Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.BV.2: Combofix Log attached


  • This topic is locked This topic is locked
24 replies to this topic

#1 drjbkk

drjbkk

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 26 March 2012 - 04:27 PM

I was absolutely nailed by Sirefef.bv.2 this morning. Everything has slowed to a crawl. I've managed to finally get a log from Combofix, attached here. Here is the actual text of the log, attachment below:
ComboFix 12-03-26.02 - Acer 03/26/2012 17:01:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1677 [GMT -4:00]
Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\windows\$NtUninstallKB4718$
c:\windows\$NtUninstallKB4718$\1812233834\@
c:\windows\$NtUninstallKB4718$\1812233834\cfg.ini
c:\windows\$NtUninstallKB4718$\1812233834\Desktop.ini
c:\windows\$NtUninstallKB4718$\1812233834\L\fuowfmiy
c:\windows\$NtUninstallKB4718$\1812233834\oemid
c:\windows\$NtUninstallKB4718$\1812233834\U\00000001.@
c:\windows\$NtUninstallKB4718$\1812233834\U\00000002.@
c:\windows\$NtUninstallKB4718$\1812233834\U\00000004.@
c:\windows\$NtUninstallKB4718$\1812233834\U\80000000.@
c:\windows\$NtUninstallKB4718$\1812233834\U\80000004.@
c:\windows\$NtUninstallKB4718$\1812233834\U\80000032.@
c:\windows\$NtUninstallKB4718$\1812233834\version
c:\windows\$NtUninstallKB4718$\3553592109
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\dds_trash_log.cmd
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 20:30 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-03-26 17:54 . 2012-03-26 17:54 -------- d-----w- c:\documents and settings\Acer\Application Data\Malwarebytes
2012-03-26 17:54 . 2012-03-26 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-26 17:54 . 2012-03-26 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-26 17:54 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 01:27 . 2012-03-26 01:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-03-26 01:27 . 2012-03-26 01:27 -------- d-----w- c:\program files\Windows Live
2012-03-26 01:26 . 2012-03-26 01:26 141399376 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB3.tmp
2012-03-24 13:50 . 2012-03-26 11:18 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\Temp
2012-03-23 16:32 . 2012-03-26 20:24 -------- d-----w- c:\windows\system32\wbem\Logs
2012-03-19 02:54 . 2012-03-19 02:54 -------- d-----w- c:\documents and settings\Acer\Contacts
2012-03-17 16:34 . 2012-03-17 16:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{FA33E2F3-4250-473E-85C1-4E4E3BAB4252}
2012-03-16 15:51 . 2001-08-17 17:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2012-03-16 15:50 . 2001-08-17 16:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2012-03-16 15:50 . 2001-08-17 17:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-03-16 15:50 . 2008-04-14 02:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2012-03-16 15:50 . 2001-08-17 16:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2012-03-16 15:50 . 2001-08-17 17:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2012-03-16 15:50 . 2001-08-17 16:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2012-03-16 15:50 . 2008-04-14 09:41 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3711 -c--a-w- c:\windows\system32\dllcache\adv09nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3135 -c--a-w- c:\windows\system32\dllcache\adv08nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3647 -c--a-w- c:\windows\system32\dllcache\adv07nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3967 -c--a-w- c:\windows\system32\dllcache\adv02nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3615 -c--a-w- c:\windows\system32\dllcache\adv05nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 4255 -c--a-w- c:\windows\system32\dllcache\adv01nt5.dll
2012-03-15 01:24 . 2012-03-15 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2012-03-14 03:15 . 2012-03-16 01:04 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\ManyCam
2012-03-14 03:15 . 2012-03-16 01:04 -------- d-----w- c:\documents and settings\Acer\Application Data\ManyCam
2012-03-14 03:15 . 2012-03-16 01:03 -------- d-----w- c:\program files\ManyCam
2012-03-14 03:15 . 2012-03-14 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-03-14 01:02 . 2012-03-26 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-03-13 20:53 . 2012-03-13 20:52 1496 ----a-w- c:\windows\system32\drivers\RtkAcerM.dat
2012-03-07 03:15 . 2009-01-03 00:07 331776 ------w- c:\windows\system\M3000Dex.dll
2012-03-07 03:15 . 2007-07-13 19:49 233472 ------w- c:\windows\system32\M3000DIF.dll
2012-03-07 00:48 . 2012-03-07 00:53 -------- d-----w- c:\documents and settings\Acer\Application Data\Camfrog
2012-03-07 00:48 . 2012-03-07 00:48 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\CrashRpt
2012-03-07 00:47 . 2012-03-07 03:56 -------- d-----w- c:\program files\Camfrog
2012-03-05 01:59 . 2012-03-05 01:59 -------- d-----w- c:\program files\OverDrive Media Console
2012-02-28 23:55 . 2012-02-28 23:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 20:52 . 2009-08-01 08:48 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-03-13 20:52 . 2009-08-01 08:48 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2012-03-13 20:52 . 2009-08-01 08:48 290816 ----a-w- c:\windows\vncutil.exe
2012-03-13 20:52 . 2009-08-01 08:48 1826816 ----a-w- c:\windows\SkyTel.exe
2012-03-13 20:52 . 2009-08-01 08:48 1482752 ----a-w- c:\windows\RtlUpd.exe
2012-03-13 20:52 . 2009-08-01 08:48 9715200 ----a-w- c:\windows\RTLCPL.EXE
2012-03-13 20:52 . 2009-08-01 08:48 5788672 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-03-13 20:52 . 2009-08-01 08:48 40960 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2012-03-13 20:52 . 2009-08-01 08:48 122880 ----a-w- c:\windows\RtkAudioService.exe
2012-03-13 20:52 . 2009-08-01 08:48 18665472 ----a-w- c:\windows\RTHDCPL.EXE
2012-03-13 20:52 . 2009-08-01 08:48 2168320 ----a-w- c:\windows\MicCal.exe
2012-03-13 20:52 . 2009-08-01 08:48 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-03-13 20:52 . 2009-08-01 08:48 278528 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2012-03-13 20:52 . 2009-08-01 08:48 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-03-13 20:52 . 2009-08-01 08:48 57344 ----a-w- c:\windows\ALCMTR.EXE
2012-03-13 20:52 . 2009-08-01 08:48 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2012-02-22 10:34 . 2012-02-22 10:34 22400 ----a-w- c:\windows\system32\drivers\mcaudrv.sys
2012-02-14 12:47 . 2011-07-05 13:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2009-08-01 07:34 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-17 12:46 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-11 06:11 . 2012-01-11 06:11 32000 ----a-w- c:\windows\system32\drivers\mcvidrv.sys
2012-01-09 16:20 . 2009-08-01 06:51 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-08 20:13 . 2012-02-14 12:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-13 18665472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
2011-11-20 06:37 1183744 ----a-w- c:\program files\Athan\Athan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_]
2012-03-21 12:21 1049072 ----a-w- c:\documents and settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_run]
2012-03-21 12:21 1049072 ----a-w- c:\documents and settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 21:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-08-28 14:32 1557800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
"Google Update"="c:\documents and settings\Acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AzMixerSel"=c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
"Athan"=c:\program files\Athan\Athan.exe
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IJNetworkScanUtility"=c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Garmin Lifetime Updater"=c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Documents and Settings\\Acer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Acer\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [11/20/2011 7:18 PM 14776]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2/2/2012 5:31 AM 58648]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/21/2011 2:45 PM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/26/2012 1:54 PM 652360]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 5:35 AM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 3:35 AM 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [1/2/2009 7:33 PM 145408]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [1/11/2012 2:11 AM 32000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/26/2012 1:54 PM 20464]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2/22/2012 6:34 AM 22400]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/18/2011 1:40 AM 490840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2011 1:32 PM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 2:30 PM 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 4:48 AM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2011 1:32 PM 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/1/2009 4:43 AM 162816]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/1/2009 3:34 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S3 WWSPLIT;Willing Webcam WDM Driver;c:\windows\system32\DRIVERS\wwsplit.sys --> c:\windows\system32\DRIVERS\wwsplit.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ami0nt
rtl8185
naiavfilter1
hmonitor
mcdbus
adobeactivefilemonitor4.0
harmony
wencrservice
TMMEmu
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-21 03:31]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 17:32]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 17:32]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2857422465-3341562259-4179051517-1005Core.job
- c:\documents and settings\Acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-21 17:31]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2857422465-3341562259-4179051517-1005UA.job
- c:\documents and settings\Acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-21 17:31]
.
2012-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2857422465-3341562259-4179051517-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2857422465-3341562259-4179051517-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph02104605l0344wu95w48423870
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 192.168.1.5:3128
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Acer\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\fdzbxieo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 192.168.1.5
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 192.168.1.5
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.1.5
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.1.5
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Name of App - c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-26 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(356)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\WebCam\M3000\M3000Mnt.exe
.
**************************************************************************
.
Completion time: 2012-03-26 17:18:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 21:18
.
Pre-Run: 97,945,985,024 bytes free
Post-Run: 98,283,188,224 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A17B7A21EE4440D68BEE9552C271EFCD

Attached Files

  • Attached File  log.txt   20.47KB   0 downloads

Edited by hamluis, 26 March 2012 - 04:40 PM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:46 PM

Posted 29 March 2012 - 02:29 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 drjbkk

drjbkk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 29 March 2012 - 06:26 AM

Thanks very much for your assistance. You folks do an amazing service.

1. Comments: Yes my real banking information was indeed stolen 2 weeks ago and sold on the black market to someone in Spain. The fraud investigators concluded only that it happened on the net and included my full ATM plus security code, which I'd used in a web purchase in late February. I have since been using Zemana anti-logger in the hopes this might do something useful. This may/may not be related. Avira first announced the arrival of virus on 26 March.

2. TDSS KILLER LOG apparently found nothing:
06:41:38.0156 4540 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
06:41:38.0468 4540 ============================================================
06:41:38.0468 4540 Current date / time: 2012/03/29 06:41:38.0468
06:41:38.0468 4540 SystemInfo:
06:41:38.0468 4540
06:41:38.0468 4540 OS Version: 5.1.2600 ServicePack: 3.0
06:41:38.0468 4540 Product type: Workstation
06:41:38.0468 4540 ComputerName: ACER-PC
06:41:38.0468 4540 UserName: Acer
06:41:38.0468 4540 Windows directory: C:\WINDOWS
06:41:38.0468 4540 System windows directory: C:\WINDOWS
06:41:38.0468 4540 Processor architecture: Intel x86
06:41:38.0468 4540 Number of processors: 2
06:41:38.0468 4540 Page size: 0x1000
06:41:38.0468 4540 Boot type: Normal boot
06:41:38.0468 4540 ============================================================
06:41:39.0812 4540 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:41:39.0812 4540 \Device\Harddisk0\DR0:
06:41:39.0828 4540 MBR used
06:41:39.0828 4540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x11616EB0
06:41:39.0921 4540 Initialize success
06:41:39.0921 4540 ============================================================
06:42:56.0296 2720 ============================================================
06:42:56.0296 2720 Scan started
06:42:56.0296 2720 Mode: Manual;
06:42:56.0296 2720 ============================================================
06:42:56.0781 2720 Abiosdsk - ok
06:42:56.0843 2720 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:42:56.0875 2720 abp480n5 - ok
06:42:56.0937 2720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:42:56.0984 2720 ACPI - ok
06:42:57.0000 2720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:42:57.0015 2720 ACPIEC - ok
06:42:57.0125 2720 adobeactivefilemonitor4.0 - ok
06:42:57.0203 2720 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:42:57.0250 2720 adpu160m - ok
06:42:57.0421 2720 AdvancedSystemCareService5 (e690647ae0b4111e3d82fce27fdfd9b4) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
06:42:57.0468 2720 AdvancedSystemCareService5 - ok
06:42:57.0640 2720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:42:57.0671 2720 aec - ok
06:42:57.0718 2720 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:42:57.0765 2720 AFD - ok
06:42:57.0796 2720 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:42:57.0828 2720 agp440 - ok
06:42:57.0859 2720 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:42:57.0890 2720 agpCPQ - ok
06:42:58.0046 2720 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:42:58.0078 2720 Aha154x - ok
06:42:58.0109 2720 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:42:58.0140 2720 aic78u2 - ok
06:42:58.0171 2720 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:42:58.0187 2720 aic78xx - ok
06:42:58.0234 2720 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
06:42:58.0281 2720 Alerter - ok
06:42:58.0437 2720 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
06:42:58.0468 2720 ALG - ok
06:42:58.0546 2720 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:42:58.0562 2720 AliIde - ok
06:42:58.0593 2720 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:42:58.0609 2720 alim1541 - ok
06:42:58.0703 2720 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
06:42:58.0796 2720 Ambfilt - ok
06:42:58.0953 2720 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:42:58.0984 2720 amdagp - ok
06:42:59.0015 2720 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:42:59.0031 2720 amsint - ok
06:42:59.0187 2720 AntiLog32 (306fc4d34e68b5ea31f7d3cb6e0eacc2) C:\Program Files\AntiLogger\AntiLog32.sys
06:42:59.0218 2720 AntiLog32 - ok
06:42:59.0328 2720 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
06:42:59.0359 2720 AntiVirSchedulerService - ok
06:42:59.0406 2720 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
06:42:59.0437 2720 AntiVirService - ok
06:42:59.0656 2720 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
06:42:59.0718 2720 AR5416 - ok
06:42:59.0890 2720 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:42:59.0921 2720 asc - ok
06:42:59.0953 2720 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:42:59.0984 2720 asc3350p - ok
06:43:00.0000 2720 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:43:00.0031 2720 asc3550 - ok
06:43:00.0156 2720 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:43:00.0187 2720 aspnet_state - ok
06:43:00.0343 2720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:43:00.0375 2720 AsyncMac - ok
06:43:00.0406 2720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:43:00.0437 2720 atapi - ok
06:43:00.0453 2720 Atdisk - ok
06:43:00.0484 2720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:43:00.0515 2720 Atmarpc - ok
06:43:00.0562 2720 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
06:43:00.0593 2720 AudioSrv - ok
06:43:00.0765 2720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:43:00.0781 2720 audstub - ok
06:43:00.0921 2720 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
06:43:00.0968 2720 avgio - ok
06:43:01.0015 2720 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
06:43:01.0046 2720 avgntflt - ok
06:43:01.0093 2720 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
06:43:01.0125 2720 avipbb - ok
06:43:01.0375 2720 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
06:43:01.0468 2720 BCM43XX - ok
06:43:01.0625 2720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:43:01.0656 2720 Beep - ok
06:43:01.0718 2720 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
06:43:01.0875 2720 BITS - ok
06:43:02.0031 2720 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
06:43:02.0062 2720 Browser - ok
06:43:02.0078 2720 catchme - ok
06:43:02.0171 2720 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:43:02.0187 2720 cbidf - ok
06:43:02.0203 2720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:43:02.0203 2720 cbidf2k - ok
06:43:02.0265 2720 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:43:02.0281 2720 CCDECODE - ok
06:43:02.0453 2720 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:43:02.0468 2720 cd20xrnt - ok
06:43:02.0500 2720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:43:02.0531 2720 Cdaudio - ok
06:43:02.0578 2720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:43:02.0609 2720 Cdfs - ok
06:43:02.0640 2720 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:43:02.0656 2720 Cdrom - ok
06:43:02.0687 2720 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
06:43:02.0718 2720 CiSvc - ok
06:43:02.0843 2720 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
06:43:02.0875 2720 ClipSrv - ok
06:43:02.0984 2720 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:43:03.0031 2720 clr_optimization_v2.0.50727_32 - ok
06:43:03.0109 2720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:43:03.0140 2720 clr_optimization_v4.0.30319_32 - ok
06:43:03.0312 2720 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:43:03.0343 2720 CmBatt - ok
06:43:03.0390 2720 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:43:03.0406 2720 CmdIde - ok
06:43:03.0437 2720 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:43:03.0468 2720 Compbatt - ok
06:43:03.0484 2720 COMSysApp - ok
06:43:03.0531 2720 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:43:03.0562 2720 Cpqarray - ok
06:43:03.0718 2720 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
06:43:03.0734 2720 CryptSvc - ok
06:43:03.0843 2720 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:43:03.0875 2720 dac2w2k - ok
06:43:03.0906 2720 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:43:03.0937 2720 dac960nt - ok
06:43:04.0109 2720 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
06:43:04.0125 2720 DcomLaunch - ok
06:43:04.0187 2720 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
06:43:04.0187 2720 Dhcp - ok
06:43:04.0296 2720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:43:04.0328 2720 Disk - ok
06:43:04.0468 2720 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
06:43:04.0500 2720 DKbFltr - ok
06:43:04.0531 2720 dmadmin - ok
06:43:04.0593 2720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:43:04.0640 2720 dmboot - ok
06:43:04.0796 2720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:43:04.0828 2720 dmio - ok
06:43:04.0875 2720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:43:04.0906 2720 dmload - ok
06:43:04.0968 2720 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
06:43:04.0968 2720 dmserver - ok
06:43:05.0125 2720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:43:05.0156 2720 DMusic - ok
06:43:05.0234 2720 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
06:43:05.0265 2720 Dnscache - ok
06:43:05.0359 2720 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
06:43:05.0390 2720 Dot3svc - ok
06:43:05.0484 2720 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:43:05.0515 2720 dpti2o - ok
06:43:05.0656 2720 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
06:43:05.0687 2720 DritekPortIO - ok
06:43:05.0796 2720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:43:05.0828 2720 drmkaud - ok
06:43:05.0921 2720 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
06:43:05.0937 2720 EapHost - ok
06:43:05.0968 2720 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
06:43:06.0000 2720 ERSvc - ok
06:43:06.0046 2720 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:43:06.0109 2720 Eventlog - ok
06:43:06.0281 2720 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
06:43:06.0296 2720 EventSystem - ok
06:43:06.0375 2720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:43:06.0421 2720 Fastfat - ok
06:43:06.0484 2720 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:43:06.0515 2720 FastUserSwitchingCompatibility - ok
06:43:06.0703 2720 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
06:43:06.0734 2720 Fax - ok
06:43:06.0843 2720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:43:06.0859 2720 Fdc - ok
06:43:06.0921 2720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:43:06.0953 2720 Fips - ok
06:43:06.0968 2720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:43:07.0000 2720 Flpydisk - ok
06:43:07.0187 2720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:43:07.0218 2720 FltMgr - ok
06:43:07.0390 2720 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:43:07.0421 2720 FontCache3.0.0.0 - ok
06:43:07.0453 2720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:43:07.0468 2720 Fs_Rec - ok
06:43:07.0656 2720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:43:07.0703 2720 Ftdisk - ok
06:43:07.0734 2720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:43:07.0765 2720 Gpc - ok
06:43:07.0921 2720 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
06:43:07.0953 2720 gupdate - ok
06:43:07.0953 2720 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
06:43:07.0968 2720 gupdatem - ok
06:43:08.0140 2720 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:43:08.0171 2720 HDAudBus - ok
06:43:08.0250 2720 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:43:08.0281 2720 helpsvc - ok
06:43:08.0328 2720 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
06:43:08.0359 2720 HidServ - ok
06:43:08.0515 2720 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:43:08.0531 2720 HidUsb - ok
06:43:08.0578 2720 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
06:43:08.0625 2720 hkmsvc - ok
06:43:08.0671 2720 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:43:08.0703 2720 hpn - ok
06:43:08.0875 2720 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:43:08.0906 2720 HPZid412 - ok
06:43:08.0921 2720 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:43:08.0953 2720 HPZipr12 - ok
06:43:09.0000 2720 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:43:09.0031 2720 HPZius12 - ok
06:43:09.0203 2720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:43:09.0250 2720 HTTP - ok
06:43:09.0296 2720 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
06:43:09.0328 2720 HTTPFilter - ok
06:43:09.0468 2720 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:43:09.0500 2720 i2omgmt - ok
06:43:09.0531 2720 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:43:09.0546 2720 i2omp - ok
06:43:09.0593 2720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:43:09.0625 2720 i8042prt - ok
06:43:09.0765 2720 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
06:43:09.0828 2720 IAANTMON - ok
06:43:10.0234 2720 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
06:43:10.0531 2720 ialm - ok
06:43:10.0734 2720 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
06:43:10.0734 2720 iaStor - ok
06:43:10.0921 2720 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:43:11.0000 2720 idsvc - ok
06:43:11.0171 2720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:43:11.0187 2720 Imapi - ok
06:43:11.0250 2720 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
06:43:11.0281 2720 ImapiService - ok
06:43:11.0328 2720 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:43:11.0359 2720 ini910u - ok
06:43:11.0656 2720 IntcAzAudAddService (aa5eefcdb0869d45560fab917316645a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:43:11.0890 2720 IntcAzAudAddService - ok
06:43:12.0062 2720 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:43:12.0078 2720 IntelIde - ok
06:43:12.0140 2720 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:43:12.0171 2720 intelppm - ok
06:43:12.0187 2720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:43:12.0203 2720 Ip6Fw - ok
06:43:12.0234 2720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:43:12.0250 2720 IpFilterDriver - ok
06:43:12.0265 2720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:43:12.0296 2720 IpInIp - ok
06:43:12.0468 2720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:43:12.0515 2720 IpNat - ok
06:43:12.0546 2720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:43:12.0578 2720 IPSec - ok
06:43:12.0609 2720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:43:12.0625 2720 IRENUM - ok
06:43:12.0671 2720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:43:12.0703 2720 isapnp - ok
06:43:12.0875 2720 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
06:43:12.0921 2720 JavaQuickStarterService - ok
06:43:13.0093 2720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:43:13.0125 2720 Kbdclass - ok
06:43:13.0203 2720 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:43:13.0218 2720 kbdhid - ok
06:43:13.0265 2720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:43:13.0312 2720 kmixer - ok
06:43:13.0359 2720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:43:13.0406 2720 KSecDD - ok
06:43:13.0578 2720 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
06:43:13.0609 2720 L1c - ok
06:43:13.0656 2720 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
06:43:13.0703 2720 LanmanServer - ok
06:43:13.0750 2720 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
06:43:13.0812 2720 lanmanworkstation - ok
06:43:13.0968 2720 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
06:43:14.0000 2720 LmHosts - ok
06:43:14.0109 2720 M3000Srv (b47da7eb985a6676623f378642e417b6) C:\WINDOWS\system32\Drivers\M3000KNT.sys
06:43:14.0125 2720 M3000Srv - ok
06:43:14.0187 2720 ManyCam (8e17d513d8011b0ee03c355eaab0e0cc) C:\WINDOWS\system32\DRIVERS\mcvidrv.sys
06:43:14.0218 2720 ManyCam - ok
06:43:14.0406 2720 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
06:43:14.0421 2720 MBAMProtector - ok
06:43:14.0546 2720 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:43:14.0593 2720 MBAMService - ok
06:43:15.0015 2720 mcaudrv_simple (562d95e00e14a944debe655decbd3f5b) C:\WINDOWS\system32\drivers\mcaudrv.sys
06:43:15.0046 2720 mcaudrv_simple - ok
06:43:15.0093 2720 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
06:43:15.0125 2720 Messenger - ok
06:43:15.0296 2720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:43:15.0328 2720 mnmdd - ok
06:43:15.0359 2720 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
06:43:15.0390 2720 mnmsrvc - ok
06:43:15.0546 2720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:43:15.0578 2720 Modem - ok
06:43:15.0671 2720 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
06:43:15.0734 2720 Monfilt - ok
06:43:16.0015 2720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:43:16.0046 2720 Mouclass - ok
06:43:16.0093 2720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:43:16.0109 2720 mouhid - ok
06:43:16.0171 2720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:43:16.0203 2720 MountMgr - ok
06:43:16.0359 2720 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:43:16.0390 2720 mraid35x - ok
06:43:16.0421 2720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:43:16.0468 2720 MRxDAV - ok
06:43:16.0515 2720 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:43:16.0578 2720 MRxSmb - ok
06:43:16.0734 2720 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
06:43:16.0765 2720 MSDTC - ok
06:43:16.0875 2720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:43:16.0906 2720 Msfs - ok
06:43:16.0984 2720 MSIServer - ok
06:43:17.0062 2720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:43:17.0093 2720 MSKSSRV - ok
06:43:17.0125 2720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:43:17.0125 2720 MSPCLOCK - ok
06:43:17.0140 2720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:43:17.0156 2720 MSPQM - ok
06:43:17.0203 2720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:43:17.0218 2720 mssmbios - ok
06:43:17.0250 2720 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:43:17.0265 2720 MSTEE - ok
06:43:17.0468 2720 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:43:17.0500 2720 Mup - ok
06:43:17.0546 2720 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:43:17.0593 2720 NABTSFEC - ok
06:43:17.0640 2720 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
06:43:17.0687 2720 napagent - ok
06:43:17.0890 2720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:43:17.0937 2720 NDIS - ok
06:43:18.0015 2720 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:43:18.0031 2720 NdisIP - ok
06:43:18.0093 2720 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:43:18.0125 2720 NdisTapi - ok
06:43:18.0296 2720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:43:18.0328 2720 Ndisuio - ok
06:43:18.0359 2720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:43:18.0375 2720 NdisWan - ok
06:43:18.0406 2720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:43:18.0437 2720 NDProxy - ok
06:43:18.0468 2720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:43:18.0500 2720 NetBIOS - ok
06:43:18.0687 2720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:43:18.0718 2720 NetBT - ok
06:43:18.0765 2720 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:43:18.0796 2720 NetDDE - ok
06:43:18.0812 2720 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:43:18.0812 2720 NetDDEdsdm - ok
06:43:18.0937 2720 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:43:18.0968 2720 Netlogon - ok
06:43:19.0015 2720 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
06:43:19.0046 2720 Netman - ok
06:43:19.0187 2720 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:43:19.0234 2720 NetTcpPortSharing - ok
06:43:19.0343 2720 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
06:43:19.0343 2720 Nla - ok
06:43:19.0500 2720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:43:19.0531 2720 Npfs - ok
06:43:19.0609 2720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:43:19.0656 2720 Ntfs - ok
06:43:19.0828 2720 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:43:19.0828 2720 NtLmSsp - ok
06:43:19.0890 2720 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
06:43:19.0921 2720 NtmsSvc - ok
06:43:20.0046 2720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:43:20.0078 2720 Null - ok
06:43:20.0171 2720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:43:20.0203 2720 NwlnkFlt - ok
06:43:20.0250 2720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:43:20.0265 2720 NwlnkFwd - ok
06:43:20.0421 2720 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:43:20.0453 2720 ose - ok
06:43:20.0671 2720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
06:43:20.0703 2720 Parport - ok
06:43:20.0765 2720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:43:20.0796 2720 PartMgr - ok
06:43:20.0828 2720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:43:20.0859 2720 ParVdm - ok
06:43:21.0046 2720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:43:21.0062 2720 PCI - ok
06:43:21.0078 2720 PCIDump - ok
06:43:21.0125 2720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:43:21.0156 2720 PCIIde - ok
06:43:21.0203 2720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:43:21.0234 2720 Pcmcia - ok
06:43:21.0390 2720 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:43:21.0421 2720 perc2 - ok
06:43:21.0437 2720 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:43:21.0453 2720 perc2hib - ok
06:43:21.0531 2720 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:43:21.0531 2720 PlugPlay - ok
06:43:21.0640 2720 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:43:21.0656 2720 PolicyAgent - ok
06:43:21.0750 2720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:43:21.0781 2720 PptpMiniport - ok
06:43:21.0781 2720 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:43:21.0796 2720 ProtectedStorage - ok
06:43:21.0812 2720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:43:21.0843 2720 PSched - ok
06:43:21.0859 2720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:43:21.0875 2720 Ptilink - ok
06:43:22.0046 2720 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:43:22.0078 2720 ql1080 - ok
06:43:22.0109 2720 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:43:22.0140 2720 Ql10wnt - ok
06:43:22.0171 2720 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:43:22.0203 2720 ql12160 - ok
06:43:22.0390 2720 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:43:22.0421 2720 ql1240 - ok
06:43:22.0453 2720 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:43:22.0484 2720 ql1280 - ok
06:43:22.0515 2720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:43:22.0546 2720 RasAcd - ok
06:43:22.0593 2720 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
06:43:22.0625 2720 RasAuto - ok
06:43:22.0843 2720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:43:22.0875 2720 Rasl2tp - ok
06:43:22.0937 2720 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
06:43:22.0984 2720 RasMan - ok
06:43:23.0062 2720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:43:23.0093 2720 RasPppoe - ok
06:43:23.0234 2720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:43:23.0265 2720 Raspti - ok
06:43:23.0328 2720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:43:23.0359 2720 Rdbss - ok
06:43:23.0375 2720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:43:23.0406 2720 RDPCDD - ok
06:43:23.0453 2720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:43:23.0500 2720 rdpdr - ok
06:43:23.0687 2720 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:43:23.0703 2720 RDPWD - ok
06:43:23.0781 2720 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
06:43:23.0828 2720 RDSessMgr - ok
06:43:23.0968 2720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:43:24.0000 2720 redbook - ok
06:43:24.0062 2720 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
06:43:24.0109 2720 RemoteAccess - ok
06:43:24.0203 2720 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
06:43:24.0234 2720 RpcLocator - ok
06:43:24.0343 2720 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
06:43:24.0343 2720 RpcSs - ok
06:43:24.0500 2720 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
06:43:24.0531 2720 RSUSBSTOR - ok
06:43:24.0578 2720 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
06:43:24.0625 2720 RSVP - ok
06:43:24.0718 2720 RS_Service (8e250687e5f020cd337cc9d8252c0b56) C:\Program Files\Acer\Acer VCM\RS_Service.exe
06:43:24.0765 2720 RS_Service - ok
06:43:24.0906 2720 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:43:24.0906 2720 SamSs - ok
06:43:24.0968 2720 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
06:43:25.0015 2720 SCardSvr - ok
06:43:25.0046 2720 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
06:43:25.0078 2720 Schedule - ok
06:43:25.0171 2720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:43:25.0203 2720 Secdrv - ok
06:43:25.0359 2720 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
06:43:25.0406 2720 seclogon - ok
06:43:25.0437 2720 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
06:43:25.0437 2720 SENS - ok
06:43:25.0562 2720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
06:43:25.0593 2720 Serial - ok
06:43:25.0750 2720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:43:25.0765 2720 Sfloppy - ok
06:43:25.0828 2720 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
06:43:25.0890 2720 SharedAccess - ok
06:43:25.0937 2720 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:43:25.0937 2720 ShellHWDetection - ok
06:43:26.0031 2720 Simbad - ok
06:43:26.0078 2720 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:43:26.0109 2720 sisagp - ok
06:43:26.0234 2720 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
06:43:26.0328 2720 SkypeUpdate - ok
06:43:26.0546 2720 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:43:26.0578 2720 SLIP - ok
06:43:26.0656 2720 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
06:43:26.0671 2720 SmartDefragDriver - ok
06:43:26.0734 2720 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:43:26.0765 2720 Sparrow - ok
06:43:26.0968 2720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:43:27.0000 2720 splitter - ok
06:43:27.0062 2720 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:43:27.0093 2720 Spooler - ok
06:43:27.0140 2720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:43:27.0171 2720 sr - ok
06:43:27.0234 2720 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
06:43:27.0281 2720 srservice - ok
06:43:27.0484 2720 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:43:27.0531 2720 Srv - ok
06:43:27.0593 2720 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
06:43:27.0625 2720 SSDPSRV - ok
06:43:27.0765 2720 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
06:43:27.0765 2720 ssmdrv - ok
06:43:27.0890 2720 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
06:43:27.0937 2720 stisvc - ok
06:43:28.0000 2720 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:43:28.0031 2720 streamip - ok
06:43:28.0156 2720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:43:28.0171 2720 swenum - ok
06:43:28.0250 2720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:43:28.0296 2720 swmidi - ok
06:43:28.0312 2720 SwPrv - ok
06:43:28.0359 2720 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:43:28.0375 2720 symc810 - ok
06:43:28.0437 2720 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:43:28.0468 2720 symc8xx - ok
06:43:28.0609 2720 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:43:28.0640 2720 sym_hi - ok
06:43:28.0671 2720 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:43:28.0703 2720 sym_u3 - ok
06:43:28.0765 2720 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:43:28.0796 2720 SynTP - ok
06:43:29.0000 2720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:43:29.0031 2720 sysaudio - ok
06:43:29.0109 2720 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
06:43:29.0140 2720 SysmonLog - ok
06:43:29.0171 2720 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
06:43:29.0218 2720 TapiSrv - ok
06:43:29.0421 2720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:43:29.0468 2720 Tcpip - ok
06:43:29.0515 2720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:43:29.0531 2720 TDPIPE - ok
06:43:29.0562 2720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:43:29.0593 2720 TDTCP - ok
06:43:29.0781 2720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:43:29.0812 2720 TermDD - ok
06:43:29.0937 2720 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
06:43:29.0984 2720 TermService - ok
06:43:30.0093 2720 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:43:30.0093 2720 Themes - ok
06:43:30.0218 2720 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:43:30.0218 2720 TosIde - ok
06:43:30.0265 2720 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
06:43:30.0312 2720 TrkWks - ok
06:43:30.0453 2720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:43:30.0484 2720 Udfs - ok
06:43:30.0515 2720 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:43:30.0546 2720 ultra - ok
06:43:30.0593 2720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:43:30.0640 2720 Update - ok
06:43:30.0750 2720 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
06:43:30.0796 2720 upnphost - ok
06:43:30.0859 2720 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
06:43:30.0875 2720 UPS - ok
06:43:31.0046 2720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:43:31.0093 2720 usbccgp - ok
06:43:31.0156 2720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:43:31.0187 2720 usbehci - ok
06:43:31.0250 2720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:43:31.0281 2720 usbhub - ok
06:43:31.0453 2720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:43:31.0453 2720 usbprint - ok
06:43:31.0546 2720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:43:31.0562 2720 usbscan - ok
06:43:31.0609 2720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:43:31.0640 2720 USBSTOR - ok
06:43:31.0843 2720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:43:31.0875 2720 usbuhci - ok
06:43:31.0953 2720 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
06:43:32.0000 2720 usbvideo - ok
06:43:32.0046 2720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:43:32.0078 2720 VgaSave - ok
06:43:32.0250 2720 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:43:32.0250 2720 viaagp - ok
06:43:32.0312 2720 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:43:32.0328 2720 ViaIde - ok
06:43:32.0375 2720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:43:32.0406 2720 VolSnap - ok
06:43:32.0468 2720 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
06:43:32.0515 2720 VSS - ok
06:43:32.0687 2720 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
06:43:32.0734 2720 W32Time - ok
06:43:32.0937 2720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:43:32.0968 2720 Wanarp - ok
06:43:33.0046 2720 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:43:33.0109 2720 Wdf01000 - ok
06:43:33.0296 2720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:43:33.0343 2720 wdmaud - ok
06:43:33.0390 2720 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
06:43:33.0421 2720 WebClient - ok
06:43:33.0593 2720 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:43:33.0609 2720 winmgmt - ok
06:43:33.0718 2720 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
06:43:33.0781 2720 WinRM - ok
06:43:33.0968 2720 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:43:33.0984 2720 WmdmPmSN - ok
06:43:34.0109 2720 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
06:43:34.0125 2720 WmiAcpi - ok
06:43:34.0312 2720 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:43:34.0343 2720 WmiApSrv - ok
06:43:34.0484 2720 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
06:43:34.0562 2720 WMPNetworkSvc - ok
06:43:34.0765 2720 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:43:34.0781 2720 WpdUsb - ok
06:43:34.0968 2720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:43:35.0031 2720 WPFFontCache_v0400 - ok
06:43:35.0218 2720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:43:35.0250 2720 WS2IFSL - ok
06:43:35.0296 2720 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
06:43:35.0343 2720 wscsvc - ok
06:43:35.0515 2720 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:43:35.0531 2720 WSTCODEC - ok
06:43:35.0593 2720 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
06:43:35.0625 2720 wuauserv - ok
06:43:35.0796 2720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:43:35.0828 2720 WudfPf - ok
06:43:35.0875 2720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:43:35.0890 2720 WudfRd - ok
06:43:35.0937 2720 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
06:43:35.0968 2720 WudfSvc - ok
06:43:35.0984 2720 WWSPLIT - ok
06:43:36.0062 2720 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
06:43:36.0093 2720 WZCSVC - ok
06:43:36.0265 2720 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
06:43:36.0328 2720 xmlprov - ok
06:43:36.0375 2720 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
06:43:36.0437 2720 \Device\Harddisk0\DR0 - ok
06:43:36.0453 2720 Boot (0x1200) (6b1633d96a2f236c6d3ea917a83c5f1e) \Device\Harddisk0\DR0\Partition0
06:43:36.0453 2720 \Device\Harddisk0\DR0\Partition0 - ok
06:43:36.0453 2720 ============================================================
06:43:36.0453 2720 Scan finished
06:43:36.0453 2720 ============================================================
06:43:36.0484 1868 Detected object count: 0
06:43:36.0484 1868 Actual detected object count: 0
06:44:13.0437 1704 Deinitialize success

3. FSS LOG
Farbar Service Scanner Version: 01-03-2012
Ran by Acer (administrator) on 29-03-2012 at 06:44:46
Running from "C:\Documents and Settings\Acer\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000080000000A0000000600000007000000090000000B00000005000000
IpSec Tag value is correct.

**** End of log ****

4A. OTL LOG
OTL logfile created on: 3/29/2012 6:46:48 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Acer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 58.04% Memory free
4.82 Gb Paging File | 4.08 Gb Available in Paging File | 84.74% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 91.23 Gb Free Space | 65.62% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 23:20:09 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 13:33:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Acer\desktop\OTL.exe
PRC - [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/13 07:52:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
PRC - [2011/06/28 18:37:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/06 11:08:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 16:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/27 23:20:09 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/07 07:49:50 | 000,469,880 | ---- | M] () -- C:\Program Files\ManyCam\Bin\cximagecrt.dll
MOD - [2012/02/14 08:47:30 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/13 07:52:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/14 07:13:48 | 001,437,184 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2011/09/14 07:13:04 | 002,128,384 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2010/06/17 16:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/01/02 20:07:40 | 000,331,776 | ---- | M] () -- C:\WINDOWS\system\M3000Dex.dll
MOD - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (adobeactivefilemonitor4.0)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/10 20:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/06/28 18:37:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/06 11:08:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wwsplit.sys -- (WWSPLIT)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/13 16:52:33 | 005,788,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/03/13 16:52:30 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2012/03/13 16:52:27 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2012/02/22 06:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/02/02 05:31:29 | 000,058,648 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2012/01/11 02:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/12/13 07:52:37 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/28 18:37:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 18:37:12 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/26 19:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/22 00:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 01:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/20 16:53:18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph02104605l0344wu95w48423870
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 50 68 65 F8 16 CC 01 [binary data]
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\SearchScopes\{C9E0E529-5F70-435E-BF2E-BC9122BE88C9}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.5:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.ftp: "192.168.1.5"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.5"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.5"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.5"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Acer\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Acer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 15:11:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/27 23:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/14 08:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Acer\Application Data\Mozilla\Extensions
[2011/06/04 19:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\gdohlv8w.default\extensions
[2011/06/04 19:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\gdohlv8w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/14 08:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/27 23:20:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/27 23:20:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/27 23:20:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Acer\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Acer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Daily Islam = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgojfahbfogfjcgdbccaakaaejmfecao\1.3.4_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Keep My Opt-Outs = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Double Down Casino = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iggoeobjdnphmonphghdghcdifedijda\1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Quake = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhhihaachkplaijefllgkkieafnkalml\1.3.1_0\
CHR - Extension: Formula 1 Racer - 3D = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnjepddchjilhnlgdlffofmbjgncgldk\1.2.2_0\
CHR - Extension: Poppit = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Prince Of Persia = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pkekphggmdcjjkdapppokkonkknahkoh\1.0.3_0\

O1 HOSTS File: ([2012/03/26 17:12:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O3 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005..\Run: [E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_run] C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Acer\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E994C9-A455-480B-AD68-94F6A41A5B9B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/01 02:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: Athan - hkey= - key= - c:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_ - hkey= - key= - c:\documents and settings\acer\local settings\application data\google\chrome\application\chrome.exe (Google Inc.)
MsConfig - StartUpReg: E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_run - hkey= - key= - C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
MsConfig - StartUpReg: Garmin Lifetime Updater - hkey= - key= - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found
MsConfig - StartUpReg: {0228e555-4f9c-4e35-a3ec-b109a192b4c2} - hkey= - key= - c:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: ami0nt - File not found
NetSvcs: rtl8185 - File not found
NetSvcs: naiavfilter1 - File not found
NetSvcs: hmonitor - File not found
NetSvcs: mcdbus - File not found
NetSvcs: adobeactivefilemonitor4.0 - %systemroot%\system32\ZSMC211.dll File not found
NetSvcs: harmony - File not found
NetSvcs: wencrservice - File not found
NetSvcs: TMMEmu - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 00:42:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Acer\Recent
[2012/03/27 07:45:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/26 16:28:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/26 16:24:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/26 16:24:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/26 16:24:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/26 16:24:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/26 16:24:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/26 16:24:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/26 16:24:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Acer\Start Menu\Programs\Administrative Tools
[2012/03/26 16:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/03/26 13:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Acer\Application Data\Malwarebytes
[2012/03/26 13:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/26 13:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/26 13:54:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/26 13:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/26 13:38:40 | 004,445,462 | R--- | C] (Swearware) -- C:\Documents and Settings\Acer\Desktop\ComboFix.exe
[2012/03/26 13:35:10 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Acer\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/26 13:32:59 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Acer\Desktop\OTL.exe
[2012/03/26 00:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/25 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/03/25 21:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2012/03/25 21:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/03/25 21:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/03/24 09:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Acer\Local Settings\Application Data\Temp
[2012/03/18 22:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Acer\Contacts
[2012/03/17 12:34:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FA33E2F3-4250-473E-85C1-4E4E3BAB4252}
[2012/03/17 12:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AntiLogger
[2012/03/16 11:52:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2012/03/16 11:52:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2012/03/16 11:52:18 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2012/03/16 11:52:18 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2012/03/16 11:52:18 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2012/03/16 11:52:17 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/03/16 11:52:17 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2012/03/16 11:52:16 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/03/16 11:52:15 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/03/16 11:52:14 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/03/16 11:52:14 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/03/16 11:52:13 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/03/16 11:52:12 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/03/16 11:52:11 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/03/16 11:52:10 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/03/16 11:52:09 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/03/16 11:52:08 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/03/16 11:52:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2012/03/16 11:52:07 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/03/16 11:52:06 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/03/16 11:52:05 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/03/16 11:52:04 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/03/16 11:52:04 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/03/16 11:52:03 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/03/16 11:52:02 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/03/16 11:52:01 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2012/03/16 11:52:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2012/03/16 11:52:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2012/03/16 11:51:59 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/03/16 11:51:58 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2012/03/16 11:51:58 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/03/16 11:51:57 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2012/03/16 11:51:56 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/03/16 11:51:55 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/03/16 11:51:55 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/03/16 11:51:54 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/03/16 11:51:53 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/03/16 11:51:53 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/03/16 11:51:52 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/03/16 11:51:51 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/03/16 11:51:50 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/03/16 11:51:49 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2012/03/16 11:51:48 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/03/16 11:51:46 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2012/03/16 11:51:45 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2012/03/16 11:51:43 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2012/03/16 11:51:43 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2012/03/16 11:51:41 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2012/03/16 11:51:37 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2012/03/16 11:51:35 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2012/03/16 11:51:34 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2012/03/16 11:51:33 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2012/03/16 11:51:30 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2012/03/16 11:51:29 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2012/03/16 11:51:28 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2012/03/16 11:51:26 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2012/03/16 11:51:25 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2012/03/16 11:51:25 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2012/03/16 11:51:23 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2012/03/16 11:51:22 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2012/03/16 11:51:21 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2012/03/16 11:51:21 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2012/03/16 11:51:20 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2012/03/16 11:51:19 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2012/03/16 11:51:19 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2012/03/16 11:51:18 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2012/03/16 11:51:17 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2012/03/16 11:51:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2012/03/16 11:51:16 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2012/03/16 11:51:16 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2012/03/16 11:51:15 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2012/03/16 11:51:13 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2012/03/16 11:51:12 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2012/03/16 11:51:11 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2012/03/16 11:51:10 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2012/03/16 11:51:09 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2012/03/16 11:51:09 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2012/03/16 11:51:08 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2012/03/16 11:51:07 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2012/03/16 11:51:07 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2012/03/16 11:51:05 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2012/03/16 11:51:05 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2012/03/16 11:51:05 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2012/03/16 11:51:04 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2012/03/16 11:51:03 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2012/03/16 11:51:03 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2012/03/16 11:51:02 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2012/03/16 11:51:01 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2012/03/16 11:51:00 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/03/16 11:51:00 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/03/16 11:50:59 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/03/16 11:50:33 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/03/16 11:50:32 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/03/16 11:50:31 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/03/16 11:50:30 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/03/16 11:50:30 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/03/16 11:50:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/03/16 11:50:23 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2012/03/16 11:50:23 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2012/03/16 11:50:21 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2012/03/16 11:50:20 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2012/03/16 11:50:19 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2012/03/16 11:50:19 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2012/03/16 11:50:17 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2012/03/16 11:49:51 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/03/16 11:49:50 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/03/16 11:49:49 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/03/16 11:49:49 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/03/16 11:49:48 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/03/16 11:49:48 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/03/16 11:49:48 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/03/16 11:49:46 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/03/16 11:49:45 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/03/16 11:49:44 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/03/16 11:49:44 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/03/16 11:49:43 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/03/16 11:49:42 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/03/16 11:49:42 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/03/16 11:49:41 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/03/16 11:49:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/03/16 11:49:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/03/16 11:49:38 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/03/16 11:49:38 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/03/16 11:49:38 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/03/16 11:49:37 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2012/03/16 11:49:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/03/16 11:49:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/03/14 21:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/03/13 23:30:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/03/13 23:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Acer\Local Settings\Application Data\ManyCam
[2012/03/13 23:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Acer\Application Data\ManyCam
[2012/03/13 23:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
[2012/03/13 23:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/03/13 21:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/03/13 16:56:24 | 001,952,512 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcmwl5.sys
[2012/03/13 16:56:24 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devIA64.exe
[2012/03/13 16:56:24 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devAMD64.exe
[2012/03/13 16:56:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devcon.exe
[2012/03/13 16:56:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2012/03/13 16:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/03/06 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Acer\Application Data\Camfrog
[2012/03/06 20:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Acer\Local Settings\Application Data\CrashRpt
[2012/03/06 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Camfrog
[2012/03/04 21:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console
[2012/03/04 21:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\OverDrive Media Console
[2012/03/02 23:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Acer\Desktop\JDR BD 2012
[2012/02/28 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/02/28 19:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/29 06:55:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/29 00:17:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2857422465-3341562259-4179051517-1005UA.job
[2012/03/28 23:23:27 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/03/28 23:23:27 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2857422465-3341562259-4179051517-1005.job
[2012/03/28 23:23:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 23:23:24 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2012/03/28 22:17:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2857422465-3341562259-4179051517-1005Core.job
[2012/03/28 18:30:04 | 000,073,746 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\image1.jpg
[2012/03/28 09:28:54 | 000,508,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/28 09:28:54 | 000,090,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/28 09:24:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/28 09:24:35 | 000,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/27 17:27:05 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
[2012/03/26 18:17:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/26 17:12:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/26 16:28:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/26 13:54:23 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/26 13:39:22 | 004,445,462 | R--- | M] (Swearware) -- C:\Documents and Settings\Acer\Desktop\ComboFix.exe
[2012/03/26 13:37:03 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Acer\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/26 13:33:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Acer\Desktop\OTL.exe
[2012/03/24 13:50:54 | 000,225,278 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\HAPPY BIRTHDAY AUNT LISA_0003.jpg
[2012/03/24 13:50:46 | 000,087,897 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\HAPPY BIRTHDAY AUNT LISA_0002.jpg
[2012/03/24 13:49:25 | 000,096,000 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\HAPPY BIRTHDAY AUNT LISA_0001.jpg
[2012/03/22 22:20:25 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\Google Chrome.lnk
[2012/03/22 22:20:25 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/22 12:12:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2012/03/22 10:52:28 | 003,048,254 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\2011_d-40_website_fill-in_01242012.pdf
[2012/03/20 19:50:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/19 18:39:00 | 014,764,340 | ---- | M] () -- C:\Documents and Settings\Acer\My Documents\brazilian halal chicken.pdf
[2012/03/17 12:34:51 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zemana AntiLogger.lnk
[2012/03/17 11:43:46 | 000,034,704 | ---- | M] () -- C:\WINDOWS\syscall.dat
[2012/03/17 09:32:03 | 000,186,876 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\ST PATRICKS CARD.jpg
[2012/03/15 21:03:59 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\ManyCam.lnk
[2012/03/15 16:36:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2857422465-3341562259-4179051517-1005.job
[2012/03/15 08:32:16 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Acer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/14 17:16:08 | 000,275,686 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\Voice009.amr
[2012/03/13 22:51:37 | 000,038,722 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\Picture.jpg
[2012/03/13 16:52:35 | 009,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2012/03/13 16:52:35 | 001,482,752 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2012/03/13 16:52:35 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2012/03/13 16:52:35 | 000,290,816 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/03/13 16:52:35 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2012/03/13 16:52:33 | 005,788,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2012/03/13 16:52:32 | 000,122,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/03/13 16:52:32 | 000,040,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2012/03/13 16:52:30 | 002,168,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2012/03/13 16:52:30 | 001,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2012/03/13 16:52:27 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012/03/13 16:52:27 | 001,684,736 | ---- | M] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/03/13 16:52:27 | 000,278,528 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2012/03/13 16:52:27 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2012/03/13 16:52:13 | 000,123,780 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2012/03/13 16:52:13 | 000,001,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtkAcerM.dat
[2012/03/13 16:52:13 | 000,000,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2012/03/13 16:52:13 | 000,000,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2012/03/13 16:52:13 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2012/03/13 16:52:13 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2012/03/13 16:52:13 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2012/03/13 16:52:13 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2012/03/12 20:31:43 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\Glary Utilities.lnk
[2012/03/10 22:39:05 | 000,292,788 | ---- | M] () -- C:\Documents and Settings\Acer\Desktop\sun-solar-flare.jpg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/28 18:30:03 | 000,073,746 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\image1.jpg
[2012/03/28 09:24:35 | 000,302,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/26 16:28:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/26 16:28:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/26 16:24:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/26 16:24:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/26 16:24:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/26 16:24:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/26 16:24:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/26 13:54:23 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/24 13:47:11 | 000,225,278 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\HAPPY BIRTHDAY AUNT LISA_0003.jpg
[2012/03/24 13:47:09 | 000,087,897 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\HAPPY BIRTHDAY AUNT LISA_0002.jpg
[2012/03/24 13:47:07 | 000,096,000 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\HAPPY BIRTHDAY AUNT LISA_0001.jpg
[2012/03/22 10:52:27 | 003,048,254 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\2011_d-40_website_fill-in_01242012.pdf
[2012/03/19 18:38:58 | 014,764,340 | ---- | C] () -- C:\Documents and Settings\Acer\My Documents\brazilian halal chicken.pdf
[2012/03/17 11:43:46 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2012/03/17 11:43:42 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zemana AntiLogger.lnk
[2012/03/17 09:20:56 | 000,186,876 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\ST PATRICKS CARD.jpg
[2012/03/16 11:51:39 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/03/16 11:51:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/03/16 11:51:37 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/03/16 11:51:33 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/03/16 11:51:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/03/16 11:51:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/03/16 11:51:31 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/03/16 11:51:30 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/03/16 11:51:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/03/16 11:51:15 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/03/15 21:03:59 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\ManyCam.lnk
[2012/03/14 17:16:08 | 000,275,686 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\Voice009.amr
[2012/03/13 16:56:24 | 000,640,204 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2012/03/13 16:56:24 | 000,010,843 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2012/03/13 16:53:52 | 000,001,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkAcerM.dat
[2012/03/10 22:39:13 | 000,292,788 | ---- | C] () -- C:\Documents and Settings\Acer\Desktop\sun-solar-flare.jpg
[2012/03/06 23:15:47 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System\M3000Dex.dll
[2012/03/06 23:15:47 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2012/02/25 09:36:43 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/25 09:36:42 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/17 08:46:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/07 22:41:15 | 000,863,226 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2857422465-3341562259-4179051517-1005-0.dat
[2011/12/26 09:41:51 | 000,283,986 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/13 21:20:01 | 001,749,376 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2011/12/13 21:20:01 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2011/12/13 21:20:01 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2011/11/20 19:18:19 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/11/20 19:18:18 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/11/16 10:53:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BD8460N.DAT
[2011/11/16 10:52:38 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011/07/21 08:51:32 | 000,103,535 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/07/21 08:51:32 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/05/09 10:22:32 | 000,608,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 21:35:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/15 17:16:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/21 14:32:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/21 14:17:22 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Acer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 14:16:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/31 19:48:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/07/31 19:48:02 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/07/31 19:48:02 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/13 16:52:27 | 001,684,736 | ---- | M] (Creative) -- C:\WINDOWS\system32\drivers\Ambfilt.sys
[2012/02/22 06:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) -- C:\WINDOWS\system32\drivers\mcaudrv.sys
[2012/01/11 02:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) -- C:\WINDOWS\system32\drivers\mcvidrv.sys
[2012/03/13 16:52:30 | 001,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\Monfilt.sys
[2012/01/09 12:20:25 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2012/03/13 16:52:33 | 005,788,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/27 23:20:04 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/27 23:20:04 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/27 23:20:04 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/27 23:20:09 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/27 23:20:09 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/27 23:20:09 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 17:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 17:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/27 23:20:04 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/27 23:20:04 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/27 23:20:04 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/27 23:20:09 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/27 23:20:09 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/27 23:20:09 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 17:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 17:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >


4B. EXTRAS LOG
OTL Extras logfile created on: 3/29/2012 6:46:48 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Acer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 58.04% Memory free
4.82 Gb Paging File | 4.08 Gb Available in Paging File | 84.74% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 91.23 Gb Free Space | 65.62% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer VCM\VC.exe" = C:\Program Files\Acer\Acer VCM\VC.exe:*:Disabled:Acer Video Quality Enhancement -- (Acer Incoporated)
"C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome -- (Google Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v5.10.79.14_Foxconn Installation Program
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{285BA1C9-183C-40A3-A925-6078B82F01B3}" = Java Access Bridge
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67CDD5A0-C572-4D2C-A354-6492B51F4138}" = SlimDrivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AntiLogger" = AntiLogger
"Athan" = Athan Basic 4.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"ManyCam" = ManyCam 3.0.48 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Temp File Cleaner" = Temp File Cleaner
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2857422465-3341562259-4179051517-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2012 8:24:47 PM | Computer Name = ACER-PC | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 3/11/2012 1:02:42 AM | Computer Name = ACER-PC | Source = Application Error | ID = 1000
Description = Faulting application wwlite.exe, version 5.5.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x3e2c45f2.

Error - 3/11/2012 1:48:36 AM | Computer Name = ACER-PC | Source = Application Error | ID = 1000
Description = Faulting application wwlite.exe, version 5.5.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x3e2c45f2.

Error - 3/11/2012 3:24:07 AM | Computer Name = ACER-PC | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.5.0.192, faulting
module unknown, version 0.0.0.0, fault address 0xce8b0875.

Error - 3/11/2012 7:47:33 AM | Computer Name = ACER-PC | Source = Application Error | ID = 1000
Description = Faulting application wwlite.exe, version 5.5.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x3e2c45f2.

Error - 3/13/2012 12:11:52 AM | Computer Name = ACER-PC | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.5.0.192, faulting
module pdh.dll, version 5.1.2600.5773, fault address 0x00008821.

Error - 3/13/2012 9:11:41 PM | Computer Name = ACER-PC | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting
module msvcr80.dll, version 8.0.50727.6195, fault address 0x0000ed53.

Error - 3/20/2012 8:02:22 PM | Computer Name = ACER-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 17.0.963.79, faulting module
chrome.dll, version 17.0.963.79, fault address 0x0152da0e.

Error - 3/20/2012 9:31:32 PM | Computer Name = ACER-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 17.0.963.79, faulting module
chrome.dll, version 17.0.963.79, fault address 0x0001ba7f.

Error - 3/28/2012 9:25:48 AM | Computer Name = ACER-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 3/26/2012 4:43:09 PM | Computer Name = ACER-PC | Source = Service Control Manager | ID = 7023
Description = The VRADFIL service terminated with the following error: %%126

Error - 3/26/2012 5:12:09 PM | Computer Name = ACER-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Advanced SystemCare Service
5 service to connect.

Error - 3/26/2012 5:12:09 PM | Computer Name = ACER-PC | Source = Service Control Manager | ID = 7000
Description = The Advanced SystemCare Service 5 service failed to start due to the
following error: %%1053

Error - 3/26/2012 5:12:09 PM | Computer Name = ACER-PC | Source = Service Control Manager | ID = 7023
Description = The VRADFIL service terminated with the following error: %%126

Error - 3/27/2012 11:39:56 AM | Computer Name = ACER-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.34.94 on
the Network Card with network address 0C607654941A.

Error - 3/27/2012 11:40:05 AM | Computer Name = ACER-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0C607654941A. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 3/28/2012 9:24:52 AM | Computer Name = ACER-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Advanced SystemCare Service
5 service to connect.

Error - 3/28/2012 9:24:52 AM | Computer Name = ACER-PC | Source = Service Control Manager | ID = 7000
Description = The Advanced SystemCare Service 5 service failed to start due to the
following error: %%1053

Error - 3/28/2012 9:24:52 AM | Computer Name = ACER-PC | Source = Service Control Manager | ID = 7023
Description = The VRADFIL service terminated with the following error: %%126

Error - 3/28/2012 9:24:54 AM | Computer Name = ACER-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0C607654941A has been denied by the DHCP server 192.168.34.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:46 PM

Posted 29 March 2012 - 07:45 AM

Hi!

Thanks very much for your assistance. You folks do an amazing service.

Not a problem! I'm glad to be of assistance!

Comments: Yes my real banking information was indeed stolen 2 weeks ago and sold on the black market to someone in Spain. The fraud investigators concluded only that it happened on the net and included my full ATM plus security code, which I'd used in a web purchase in late February. I have since been using Zemana anti-logger in the hopes this might do something useful. This may/may not be related. Avira first announced the arrival of virus on 26 March.

Oh noes! I'm so sorry to hear that! I hope your bank was able to help you out with this and put a freeze on your account.

I'm going to be completely honest with you. If this were my computer, and my banking information was stolen, I'd reformat and re-install the operating system to ensure that I was starting over with a fresh system.

If you'd really like to continue cleaning up this computer, then I have no problem doing so, but I wanted to let you know what I'd do if this were my system.

Please let me know what you'd like to do.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 drjbkk

drjbkk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 29 March 2012 - 07:53 AM

I would like to attempt cleaning it first before completely throwing in the towel:)
Also, as this machine came preloaded (without physical disks), I'm not even sure where/how to procure the XP it came with. I'd also have to wait another week to actually get the ability to back up all my stuff:(

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:46 PM

Posted 29 March 2012 - 07:55 AM

Hi!

Also, as this machine came preloaded (without physical disks), I'm not even sure where/how to procure the XP it came with. I'd also have to wait another week to actually get the ability to back up all my stuff:(

Okay, not a problem.

I'm going through your logs right now. Should have some instructions for you to proceed with shortly.

ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:46 PM

Posted 29 March 2012 - 08:20 AM

Hi again!

Do you recognize this proxy that's set for Internet Explorer?

IE - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.5:3128

How about in Firefox?

FF - prefs.js..network.proxy.ftp: "192.168.1.5"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.5"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.5"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.5"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (adobeactivefilemonitor4.0)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
    O3 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    NetSvcs: ami0nt - File not found
    NetSvcs: rtl8185 - File not found
    NetSvcs: naiavfilter1 - File not found
    NetSvcs: hmonitor - File not found
    NetSvcs: mcdbus - File not found
    NetSvcs: adobeactivefilemonitor4.0 - %systemroot%\system32\ZSMC211.dll File not found
    NetSvcs: harmony - File not found
    NetSvcs: wencrservice - File not found
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
    
    :Reg
    
    :Files
    dir /s /a "C:\Documents and Settings\All Users\Application Data\{FA33E2F3-4250-473E-85C1-4E4E3BAB4252}" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:




Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 drjbkk

drjbkk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 29 March 2012 - 12:48 PM

Hi,

I've been attempting to do the first step since your messageTry as I may, RUN FIX in OTL is totally hung up. I close every application: Malwarebytes, Avira, literally everything except OTL. It just stays on the very first step of killing processes..for HOURS, restarting many times. I've never had problems running any of the bleeping computer programs but this one is not happening.

PS The proxy relates to the proxy in my office.

#9 drjbkk

drjbkk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 30 March 2012 - 07:45 AM

Hi, it's been a day so let me restate: OTL Run Fix gets hung up immediately during "Kill all processes". I have disabled or closed every application except OTL. I've tried it about 10 times with no success. This is the first time I've ever had a problem running a bleepingcomputer process. Please advise. I did not move on to Combofix or anything else, as I'm following your steps in order.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:46 PM

Posted 30 March 2012 - 08:21 AM

Hi drjbkk!

Sorry to hear you are experiencing issues with running the OTL fix.

I'm going to give you a new script to try below.

Also, thanks for that information regarding the proxy, I won't touch those settings then.

Please try to run this OTL fix for me. If it still won't run for you, please proceed with the ComboFix instructions for me.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    :OTL
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (adobeactivefilemonitor4.0)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
    O3 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    NetSvcs: ami0nt - File not found
    NetSvcs: rtl8185 - File not found
    NetSvcs: naiavfilter1 - File not found
    NetSvcs: hmonitor - File not found
    NetSvcs: mcdbus - File not found
    NetSvcs: adobeactivefilemonitor4.0 - %systemroot%\system32\ZSMC211.dll File not found
    NetSvcs: harmony - File not found
    NetSvcs: wencrservice - File not found
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
    [2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
    [2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
    [2012/03/13 16:56:24 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
    
    :Reg
    
    :Files
    dir /s /a "C:\Documents and Settings\All Users\Application Data\{FA33E2F3-4250-473E-85C1-4E4E3BAB4252}" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:




Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 drjbkk

drjbkk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 30 March 2012 - 08:53 AM

Sorry to say it still gets stuck on "killing processes. do not interrupt..." i wonder if there is something really obvious and stupid that i've overlooked, something i'm supposed to tick or untick, some setting on my machine i should/should not be running. in any case, i'll move on to Combofix now. The struggle continues!

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:46 PM

Posted 30 March 2012 - 09:11 AM

Hopefully the ComboFix scan will have some success. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 drjbkk

drjbkk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 30 March 2012 - 09:23 AM

Ahh, hang on, OTL is now functioning! It appears that Malwarebytes was the culprint. Even though I disabled it, it had a number of processes "running on startup" that I could not disable. I simply uninstalled and OTL flew through the process in one minute. So, I'm back to following your steps. The report is coming in just a moment, rebooting now.

#14 drjbkk

drjbkk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 30 March 2012 - 10:05 AM

The logs are HERE!

OTL:

:Services
:Processes
:OTL
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (adobeactivefilemonitor4.0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O3 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2857422465-3341562259-4179051517-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
NetSvcs: ami0nt - File not found
NetSvcs: rtl8185 - File not found
NetSvcs: naiavfilter1 - File not found
NetSvcs: hmonitor - File not found
NetSvcs: mcdbus - File not found
NetSvcs: adobeactivefilemonitor4.0 - %systemroot%\system32\ZSMC211.dll File not found
NetSvcs: harmony - File not found
NetSvcs: wencrservice - File not found
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4312_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2012/03/13 16:56:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4312_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2012/03/13 16:56:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2012/03/13 16:56:24 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini

:Reg

:Files
dir /s /a "C:\Documents and Settings\All Users\Application Data\{FA33E2F3-4250-473E-85C1-4E4E3BAB4252}" /c
ipconfig /flushdns /c
:Commands
[purity]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]



COMBOFIX LOG


ComboFix 12-03-26.02 - Acer 03/30/2012 10:31:58.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1564 [GMT -4:00]
Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\_otl\MovedFiles\03302012_102101\C_WINDOWS\system32\Desktop_.ini
c:\windows\iun6002.exe
c:\windows\Services.reg
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-29 13:33 . 2012-03-29 13:33 -------- d-----w- C:\_OTL
2012-03-28 03:20 . 2012-03-28 03:20 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-28 03:20 . 2012-03-28 03:20 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-26 20:30 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-03-26 17:54 . 2012-03-26 17:54 -------- d-----w- c:\documents and settings\Acer\Application Data\Malwarebytes
2012-03-26 17:54 . 2012-03-26 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-26 01:27 . 2012-03-26 01:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-03-26 01:27 . 2012-03-26 01:27 -------- d-----w- c:\program files\Windows Live
2012-03-26 01:26 . 2012-03-26 01:26 141399376 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB3.tmp
2012-03-24 13:50 . 2012-03-29 03:24 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\Temp
2012-03-23 16:32 . 2012-03-29 16:18 -------- d-----w- c:\windows\system32\wbem\Logs
2012-03-19 02:54 . 2012-03-19 02:54 -------- d-----w- c:\documents and settings\Acer\Contacts
2012-03-17 16:34 . 2012-03-17 16:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{FA33E2F3-4250-473E-85C1-4E4E3BAB4252}
2012-03-16 15:51 . 2001-08-17 17:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2012-03-16 15:50 . 2001-08-17 16:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2012-03-16 15:50 . 2001-08-17 17:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-03-16 15:50 . 2008-04-14 02:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2012-03-16 15:50 . 2001-08-17 16:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2012-03-16 15:50 . 2001-08-17 17:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2012-03-16 15:50 . 2001-08-17 16:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2012-03-16 15:50 . 2008-04-14 09:41 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3711 -c--a-w- c:\windows\system32\dllcache\adv09nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3135 -c--a-w- c:\windows\system32\dllcache\adv08nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3647 -c--a-w- c:\windows\system32\dllcache\adv07nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3967 -c--a-w- c:\windows\system32\dllcache\adv02nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 3615 -c--a-w- c:\windows\system32\dllcache\adv05nt5.dll
2012-03-16 15:50 . 2008-04-14 09:41 4255 -c--a-w- c:\windows\system32\dllcache\adv01nt5.dll
2012-03-15 01:24 . 2012-03-15 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2012-03-14 03:15 . 2012-03-16 01:04 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\ManyCam
2012-03-14 03:15 . 2012-03-16 01:04 -------- d-----w- c:\documents and settings\Acer\Application Data\ManyCam
2012-03-14 03:15 . 2012-03-16 01:03 -------- d-----w- c:\program files\ManyCam
2012-03-14 03:15 . 2012-03-14 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-03-14 01:02 . 2012-03-26 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-03-13 20:56 . 2012-03-13 20:56 -------- d-----w- c:\windows\Options
2012-03-13 20:56 . 2012-03-13 20:56 -------- d-----w- c:\program files\Broadcom
2012-03-13 20:56 . 2009-02-20 20:53 1952512 ----a-w- c:\windows\system32\bcmwl5.sys
2012-03-13 20:56 . 2006-10-18 11:23 92672 ----a-w- c:\windows\system32\devIA64.exe
2012-03-13 20:56 . 2006-10-18 11:23 70144 ----a-w- c:\windows\system32\devAMD64.exe
2012-03-13 20:56 . 2006-10-18 11:23 55808 ----a-w- c:\windows\system32\devcon.exe
2012-03-13 20:53 . 2012-03-13 20:52 1496 ----a-w- c:\windows\system32\drivers\RtkAcerM.dat
2012-03-07 03:15 . 2009-01-03 00:07 331776 ------w- c:\windows\system\M3000Dex.dll
2012-03-07 03:15 . 2007-07-13 19:49 233472 ------w- c:\windows\system32\M3000DIF.dll
2012-03-07 00:48 . 2012-03-07 00:53 -------- d-----w- c:\documents and settings\Acer\Application Data\Camfrog
2012-03-07 00:48 . 2012-03-07 00:48 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\CrashRpt
2012-03-07 00:47 . 2012-03-07 03:56 -------- d-----w- c:\program files\Camfrog
2012-03-05 01:59 . 2012-03-05 01:59 -------- d-----w- c:\program files\OverDrive Media Console
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 20:52 . 2009-08-01 08:48 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-03-13 20:52 . 2009-08-01 08:48 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2012-03-13 20:52 . 2009-08-01 08:48 290816 ----a-w- c:\windows\vncutil.exe
2012-03-13 20:52 . 2009-08-01 08:48 1826816 ----a-w- c:\windows\SkyTel.exe
2012-03-13 20:52 . 2009-08-01 08:48 1482752 ----a-w- c:\windows\RtlUpd.exe
2012-03-13 20:52 . 2009-08-01 08:48 9715200 ----a-w- c:\windows\RTLCPL.EXE
2012-03-13 20:52 . 2009-08-01 08:48 5788672 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-03-13 20:52 . 2009-08-01 08:48 40960 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2012-03-13 20:52 . 2009-08-01 08:48 122880 ----a-w- c:\windows\RtkAudioService.exe
2012-03-13 20:52 . 2009-08-01 08:48 18665472 ----a-w- c:\windows\RTHDCPL.EXE
2012-03-13 20:52 . 2009-08-01 08:48 2168320 ----a-w- c:\windows\MicCal.exe
2012-03-13 20:52 . 2009-08-01 08:48 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-03-13 20:52 . 2009-08-01 08:48 278528 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2012-03-13 20:52 . 2009-08-01 08:48 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-03-13 20:52 . 2009-08-01 08:48 57344 ----a-w- c:\windows\ALCMTR.EXE
2012-03-13 20:52 . 2009-08-01 08:48 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2012-02-22 10:34 . 2012-02-22 10:34 22400 ----a-w- c:\windows\system32\drivers\mcaudrv.sys
2012-02-14 12:47 . 2011-07-05 13:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2009-08-01 07:34 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-17 12:46 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-11 06:11 . 2012-01-11 06:11 32000 ----a-w- c:\windows\system32\drivers\mcvidrv.sys
2012-01-09 16:20 . 2009-08-01 06:51 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-28 03:20 . 2012-02-14 12:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_run"="c:\documents and settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-03-21 1049072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-13 18665472]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
2011-11-20 06:37 1183744 ----a-w- c:\program files\Athan\Athan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_]
2012-03-21 12:21 1049072 ----a-w- c:\documents and settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_run]
2012-03-21 12:21 1049072 ----a-w- c:\documents and settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 21:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-08-28 14:32 1557800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
"Google Update"="c:\documents and settings\Acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AzMixerSel"=c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
"Athan"=c:\program files\Athan\Athan.exe
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IJNetworkScanUtility"=c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Garmin Lifetime Updater"=c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Documents and Settings\\Acer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Acer\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [11/20/2011 7:18 PM 14776]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2/2/2012 5:31 AM 58648]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/21/2011 2:45 PM 136360]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 5:35 AM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 3:35 AM 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [1/2/2009 7:33 PM 145408]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [1/11/2012 2:11 AM 32000]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2/22/2012 6:34 AM 22400]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/18/2011 1:40 AM 490840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2011 1:32 PM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 2:30 PM 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 4:48 AM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2011 1:32 PM 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/1/2009 4:43 AM 162816]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/1/2009 3:34 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S3 WWSPLIT;Willing Webcam WDM Driver;c:\windows\system32\DRIVERS\wwsplit.sys --> c:\windows\system32\DRIVERS\wwsplit.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tmmemu
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-21 03:31]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 17:32]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 17:32]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2857422465-3341562259-4179051517-1005Core.job
- c:\documents and settings\Acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-21 17:31]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2857422465-3341562259-4179051517-1005UA.job
- c:\documents and settings\Acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-21 17:31]
.
2012-03-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-03-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2857422465-3341562259-4179051517-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2857422465-3341562259-4179051517-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph02104605l0344wu95w48423870
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 192.168.1.5:3128
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Acer\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.5
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\fdzbxieo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 192.168.1.5
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 192.168.1.5
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.1.5
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.1.5
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Athan - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 10:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-30 10:45:03
ComboFix-quarantined-files.txt 2012-03-30 14:45
ComboFix2.txt 2012-03-26 21:18
.
Pre-Run: 98,198,470,656 bytes free
Post-Run: 98,171,994,112 bytes free
.
- - End Of File - - B5572CB34D044E3DBF0CAB4FF7A06B2D

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:46 PM

Posted 31 March 2012 - 07:30 AM

Hi!

Glad to hear that you were able to get OTL to run.

We need to run a script with ComboFix now.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
NetSvc::
ami0nt
rtl8185
naiavfilter1
hmonitor
adobeactivefilemonitor4.0
harmony
tmmemu
mcdbus
wencrservice
Driver::
ami0nt
rtl8185
naiavfilter1
hmonitor
adobeactivefilemonitor4.0
harmony
tmmemu
mcdbus
wencrservice
File::
C:\WINDOWS\System32\4328_Update32D.BAT
C:\WINDOWS\System32\4328_Update32C.BAT
C:\WINDOWS\System32\4318_0312_Update32D.BAT
C:\WINDOWS\System32\4318_0312_Update32C.BAT
C:\WINDOWS\System32\4318_0311_Update32D.BAT
C:\WINDOWS\System32\4318_0311_Update32C.BAT
C:\WINDOWS\System32\4315_Update32D.BAT
C:\WINDOWS\System32\4315_Update32C.BAT
C:\WINDOWS\System32\4312_Update32D.BAT
C:\WINDOWS\System32\4312_Update32C.BAT
C:\WINDOWS\System32\4311_Update32D.BAT
C:\WINDOWS\System32\4311_Update32C.BAT
C:\WINDOWS\System32\4328_Remove32D.BAT
C:\WINDOWS\System32\4328_Remove32C.BAT
C:\WINDOWS\System32\4318_0312_Remove32D.BAT
C:\WINDOWS\System32\4318_0312_Remove32C.BAT
C:\WINDOWS\System32\4318_0311_Remove32D.BAT
C:\WINDOWS\System32\4318_0311_Remove32C.BAT
C:\WINDOWS\System32\4315_Remove32D.BAT
C:\WINDOWS\System32\4315_Remove32C.BAT
C:\WINDOWS\System32\4312_Remove32D.BAT
C:\WINDOWS\System32\4312_Remove32C.BAT
C:\WINDOWS\System32\4311_Remove32D.BAT
C:\WINDOWS\System32\4311_Remove32C.BAT
C:\WINDOWS\System32\Desktop_.ini
DirLook::
c:\documents and settings\All Users\Application Data\{FA33E2F3-4250-473E-85C1-4E4E3BAB4252}

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users