore
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\AppData\Local\Temporary Internet Files
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Templates
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Start Menu
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\SendTo
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Recent
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\PrintHood
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\NetHood
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Documents\My Videos
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Documents\My Pictures
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Documents\My Music
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\My Documents
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Local Settings
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\AppData\Local\History
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Cookies
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\Application Data
[2011/02/19 20:29:10 | 000,000,000 | -HSD | C] -- C:\Users\Nation Family Pc\AppData\Local\Application Data
[2011/02/19 20:29:09 | 000,000,000 | --SD | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Microsoft
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Videos
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Saved Games
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Pictures
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Music
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Links
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Favorites
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Downloads
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Documents
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\Desktop
[2011/02/19 20:29:09 | 000,000,000 | R--D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/19 20:29:09 | 000,000,000 | -H-D | C] -- C:\Users\Nation Family Pc\AppData
[2011/02/19 20:29:09 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Local\Temp
[2011/02/19 20:29:09 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Local\Microsoft
[2011/02/19 20:29:09 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Media Center Programs
[2011/02/19 20:29:09 | 000,000,000 | ---D | C] -- C:\Users\Nation Family Pc\AppData\Roaming\Acer GameZone Console
[2011/02/19 10:56:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\devcon.exe
[2011/02/19 09:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/02/19 09:01:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/03/02 13:35:39 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/02 13:35:39 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/02 13:27:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/02 13:27:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/02 13:27:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/02 13:27:31 | 2951,860,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/02 13:22:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Nation Family Pc\Desktop\OTL.exe
[2011/03/02 13:10:13 | 182,083,519 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/02 13:04:30 | 001,261,440 | ---- | M] () -- C:\Users\Nation Family Pc\Desktop\tdsskiller.zip
[2011/02/26 01:43:30 | 000,000,000 | ---- | M] () -- C:\Users\Nation Family Pc\defogger_reenable
[2011/02/26 01:35:40 | 000,050,477 | ---- | M] () -- C:\Users\Nation Family Pc\Desktop\Defogger.exe
[2011/02/26 01:32:06 | 000,288,107 | ---- | M] () -- C:\Users\Nation Family Pc\Desktop\gmer.zip
[2011/02/26 01:28:50 | 000,624,128 | ---- | M] () -- C:\Users\Nation Family Pc\Desktop\dds.scr
[2011/02/25 01:43:11 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/02/25 01:43:11 | 000,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/02/25 01:43:11 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/02/22 11:43:56 | 000,000,568 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Nation Family Pc.job
[2011/02/20 12:21:24 | 000,296,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/20 11:20:29 | 000,000,132 | ---- | M] () -- C:\Windows\Alaunch.ini
[2011/02/19 22:24:09 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/02/19 20:29:33 | 000,000,947 | ---- | M] () -- C:\Users\Nation Family Pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/19 10:56:11 | 000,001,699 | ---- | M] () -- C:\Windows\CLEANUP.CMD

========== Files Created - No Company Name ==========

[2011/03/02 13:13:27 | 001,261,440 | ---- | C] () -- C:\Users\Nation Family Pc\Desktop\tdsskiller.zip
[2011/02/26 01:43:30 | 000,000,000 | ---- | C] () -- C:\Users\Nation Family Pc\defogger_reenable
[2011/02/26 01:42:48 | 000,624,128 | ---- | C] () -- C:\Users\Nation Family Pc\Desktop\dds.scr
[2011/02/26 01:42:48 | 000,288,107 | ---- | C] () -- C:\Users\Nation Family Pc\Desktop\gmer.zip
[2011/02/26 01:42:48 | 000,050,477 | ---- | C] () -- C:\Users\Nation Family Pc\Desktop\Defogger.exe
[2011/02/23 01:35:59 | 182,083,519 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/22 11:24:47 | 000,000,568 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Nation Family Pc.job
[2011/02/20 11:18:10 | 000,187,392 | ---- | C] () -- C:\Windows\Acer(Normal).scr
[2011/02/20 11:18:10 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2011/02/20 11:18:09 | 000,187,392 | ---- | C] () -- C:\Windows\Acer(Wide).scr
[2011/02/20 11:18:09 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2011/02/20 11:16:06 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2011/02/19 20:31:22 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2011/02/19 20:31:22 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss
[2011/02/19 20:30:19 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Registration.lnk
[2011/02/19 20:30:19 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2011/02/19 20:29:33 | 000,000,953 | ---- | C] () -- C:\Users\Nation Family Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/19 20:29:30 | 000,000,948 | ---- | C] () -- C:\Users\Nation Family Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/02/19 20:29:21 | 000,000,919 | ---- | C] () -- C:\Users\Nation Family Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/02/19 20:29:14 | 000,000,947 | ---- | C] () -- C:\Users\Nation Family Pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/19 20:29:09 | 000,000,258 | ---- | C] () -- C:\Users\Nation Family Pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/19 20:29:09 | 000,000,240 | ---- | C] () -- C:\Users\Nation Family Pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/19 10:57:23 | 2951,860,224 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/19 10:56:11 | 000,749,568 | ---- | C] () -- C:\Users\Public\Desktop\ACER STORE.EXE
[2008/02/05 14:18:17 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/05 13:51:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/02/05 13:51:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/02/05 13:18:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/02/05 12:05:25 | 000,001,022 | ---- | C] () -- C:\Windows\generic.ini
[2008/02/05 12:05:25 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008/01/20 20:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,296,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

OTL Extras logfile created on: 3/2/2011 1:32:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Nation Family Pc\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.70 Gb Total Space | 100.63 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
Drive D: | 103.42 Gb Total Space | 103.33 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive J: | 119.98 Mb Total Space | 65.25 Mb Free Space | 54.38% Space Free | Partition Type: FAT

Computer Name: NATIONFAMILY-PC | User Name: Nation Family Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B4998B-5924-450F-AEF9-4BDA12EFD12F}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{2E9A4533-1359-46B6-B326-2B899D73FD10}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{505ED723-A2BA-473E-AEAE-3BD5181A5754}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{6299EEE5-1856-4B10-9916-798B1C1AEF89}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7BB3097A-3125-4981-9834-679B5636377D}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{7D1CE16D-8631-458E-8382-54CE0C38BDEB}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7F51ED0B-81E8-46A6-908E-8C5EA726056F}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{81B6CD0B-8F08-4C12-8532-E56DF5350339}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{8BCD640B-594A-465F-8A9E-E5A6C07DC081}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8FFE3A8A-4C75-43A0-BFF3-95FDFDA33BE2}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{948000F3-8719-4206-B4C5-6506B663184F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{ADE9CF49-7A0E-4076-9B85-7648EC5E7736}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B0FC188F-249E-43D9-859D-89A0F334AEDC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{D430641B-178B-4C39-B53C-F6B3221DB01A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EDAD7C9C-2B42-422A-A171-019C0C88A98B}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{54572159-932C-4164-AF92-881C17222314}" = Symantec Real Time Storage Protection Component
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C8924DA-E19E-4F33-B9A0-A2B1D1EE2D59}" = SymNet
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"NTI Open File Manager" = NTI Open File Manager (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2011 6:01:01 AM | Computer Name = NationFamily-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2011 6:19:03 AM | Computer Name = NationFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc000071b, fault offset 0x00088ed9, process id 0xb2c, application
start time 0x01cbd3404bf97013.

Error - 2/23/2011 6:22:10 AM | Computer Name = NationFamily-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2011 8:13:17 AM | Computer Name = NationFamily-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 2/25/2011 3:36:03 AM | Computer Name = NationFamily-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2011 3:42:38 AM | Computer Name = NationFamily-PC | Source = SPP | ID = 16387
Description =

Error - 2/25/2011 3:42:38 AM | Computer Name = NationFamily-PC | Source = System Restore | ID = 8193
Description =

Error - 2/25/2011 3:50:28 AM | Computer Name = NationFamily-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2011 4:00:52 AM | Computer Name = NationFamily-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2011 4:13:42 AM | Computer Name = NationFamily-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/19/2011 12:59:33 PM | Computer Name = WIN-75R7M7PJ5Y7 | Source = HTTP | ID = 15016
Description =


< End of report >

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:26 AM

Posted 02 March 2011 - 02:47 PM

dlb4210,

How are things running?

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    O4 - HKLM..\Run: [Apanel] File not found
    O4 - HKLM..\Run: [eRecoveryService] File not found
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 dlb4210

dlb4210
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 March 2011 - 02:53 PM

:wacko: I can tell what somethings are others look confusing

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:26 AM

Posted 02 March 2011 - 03:10 PM

I can tell what somethings are others look confusing

Not sure I understand what your saying.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 dlb4210

dlb4210
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 March 2011 - 03:41 PM

just confused with the logs! nevermind about that!

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:26 AM

Posted 02 March 2011 - 04:02 PM

Okay.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 dlb4210

dlb4210
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 March 2011 - 09:31 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5939

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/2/2011 7:47:34 PM
mbam-log-2011-03-02 (19-47-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 226276
Time elapsed: 1 hour(s), 56 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:26 AM

Posted 02 March 2011 - 09:33 PM

dlb4210,


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 dlb4210

dlb4210
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 March 2011 - 09:33 PM

So when I turned the cp off it started installing updates 88 of them so far! Hope thats okay I cant stop them.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users