Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with MyStart by IncrediBar...Maybe?


  • This topic is locked This topic is locked
14 replies to this topic

#1 Aaron_301

Aaron_301

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 05 June 2012 - 08:47 PM

I recently found out that I was infected with MyStart by IncrediBar. I think I have removed it, but I can't tell. I'm hoping someone can help me determine if it is gone, and remove it if it isn't.

Any help is appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Aaron at 19:57:55 on 2012-06-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3835.1230 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
c:\ADB.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb161?a=6PQzB3FeGQ&i=26
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5551&r=27361011q725l04g4z165t5622n34p
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5551&r=27361011q725l04g4z165t5622n34p
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5551&r=27361011q725l04g4z165t5622n34p
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - McAfee Phishing Filter
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [0B32563033AA16DC66E6B0700A375B6E341016C4._service_run] "C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Hide IP Easy] C:\Program Files (x86)\HideIPEasy\HideIPEasy.exe
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1FAC98D8-305F-4712-8BB2-6F6DD61317C7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1FAC98D8-305F-4712-8BB2-6F6DD61317C7}\141425F4E4D20534F5E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1FAC98D8-305F-4712-8BB2-6F6DD61317C7}\34861627C6F6E676 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7AAF508A-41B8-41E3-9CD1-AAA137ECDB36} : DhcpNameServer = 192.168.42.129
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - McAfee Phishing Filter
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 AvgTdiA;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-2 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-6 865824]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-24 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-25 116648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-13 257696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-25 116648]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-05 23:34:21 -------- dc----w- C:\Users\Aaron\AppData\Local\BuildAGadget Content
2012-06-05 22:33:42 -------- dc----w- C:\Users\Aaron\AppData\Local\{BFF034F3-E43C-42A1-9D99-5899429CBF61}
2012-06-05 22:33:28 -------- dc----w- C:\Users\Aaron\AppData\Local\{D3137D0E-1E9B-4D9A-8F6C-10C97012DA11}
2012-06-05 02:36:32 -------- dc----w- C:\Users\Aaron\AppData\Local\{988A1CE4-2040-479B-AAD3-562052BCFCD7}
2012-06-05 02:36:19 -------- dc----w- C:\Users\Aaron\AppData\Local\{AB9160A2-7AC2-46E0-B667-EEE405F316A4}
2012-06-04 14:36:04 -------- dc----w- C:\Users\Aaron\AppData\Local\{27D54DBF-A252-4633-A67F-E4D695AAC8A0}
2012-06-04 14:35:52 -------- dc----w- C:\Users\Aaron\AppData\Local\{FD7BB151-1A1E-4AA2-8E47-FCD4A51AF703}
2012-06-04 02:35:39 -------- dc----w- C:\Users\Aaron\AppData\Local\{EE0CA02D-9560-402F-A9A0-8A3F73D8F3C6}
2012-06-04 02:35:28 -------- dc----w- C:\Users\Aaron\AppData\Local\{CB86EF68-5673-4CCD-A891-029176FF7270}
2012-06-03 14:35:14 -------- dc----w- C:\Users\Aaron\AppData\Local\{86110FD1-0520-4896-82C2-E8A0EAEE9B88}
2012-06-03 14:35:07 -------- dc----w- C:\Users\Aaron\AppData\Local\{85EC9237-B9E3-4D88-B16E-D9C059DB159A}
2012-06-03 02:03:13 -------- dc----w- C:\Users\Aaron\AppData\Local\{2365FE02-EB2A-48B0-99FF-0B8E16795BB5}
2012-06-03 02:03:01 -------- dc----w- C:\Users\Aaron\AppData\Local\{BD7AFCC7-596A-4086-A85B-986E8AA08D9A}
2012-06-02 14:02:45 -------- dc----w- C:\Users\Aaron\AppData\Local\{2018758B-8FF0-4593-9A0D-A1C1099EDC84}
2012-06-02 14:02:33 -------- dc----w- C:\Users\Aaron\AppData\Local\{18C7B9A9-64B6-4FDB-A21A-803326719F37}
2012-06-01 20:12:43 -------- dc----w- C:\Users\Aaron\AppData\Local\{D3A5CD2E-95CF-4285-96FD-9EBD443897C3}
2012-06-01 20:12:30 -------- dc----w- C:\Users\Aaron\AppData\Local\{86FC565A-488B-4EE1-86A3-1952E989220F}
2012-05-31 20:30:15 -------- dc----w- C:\Users\Aaron\AppData\Local\{4AB13427-85DE-4A08-A074-6B88E2728EEC}
2012-05-31 20:29:45 -------- dc----w- C:\Users\Aaron\AppData\Local\{816279CA-1C42-4E3E-B76E-B896AB8BA65B}
2012-05-30 21:36:51 -------- dc----w- C:\Users\Aaron\AppData\Local\{1E161DCC-8B1A-42D8-8012-12D82322F7CE}
2012-05-30 21:36:38 -------- dc----w- C:\Users\Aaron\AppData\Local\{96011691-A870-4B59-9381-87529AE478B0}
2012-05-29 20:25:16 -------- dc----w- C:\Users\Aaron\AppData\Local\{B0B5CD28-10F5-47B3-AD4F-1DF31A05C537}
2012-05-29 20:24:23 -------- dc----w- C:\Users\Aaron\AppData\Local\{D24BF63B-03B8-4782-AD27-B04B9415C262}
2012-05-28 21:18:48 -------- dc----w- C:\Users\Aaron\AppData\Local\{86322E27-A5F8-4378-8985-004BA1CADCBE}
2012-05-28 21:18:33 -------- dc----w- C:\Users\Aaron\AppData\Local\{C8D272F1-D6A5-40AB-B646-5FF3FDF1124F}
2012-05-28 02:51:35 -------- dc----w- C:\Users\Aaron\AppData\Local\{F0FD3973-38AB-46BC-9CB5-00FE57E6F229}
2012-05-28 02:51:24 -------- dc----w- C:\Users\Aaron\AppData\Local\{056DEF2F-5840-48C8-B1DB-E7C2A849EBDE}
2012-05-27 14:51:10 -------- dc----w- C:\Users\Aaron\AppData\Local\{949374AC-7882-4E0A-B7C3-93004413F5DD}
2012-05-27 14:50:53 -------- dc----w- C:\Users\Aaron\AppData\Local\{D9777B20-A607-4E4F-9FD6-22EBA7918807}
2012-05-27 02:38:35 -------- dc----w- C:\Users\Aaron\AppData\Local\{4B4FACB1-1655-405D-9104-FF86F5CF6FF6}
2012-05-27 02:38:24 -------- dc----w- C:\Users\Aaron\AppData\Local\{3C2DE3BA-7935-45E7-9B5E-A1FB0C391AE2}
2012-05-26 17:14:20 -------- dc----w- C:\Users\Aaron\.thumbnails
2012-05-26 17:04:33 -------- dc----w- C:\Users\Aaron\AppData\Local\fontconfig
2012-05-26 17:04:31 -------- dc----w- C:\Users\Aaron\AppData\Local\gegl-0.2
2012-05-26 17:04:31 -------- dc----w- C:\Users\Aaron\.gimp-2.8
2012-05-26 17:02:51 -------- dc----w- C:\Program Files\GIMP 2
2012-05-26 14:38:06 -------- dc----w- C:\Users\Aaron\AppData\Local\{DE27B135-AC07-4C20-9110-1BBCA88ACE2D}
2012-05-26 14:37:54 -------- dc----w- C:\Users\Aaron\AppData\Local\{9A695AEB-80FD-4D12-8D6A-9801AB09F0E6}
2012-05-25 22:08:43 -------- dc----w- C:\Users\Aaron\AppData\Local\{41235A8C-4388-48DD-B5B7-170047C78BE2}
2012-05-25 22:08:32 -------- dc----w- C:\Users\Aaron\AppData\Local\{05182908-7877-4AD2-B979-A4AEE2262A4C}
2012-05-24 21:55:29 -------- dc----w- C:\Users\Aaron\AppData\Local\{DE9BE06B-180C-4120-BACE-C60E48D8B8B8}
2012-05-24 21:55:17 -------- dc----w- C:\Users\Aaron\AppData\Local\{538F24A5-C01A-4666-889E-246F1E6D7EEE}
2012-05-23 21:22:29 -------- dc----w- C:\Users\Aaron\AppData\Local\{1DBED319-1BF4-44D6-B948-C8D66EDA9633}
2012-05-23 21:22:14 -------- dc----w- C:\Users\Aaron\AppData\Local\{839D1341-0C86-4C37-9C5E-FC95DB71A22B}
2012-05-22 21:37:07 -------- dc----w- C:\Users\Aaron\AppData\Local\{F8DDD621-7F95-4FDE-A355-65BD7DFCAFA4}
2012-05-22 21:36:45 -------- dc----w- C:\Users\Aaron\AppData\Local\{29564B9E-5E5E-4634-8529-346C26B89E1C}
2012-05-22 02:58:55 -------- dc----w- C:\Users\Aaron\AppData\Local\{C3111617-B78D-4D34-BD15-76836DF23B84}
2012-05-22 02:58:43 -------- dc----w- C:\Users\Aaron\AppData\Local\{75AD7E69-13C1-4839-875B-0C4C95FDE27C}
2012-05-21 14:58:29 -------- dc----w- C:\Users\Aaron\AppData\Local\{FAD6279F-F3AD-4C67-97A5-1F6D4DFE21EC}
2012-05-21 14:58:18 -------- dc----w- C:\Users\Aaron\AppData\Local\{A6D49582-DB71-4B12-BA12-D16B2BB902DA}
2012-05-21 02:58:00 -------- dc----w- C:\Users\Aaron\AppData\Local\{70563DC9-B168-40DD-AC26-1C6AEA5D9947}
2012-05-21 02:57:43 -------- dc----w- C:\Users\Aaron\AppData\Local\{7EF52657-E936-4A1F-BD28-2102EB2DFFAC}
2012-05-20 14:57:30 -------- dc----w- C:\Users\Aaron\AppData\Local\{923AA694-1140-4358-8710-4FCB1982A19F}
2012-05-20 14:57:19 -------- dc----w- C:\Users\Aaron\AppData\Local\{DB261473-0776-4E9A-8A26-4DBF9852B42A}
2012-05-20 02:57:00 -------- dc----w- C:\Users\Aaron\AppData\Local\{D54E7465-D910-4E47-96D9-1EC2426A0E4D}
2012-05-20 02:56:48 -------- dc----w- C:\Users\Aaron\AppData\Local\{F97C9178-F0BB-4C25-BEDE-5FB4C873A718}
2012-05-19 14:57:11 -------- dc----w- C:\Users\Aaron\AppData\Local\{E7D0F772-75DA-4B6A-91C2-111676FDA989}
2012-05-18 23:14:00 -------- dc----w- C:\Users\Aaron\AppData\Local\{50AA5C5D-BB52-4915-9777-E7F1BCE2818D}
2012-05-18 23:13:48 -------- dc----w- C:\Users\Aaron\AppData\Local\{2F621D36-553E-4921-89FA-812D985B1BBF}
2012-05-18 11:13:34 -------- dc----w- C:\Users\Aaron\AppData\Local\{9518FEDA-91FA-4987-8142-9F19A66B583D}
2012-05-18 11:13:22 -------- dc----w- C:\Users\Aaron\AppData\Local\{C68CB10F-406D-4AD0-859B-97A31142EB25}
2012-05-17 18:44:31 -------- dc----w- C:\Users\Aaron\AppData\Local\{8EFE62AA-BB4A-41F9-8C51-EA1A009D65A5}
2012-05-17 18:44:19 -------- dc----w- C:\Users\Aaron\AppData\Local\{D1C9ADE6-1E41-4EA4-97F9-B6C41921B773}
2012-05-16 21:42:42 -------- dc----w- C:\Users\Aaron\AppData\Local\{99D9A5EF-C538-4D00-83A5-9279A3DD1787}
2012-05-16 21:42:31 -------- dc----w- C:\Users\Aaron\AppData\Local\{24F3B7FC-88ED-4E8C-A01A-C1040F86E8B7}
2012-05-16 09:42:18 -------- dc----w- C:\Users\Aaron\AppData\Local\{2BA1C78A-E7AF-4883-85E8-63C8AC181EC4}
2012-05-16 09:42:06 -------- dc----w- C:\Users\Aaron\AppData\Local\{9143464C-BC85-43B3-90D7-28EA718B886B}
2012-05-15 21:41:54 -------- dc----w- C:\Users\Aaron\AppData\Local\{F4B07888-CB09-4E32-BA39-442854495BAF}
2012-05-15 21:41:41 -------- dc----w- C:\Users\Aaron\AppData\Local\{BCD2D2F8-C897-43B4-A8A1-7DD12A1857D1}
2012-05-14 22:16:13 -------- dc----w- C:\Users\Aaron\AppData\Local\{1ED54D46-48AB-4EAD-B170-88104A7F19B7}
2012-05-14 22:15:37 -------- dc----w- C:\Users\Aaron\AppData\Local\{9F901CAC-F849-4810-8D3C-B50B95984561}
2012-05-14 02:37:53 -------- dc----w- C:\Users\Aaron\AppData\Local\{34833BCA-459C-46A5-9CA5-AAEF8768E1FE}
2012-05-14 02:37:41 -------- dc----w- C:\Users\Aaron\AppData\Local\{AF9ACB57-F940-4BEF-9FBE-5A45B40B2340}
2012-05-13 15:20:59 419488 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-13 14:37:26 -------- dc----w- C:\Users\Aaron\AppData\Local\{FFA2F592-74B8-4D55-A613-DC67DC021302}
2012-05-13 14:37:15 -------- dc----w- C:\Users\Aaron\AppData\Local\{72C0CBB5-8485-492E-AB50-74BBECDAC0EF}
2012-05-13 02:37:00 -------- dc----w- C:\Users\Aaron\AppData\Local\{5B87205E-8ACC-48B4-B4E1-EC99986E5E15}
2012-05-13 02:36:48 -------- dc----w- C:\Users\Aaron\AppData\Local\{979C8AAB-26F1-4564-992B-EF5E74318F21}
2012-05-12 14:36:34 -------- dc----w- C:\Users\Aaron\AppData\Local\{64D0A240-CCA0-4687-B00A-0EF70520AA67}
2012-05-12 14:36:21 -------- dc----w- C:\Users\Aaron\AppData\Local\{D0A3405B-DC8B-47F7-8DA6-5A6BA9999E1B}
2012-05-11 23:12:08 -------- dc----w- C:\Program Files (x86)\ooVoo
2012-05-11 20:30:45 -------- dc----w- C:\Users\Aaron\AppData\Local\{8BC128E3-F557-4129-83A1-1A180A66DAED}
2012-05-11 20:30:33 -------- dc----w- C:\Users\Aaron\AppData\Local\{02BFC6D6-47B6-475D-ACEE-B973C3DB50DE}
2012-05-10 21:03:06 -------- dc----w- C:\Users\Aaron\AppData\Local\{85FFA750-5375-4042-B008-2AB3A568DE39}
2012-05-10 21:02:54 -------- dc----w- C:\Users\Aaron\AppData\Local\{5D1CAB3A-CB4B-4371-952D-8438BBAE0E4B}
2012-05-09 21:03:05 -------- dc----w- C:\Users\Aaron\AppData\Local\{28595E30-D850-4C67-BC2D-F45AC8B42741}
2012-05-09 21:01:04 -------- dc----w- C:\Users\Aaron\AppData\Local\{9CE18606-F443-413E-8EB4-8AB25BB8B2F9}
2012-05-08 19:32:10 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-08 19:32:10 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-08 19:32:08 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-08 19:32:07 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-08 19:32:06 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-08 19:32:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-08 19:31:37 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-08 19:31:25 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-08 19:31:23 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:31:23 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-08 19:31:23 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-08 19:31:23 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-08 19:31:23 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:17:44 -------- dc----w- C:\Users\Aaron\AppData\Local\{7BE629E8-AE9E-40DD-A382-C39AF9FF7F44}
2012-05-08 19:17:31 -------- dc----w- C:\Users\Aaron\AppData\Local\{726D4CCF-9FD9-44A3-A76A-8B41894C4828}
2012-05-07 22:06:57 -------- dc----w- C:\Users\Aaron\AppData\Local\{A0891417-84DF-4263-8E3D-681526D73F2D}
2012-05-07 22:06:41 -------- dc----w- C:\Users\Aaron\AppData\Local\{4BBAD455-290D-42F9-AC16-51CB77E805DB}
2012-05-07 03:19:21 -------- dc----w- C:\Users\Aaron\AppData\Local\{8639DE04-3694-468D-8CB2-E45C8715EA90}
2012-05-07 03:19:08 -------- dc----w- C:\Users\Aaron\AppData\Local\{6A1B312A-069C-42FC-897E-49381FE6C87C}
.
==================== Find3M ====================
.
2012-05-13 15:20:59 70304 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-12 20:49:08 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 20:49:08 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 20:49:07 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 20:49:07 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 20:49:07 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 20:49:07 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 20:49:07 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 01:47:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-11 01:47:55 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-04-11 01:47:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-04-11 01:47:55 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-04-11 01:47:55 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-04-11 01:47:55 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-04-11 01:47:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-11 01:47:54 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-03-13 23:23:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 23:23:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 23:23:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 23:20:04 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 23:20:04 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 23:20:04 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 23:20:04 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 01:34:35 472808 -c--a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-08 22:50:28 49016 -c--a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:40:52 48488 -c--a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-03-08 22:37:20 302448 -c--a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 19:59:29.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 AM

Posted 06 June 2012 - 02:52 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Aaron_301

Aaron_301
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 06 June 2012 - 08:45 PM

Below are my logs from Combofix and Security Check.

It seemed to take forever for Combofix to get to the log, although it might be designed that way; I'm unsure. As for how my computer is doing, I haven't noticed any slowing down or any redirects since I first deleted some of the MyStart yesterday, so I haven't noticed a difference since I first yet.

Security Check:
Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG PC Tuneup 2011
Java™ 6 Update 31
Java version out of date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.17
Google Chrome 20.0.1132.21
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

Combofix:
ComboFix 12-06-06.02 - Aaron 06/06/2012 19:51:46.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3835.2511 [GMT -4:00]
Running from: c:\users\Aaron\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))
.
.
2012-06-07 00:04 . 2012-06-07 00:04 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-06-06 00:56 . 2012-06-06 00:58 -------- dc----w- c:\users\Aaron\AppData\Roaming\Cloudfogger
2012-06-06 00:56 . 2012-06-06 00:56 -------- dc----w- c:\users\Aaron\AppData\Local\CrashRpt
2012-06-06 00:55 . 2012-02-07 01:28 350096 -c--a-w- c:\windows\system32\drivers\cbfs3.sys
2012-06-06 00:55 . 2011-12-12 21:06 829264 -c--a-w- c:\windows\system32\MSVCR100.dll
2012-06-06 00:55 . 2011-12-12 21:06 608080 -c--a-w- c:\windows\system32\MSVCP100.dll
2012-06-06 00:55 . 2012-06-06 00:55 -------- dc----w- c:\program files\Cloudfogger
2012-06-05 23:34 . 2012-06-05 23:34 -------- dc----w- c:\users\Aaron\AppData\Local\BuildAGadget Content
2012-06-05 23:32 . 2012-06-05 23:32 451 -c--a-w- C:\user.js
2012-05-26 17:14 . 2012-05-26 17:14 -------- dc----w- c:\users\Aaron\.thumbnails
2012-05-26 17:04 . 2012-05-26 17:04 -------- dc----w- c:\users\Aaron\AppData\Local\fontconfig
2012-05-26 17:04 . 2012-05-26 17:15 -------- dc----w- c:\users\Aaron\.gimp-2.8
2012-05-26 17:04 . 2012-05-26 17:04 -------- dc----w- c:\users\Aaron\AppData\Local\gegl-0.2
2012-05-26 17:02 . 2012-05-26 17:04 -------- dc----w- c:\program files\GIMP 2
2012-05-13 15:21 . 2012-05-13 15:21 -------- dc----w- c:\programdata\Yahoo! Companion
2012-05-13 15:20 . 2012-05-13 15:20 419488 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-13 15:20 . 2012-05-20 20:01 -------- dc----w- c:\programdata\Yahoo!
2012-05-11 23:12 . 2012-05-11 23:12 -------- dc----w- c:\program files (x86)\ooVoo
2012-05-08 19:32 . 2012-05-09 03:29 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 19:32 . 2012-05-09 03:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-08 19:32 . 2012-05-09 03:28 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 19:32 . 2012-05-09 03:28 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 19:32 . 2012-05-09 03:28 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 19:32 . 2012-05-09 03:28 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 19:31 . 2012-05-09 03:10 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 19:31 . 2012-05-09 03:08 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 19:31 . 2012-05-09 03:08 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:31 . 2012-05-09 03:08 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-08 19:31 . 2012-05-09 03:08 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-08 19:31 . 2012-05-09 03:08 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 19:31 . 2012-05-09 03:08 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 19:18 . 2012-05-08 19:18 -------- dc----w- c:\users\Default\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 15:20 . 2011-10-15 00:11 70304 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-12 20:49 . 2012-04-12 20:49 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 20:49 . 2012-04-12 20:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 20:49 . 2012-04-12 20:49 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 20:49 . 2012-04-12 20:49 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 20:49 . 2012-04-12 20:49 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:49 . 2012-04-12 20:49 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:49 . 2012-04-12 20:49 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 01:47 . 2012-04-11 01:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 01:47 . 2012-04-11 01:47 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-11 01:47 . 2012-04-11 01:47 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-04-11 01:47 . 2012-04-11 01:47 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-11 01:47 . 2012-04-11 01:47 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-04-11 01:47 . 2012-04-11 01:47 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 01:47 . 2012-04-11 01:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-11 01:47 . 2012-04-11 01:47 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-13 23:23 . 2012-03-13 22:06 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:23 . 2012-03-13 22:06 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:23 . 2012-03-13 22:06 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:20 . 2012-03-13 22:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:20 . 2012-03-13 22:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 23:20 . 2012-03-13 22:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:20 . 2012-03-13 22:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 01:34 . 2011-10-27 00:29 472808 -c--a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 -c--a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 -c--a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 -c--a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-30 137536]
"0B32563033AA16DC66E6B0700A375B6E341016C4._service_run"="c:\users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-05-30 1250328]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
"Hide IP Easy"="c:\program files (x86)\HideIPEasy\HideIPEasy.exe" [2010-11-19 3804912]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-07 22465104]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
"Cloudfogger"="c:\program files\Cloudfogger\Cloudfogger.exe" [2012-05-11 4261248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-18 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 AvgTdiA;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 15:21]
.
2012-06-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2514091126-916384942-3629948579-1001Core.job
- c:\users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-30 03:48]
.
2012-06-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2514091126-916384942-3629948579-1001UA.job
- c:\users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-30 03:48]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 21:40]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 21:40]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514091126-916384942-3629948579-1001Core.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 02:38]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514091126-916384942-3629948579-1001UA.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 -c--a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 -c--a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 -c--a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 -c--a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-16 21:53 754712 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-16 21:53 754712 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-16 21:53 754712 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-16 21:53 754712 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:23 463952 -c--a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:23 463952 -c--a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:23 463952 -c--a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:23 463952 -c--a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb161?a=6PQzB3FeGQ&i=26
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5551&r=27361011q725l04g4z165t5622n34p
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2514091126-916384942-3629948579-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2514091126-916384942-3629948579-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 20:30:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-07 00:30
.
Pre-Run: 47,404,687,360 bytes free
Post-Run: 47,063,298,048 bytes free
.
- - End Of File - - 241AEF1044F67DCDF7E075A904C6E112

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 AM

Posted 06 June 2012 - 09:03 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Aaron_301

Aaron_301
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 06 June 2012 - 10:13 PM

Attached is the TDSSKiller log, it reported that nothing was wrong apparently. I tried running aswMBR twice, both times the computer blue screened and restarted.

TDSSKiller:
22:39:09.0479 1160 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:39:09.0774 1160 ============================================================
22:39:09.0774 1160 Current date / time: 2012/06/06 22:39:09.0774
22:39:09.0775 1160 SystemInfo:
22:39:09.0775 1160
22:39:09.0775 1160 OS Version: 6.1.7601 ServicePack: 1.0
22:39:09.0775 1160 Product type: Workstation
22:39:09.0775 1160 ComputerName: AARON-PC
22:39:09.0776 1160 UserName: Aaron
22:39:09.0776 1160 Windows directory: C:\Windows
22:39:09.0776 1160 System windows directory: C:\Windows
22:39:09.0776 1160 Running under WOW64
22:39:09.0776 1160 Processor architecture: Intel x64
22:39:09.0776 1160 Number of processors: 2
22:39:09.0776 1160 Page size: 0x1000
22:39:09.0776 1160 Boot type: Normal boot
22:39:09.0776 1160 ============================================================
22:39:11.0748 1160 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:11.0753 1160 ============================================================
22:39:11.0753 1160 \Device\Harddisk0\DR0:
22:39:11.0753 1160 MBR partitions:
22:39:11.0753 1160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C01A24, BlocksNum 0x32FCD
22:39:11.0753 1160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C349F1, BlocksNum 0x1B59077F
22:39:11.0753 1160 ============================================================
22:39:11.0794 1160 C: <-> \Device\Harddisk0\DR0\Partition1
22:39:11.0794 1160 ============================================================
22:39:11.0794 1160 Initialize success
22:39:11.0794 1160 ============================================================
22:39:13.0669 4592 ============================================================
22:39:13.0669 4592 Scan started
22:39:13.0669 4592 Mode: Manual;
22:39:13.0670 4592 ============================================================
22:39:15.0473 4592 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:39:15.0478 4592 1394ohci - ok
22:39:15.0525 4592 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:39:15.0532 4592 ACPI - ok
22:39:15.0550 4592 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:39:15.0552 4592 AcpiPmi - ok
22:39:15.0673 4592 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:39:15.0676 4592 AdobeARMservice - ok
22:39:15.0819 4592 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:15.0824 4592 AdobeFlashPlayerUpdateSvc - ok
22:39:15.0903 4592 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:39:15.0907 4592 adp94xx - ok
22:39:15.0953 4592 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:39:15.0955 4592 adpahci - ok
22:39:15.0972 4592 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:39:15.0974 4592 adpu320 - ok
22:39:16.0002 4592 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:39:16.0003 4592 AeLookupSvc - ok
22:39:16.0071 4592 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:39:16.0076 4592 AFD - ok
22:39:16.0118 4592 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:39:16.0119 4592 agp440 - ok
22:39:16.0138 4592 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:39:16.0140 4592 ALG - ok
22:39:16.0165 4592 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:39:16.0166 4592 aliide - ok
22:39:16.0217 4592 AMD External Events Utility (53e74b13eef0e3ed256f4b8028f91274) C:\Windows\system32\atiesrxx.exe
22:39:16.0221 4592 AMD External Events Utility - ok
22:39:16.0261 4592 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:39:16.0262 4592 amdide - ok
22:39:16.0299 4592 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:39:16.0302 4592 AmdK8 - ok
22:39:16.0616 4592 amdkmdag (09a3d41550116e898c4c6f2b941e6d07) C:\Windows\system32\DRIVERS\atipmdag.sys
22:39:16.0760 4592 amdkmdag - ok
22:39:16.0865 4592 amdkmdap (5e9d3213040458690ebb61c37ec685ba) C:\Windows\system32\DRIVERS\atikmpag.sys
22:39:16.0866 4592 amdkmdap - ok
22:39:16.0907 4592 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:39:16.0908 4592 AmdPPM - ok
22:39:16.0959 4592 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:39:16.0960 4592 amdsata - ok
22:39:16.0982 4592 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:39:16.0984 4592 amdsbs - ok
22:39:17.0001 4592 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:39:17.0002 4592 amdxata - ok
22:39:17.0046 4592 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:39:17.0048 4592 AppID - ok
22:39:17.0088 4592 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:39:17.0090 4592 AppIDSvc - ok
22:39:17.0147 4592 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:39:17.0150 4592 Appinfo - ok
22:39:17.0210 4592 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:39:17.0213 4592 arc - ok
22:39:17.0235 4592 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:39:17.0238 4592 arcsas - ok
22:39:17.0338 4592 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:39:17.0340 4592 aspnet_state - ok
22:39:17.0379 4592 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:17.0381 4592 AsyncMac - ok
22:39:17.0425 4592 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:39:17.0427 4592 atapi - ok
22:39:17.0567 4592 athr (d53972336e7408330417de45619d75e7) C:\Windows\system32\DRIVERS\athrx.sys
22:39:17.0599 4592 athr - ok
22:39:17.0661 4592 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:39:17.0663 4592 AtiPcie - ok
22:39:17.0768 4592 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:39:17.0782 4592 AudioEndpointBuilder - ok
22:39:17.0794 4592 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:39:17.0799 4592 AudioSrv - ok
22:39:17.0843 4592 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
22:39:17.0844 4592 Avgfwfd - ok
22:39:18.0031 4592 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
22:39:18.0047 4592 avgfws - ok
22:39:18.0229 4592 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
22:39:18.0264 4592 AVGIDSAgent - ok
22:39:18.0392 4592 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:39:18.0395 4592 AVGIDSDriver - ok
22:39:18.0443 4592 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:39:18.0446 4592 AVGIDSEH - ok
22:39:18.0485 4592 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:39:18.0487 4592 AVGIDSFilter - ok
22:39:18.0527 4592 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
22:39:18.0532 4592 Avgldx64 - ok
22:39:18.0582 4592 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:39:18.0584 4592 Avgmfx64 - ok
22:39:18.0614 4592 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:39:18.0616 4592 Avgrkx64 - ok
22:39:18.0659 4592 AvgTdiA (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
22:39:18.0666 4592 AvgTdiA - ok
22:39:18.0781 4592 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:39:18.0786 4592 avgwd - ok
22:39:18.0838 4592 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:39:18.0841 4592 AxInstSV - ok
22:39:18.0888 4592 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:39:18.0893 4592 b06bdrv - ok
22:39:18.0924 4592 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:39:18.0929 4592 b57nd60a - ok
22:39:18.0994 4592 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:39:19.0014 4592 BCM43XX - ok
22:39:19.0059 4592 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:39:19.0061 4592 BDESVC - ok
22:39:19.0086 4592 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:39:19.0087 4592 Beep - ok
22:39:19.0383 4592 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:39:19.0399 4592 BFE - ok
22:39:19.0471 4592 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:39:19.0482 4592 BITS - ok
22:39:19.0584 4592 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:39:19.0586 4592 blbdrive - ok
22:39:19.0693 4592 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:39:19.0696 4592 bowser - ok
22:39:19.0748 4592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:39:19.0750 4592 BrFiltLo - ok
22:39:19.0763 4592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:39:19.0765 4592 BrFiltUp - ok
22:39:19.0791 4592 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:39:19.0825 4592 Bridge - ok
22:39:19.0833 4592 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:39:19.0834 4592 BridgeMP - ok
22:39:19.0914 4592 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:39:19.0914 4592 Browser - ok
22:39:19.0992 4592 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:39:19.0992 4592 Brserid - ok
22:39:20.0023 4592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:20.0023 4592 BrSerWdm - ok
22:39:20.0084 4592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:20.0084 4592 BrUsbMdm - ok
22:39:20.0089 4592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:20.0090 4592 BrUsbSer - ok
22:39:20.0112 4592 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:39:20.0113 4592 BTHMODEM - ok
22:39:20.0169 4592 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:39:20.0173 4592 bthserv - ok
22:39:20.0230 4592 catchme - ok
22:39:20.0308 4592 cbfs3 (b788c76281aab5433c7ffa78cc3cc16c) C:\Windows\system32\DRIVERS\cbfs3.sys
22:39:20.0311 4592 cbfs3 - ok
22:39:20.0399 4592 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:39:20.0403 4592 cdfs - ok
22:39:20.0482 4592 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:39:20.0485 4592 cdrom - ok
22:39:20.0600 4592 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:39:20.0603 4592 CertPropSvc - ok
22:39:20.0676 4592 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:39:20.0679 4592 circlass - ok
22:39:20.0733 4592 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:39:20.0740 4592 CLFS - ok
22:39:20.0814 4592 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:20.0825 4592 clr_optimization_v2.0.50727_32 - ok
22:39:20.0890 4592 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:20.0891 4592 clr_optimization_v2.0.50727_64 - ok
22:39:20.0962 4592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:20.0965 4592 clr_optimization_v4.0.30319_32 - ok
22:39:20.0999 4592 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:21.0002 4592 clr_optimization_v4.0.30319_64 - ok
22:39:21.0046 4592 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:39:21.0047 4592 CmBatt - ok
22:39:21.0074 4592 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:39:21.0074 4592 cmdide - ok
22:39:21.0136 4592 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:39:21.0145 4592 CNG - ok
22:39:21.0183 4592 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:39:21.0185 4592 Compbatt - ok
22:39:21.0229 4592 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:39:21.0231 4592 CompositeBus - ok
22:39:21.0245 4592 COMSysApp - ok
22:39:21.0267 4592 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:39:21.0269 4592 crcdisk - ok
22:39:21.0332 4592 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:39:21.0337 4592 CryptSvc - ok
22:39:21.0403 4592 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:39:21.0417 4592 DcomLaunch - ok
22:39:21.0464 4592 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:39:21.0472 4592 defragsvc - ok
22:39:21.0523 4592 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:39:21.0526 4592 DfsC - ok
22:39:21.0571 4592 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
22:39:21.0575 4592 dg_ssudbus - ok
22:39:21.0653 4592 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:39:21.0661 4592 Dhcp - ok
22:39:21.0705 4592 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:39:21.0707 4592 discache - ok
22:39:21.0752 4592 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:39:21.0755 4592 Disk - ok
22:39:21.0796 4592 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:39:21.0802 4592 Dnscache - ok
22:39:21.0851 4592 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:39:21.0855 4592 dot3svc - ok
22:39:21.0877 4592 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:39:21.0880 4592 DPS - ok
22:39:21.0918 4592 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:39:21.0919 4592 drmkaud - ok
22:39:21.0993 4592 DsiWMIService (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:39:21.0997 4592 DsiWMIService - ok
22:39:22.0066 4592 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:39:22.0073 4592 DXGKrnl - ok
22:39:22.0104 4592 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:39:22.0107 4592 EapHost - ok
22:39:22.0197 4592 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:39:22.0221 4592 ebdrv - ok
22:39:22.0250 4592 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:39:22.0252 4592 EFS - ok
22:39:22.0358 4592 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:39:22.0370 4592 ehRecvr - ok
22:39:22.0406 4592 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:39:22.0407 4592 ehSched - ok
22:39:22.0500 4592 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:39:22.0502 4592 ElbyCDIO - ok
22:39:22.0585 4592 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:39:22.0585 4592 elxstor - ok
22:39:22.0772 4592 ePowerSvc (49eef52bfb986a2b5d70f4ec12637d7b) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
22:39:22.0772 4592 ePowerSvc - ok
22:39:22.0804 4592 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:39:22.0819 4592 ErrDev - ok
22:39:22.0866 4592 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:39:22.0882 4592 EventSystem - ok
22:39:22.0913 4592 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:39:22.0913 4592 exfat - ok
22:39:22.0955 4592 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:39:22.0958 4592 fastfat - ok
22:39:23.0032 4592 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:39:23.0038 4592 Fax - ok
22:39:23.0064 4592 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:39:23.0065 4592 fdc - ok
22:39:23.0090 4592 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:39:23.0092 4592 fdPHost - ok
22:39:23.0100 4592 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:39:23.0103 4592 FDResPub - ok
22:39:23.0118 4592 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:39:23.0120 4592 FileInfo - ok
22:39:23.0131 4592 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:39:23.0133 4592 Filetrace - ok
22:39:23.0138 4592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:39:23.0139 4592 flpydisk - ok
22:39:23.0211 4592 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:39:23.0217 4592 FltMgr - ok
22:39:23.0319 4592 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:39:23.0340 4592 FontCache - ok
22:39:23.0400 4592 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:23.0404 4592 FontCache3.0.0.0 - ok
22:39:23.0459 4592 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:39:23.0461 4592 FsDepends - ok
22:39:23.0504 4592 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
22:39:23.0507 4592 fssfltr - ok
22:39:23.0694 4592 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:39:23.0707 4592 fsssvc - ok
22:39:23.0725 4592 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:39:23.0726 4592 Fs_Rec - ok
22:39:23.0784 4592 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:39:23.0788 4592 fvevol - ok
22:39:23.0823 4592 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:39:23.0825 4592 gagp30kx - ok
22:39:23.0911 4592 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
22:39:23.0913 4592 GameConsoleService - ok
22:39:23.0970 4592 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:39:23.0979 4592 gpsvc - ok
22:39:24.0039 4592 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
22:39:24.0040 4592 GREGService - ok
22:39:24.0149 4592 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:24.0151 4592 gupdate - ok
22:39:24.0156 4592 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:24.0158 4592 gupdatem - ok
22:39:24.0193 4592 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:39:24.0195 4592 gusvc - ok
22:39:24.0225 4592 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:39:24.0225 4592 hcw85cir - ok
22:39:24.0298 4592 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:39:24.0305 4592 HdAudAddService - ok
22:39:24.0339 4592 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:39:24.0343 4592 HDAudBus - ok
22:39:24.0372 4592 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:39:24.0374 4592 HidBatt - ok
22:39:24.0399 4592 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:39:24.0402 4592 HidBth - ok
22:39:24.0420 4592 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:39:24.0421 4592 HidIr - ok
22:39:24.0443 4592 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:39:24.0446 4592 hidserv - ok
22:39:24.0492 4592 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:39:24.0494 4592 HidUsb - ok
22:39:24.0529 4592 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:39:24.0534 4592 hkmsvc - ok
22:39:24.0593 4592 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:39:24.0601 4592 HomeGroupListener - ok
22:39:24.0649 4592 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:39:24.0657 4592 HomeGroupProvider - ok
22:39:24.0713 4592 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:39:24.0716 4592 HpSAMD - ok
22:39:24.0804 4592 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:39:24.0815 4592 HTTP - ok
22:39:24.0851 4592 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:39:24.0852 4592 hwpolicy - ok
22:39:24.0903 4592 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:39:24.0905 4592 i8042prt - ok
22:39:24.0949 4592 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:39:24.0952 4592 iaStorV - ok
22:39:25.0060 4592 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:25.0066 4592 idsvc - ok
22:39:25.0121 4592 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:39:25.0122 4592 iirsp - ok
22:39:25.0193 4592 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:39:25.0205 4592 IKEEXT - ok
22:39:25.0326 4592 IntcAzAudAddService (feadc18677a85a123e95a9b976101120) C:\Windows\system32\drivers\RTKVHD64.sys
22:39:25.0341 4592 IntcAzAudAddService - ok
22:39:25.0446 4592 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:39:25.0448 4592 intelide - ok
22:39:25.0479 4592 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:39:25.0481 4592 intelppm - ok
22:39:25.0519 4592 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:39:25.0524 4592 IPBusEnum - ok
22:39:25.0568 4592 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:25.0571 4592 IpFilterDriver - ok
22:39:25.0633 4592 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:39:25.0646 4592 iphlpsvc - ok
22:39:25.0686 4592 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:39:25.0687 4592 IPMIDRV - ok
22:39:25.0716 4592 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:39:25.0718 4592 IPNAT - ok
22:39:25.0744 4592 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:39:25.0745 4592 IRENUM - ok
22:39:25.0768 4592 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:39:25.0769 4592 isapnp - ok
22:39:25.0800 4592 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:39:25.0803 4592 iScsiPrt - ok
22:39:25.0848 4592 k57nd60a (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS\k57nd60a.sys
22:39:25.0851 4592 k57nd60a - ok
22:39:25.0883 4592 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:39:25.0884 4592 kbdclass - ok
22:39:25.0924 4592 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:39:25.0925 4592 kbdhid - ok
22:39:25.0951 4592 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:39:25.0953 4592 KeyIso - ok
22:39:25.0968 4592 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:39:25.0969 4592 KSecDD - ok
22:39:26.0000 4592 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:39:26.0002 4592 KSecPkg - ok
22:39:26.0029 4592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:39:26.0030 4592 ksthunk - ok
22:39:26.0061 4592 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:39:26.0067 4592 KtmRm - ok
22:39:26.0120 4592 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:39:26.0125 4592 LanmanServer - ok
22:39:26.0161 4592 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:39:26.0168 4592 LanmanWorkstation - ok
22:39:26.0277 4592 Live Updater Service (93b73ded2bc688f140c6ae2fbad45789) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:39:26.0282 4592 Live Updater Service - ok
22:39:26.0331 4592 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:39:26.0334 4592 lltdio - ok
22:39:26.0379 4592 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:39:26.0388 4592 lltdsvc - ok
22:39:26.0404 4592 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:39:26.0406 4592 lmhosts - ok
22:39:26.0460 4592 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:39:26.0461 4592 LSI_FC - ok
22:39:26.0495 4592 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:39:26.0497 4592 LSI_SAS - ok
22:39:26.0547 4592 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:39:26.0548 4592 LSI_SAS2 - ok
22:39:26.0571 4592 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:39:26.0574 4592 LSI_SCSI - ok
22:39:26.0609 4592 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:39:26.0612 4592 luafv - ok
22:39:26.0672 4592 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:39:26.0677 4592 Mcx2Svc - ok
22:39:26.0700 4592 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:39:26.0702 4592 megasas - ok
22:39:26.0748 4592 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:39:26.0753 4592 MegaSR - ok
22:39:26.0800 4592 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:39:26.0802 4592 MMCSS - ok
22:39:26.0825 4592 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:39:26.0827 4592 Modem - ok
22:39:26.0873 4592 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:39:26.0875 4592 monitor - ok
22:39:26.0926 4592 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:39:26.0927 4592 mouclass - ok
22:39:26.0966 4592 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:39:26.0967 4592 mouhid - ok
22:39:27.0007 4592 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:39:27.0008 4592 mountmgr - ok
22:39:27.0065 4592 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:39:27.0066 4592 mpio - ok
22:39:27.0091 4592 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:39:27.0093 4592 mpsdrv - ok
22:39:27.0152 4592 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:39:27.0152 4592 MpsSvc - ok
22:39:27.0198 4592 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:39:27.0198 4592 MRxDAV - ok
22:39:27.0251 4592 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:27.0253 4592 mrxsmb - ok
22:39:27.0278 4592 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:27.0282 4592 mrxsmb10 - ok
22:39:27.0302 4592 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:27.0304 4592 mrxsmb20 - ok
22:39:27.0336 4592 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:39:27.0337 4592 msahci - ok
22:39:27.0374 4592 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:39:27.0376 4592 msdsm - ok
22:39:27.0401 4592 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:39:27.0404 4592 MSDTC - ok
22:39:27.0431 4592 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:39:27.0432 4592 Msfs - ok
22:39:27.0445 4592 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:39:27.0446 4592 mshidkmdf - ok
22:39:27.0460 4592 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:39:27.0461 4592 msisadrv - ok
22:39:27.0499 4592 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:39:27.0502 4592 MSiSCSI - ok
22:39:27.0508 4592 msiserver - ok
22:39:27.0552 4592 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:39:27.0554 4592 MSKSSRV - ok
22:39:27.0568 4592 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:27.0570 4592 MSPCLOCK - ok
22:39:27.0576 4592 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:39:27.0578 4592 MSPQM - ok
22:39:27.0639 4592 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:39:27.0648 4592 MsRPC - ok
22:39:27.0696 4592 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:39:27.0698 4592 mssmbios - ok
22:39:27.0740 4592 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:39:27.0742 4592 MSTEE - ok
22:39:27.0760 4592 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:39:27.0762 4592 MTConfig - ok
22:39:27.0801 4592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:39:27.0803 4592 Mup - ok
22:39:27.0829 4592 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:39:27.0831 4592 mwlPSDFilter - ok
22:39:27.0851 4592 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:39:27.0853 4592 mwlPSDNServ - ok
22:39:27.0869 4592 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:39:27.0870 4592 mwlPSDVDisk - ok
22:39:27.0973 4592 MWLService (22a4905c958beb68d78385b633c1351b) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
22:39:27.0976 4592 MWLService - ok
22:39:28.0019 4592 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:39:28.0026 4592 napagent - ok
22:39:28.0076 4592 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:39:28.0081 4592 NativeWifiP - ok
22:39:28.0136 4592 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:39:28.0143 4592 NDIS - ok
22:39:28.0153 4592 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:28.0155 4592 NdisCap - ok
22:39:28.0184 4592 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:28.0185 4592 NdisTapi - ok
22:39:28.0215 4592 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:28.0217 4592 Ndisuio - ok
22:39:28.0264 4592 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:28.0268 4592 NdisWan - ok
22:39:28.0310 4592 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:39:28.0313 4592 NDProxy - ok
22:39:28.0356 4592 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:39:28.0359 4592 NetBIOS - ok
22:39:28.0422 4592 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:39:28.0428 4592 NetBT - ok
22:39:28.0496 4592 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:39:28.0500 4592 Netlogon - ok
22:39:28.0561 4592 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:39:28.0571 4592 Netman - ok
22:39:28.0666 4592 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:28.0671 4592 NetMsmqActivator - ok
22:39:28.0682 4592 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:28.0686 4592 NetPipeActivator - ok
22:39:28.0741 4592 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:39:28.0753 4592 netprofm - ok
22:39:28.0765 4592 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:28.0769 4592 NetTcpActivator - ok
22:39:28.0780 4592 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:28.0783 4592 NetTcpPortSharing - ok
22:39:28.0861 4592 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:39:28.0862 4592 nfrd960 - ok
22:39:28.0920 4592 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:39:28.0924 4592 NlaSvc - ok
22:39:28.0941 4592 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:39:28.0943 4592 Npfs - ok
22:39:28.0975 4592 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:39:28.0977 4592 nsi - ok
22:39:28.0983 4592 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:39:28.0983 4592 nsiproxy - ok
22:39:29.0091 4592 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:39:29.0109 4592 Ntfs - ok
22:39:29.0215 4592 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
22:39:29.0222 4592 NTI IScheduleSvc - ok
22:39:29.0273 4592 NTIBackupSvc (15221dd637d9d0ffc60848ebbf1df538) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:39:29.0276 4592 NTIBackupSvc - ok
22:39:29.0387 4592 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
22:39:29.0389 4592 NTIDrvr - ok
22:39:29.0423 4592 NTISchedulerSvc (b5071e15d4c3f5ef5018aff7e85a85e5) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:39:29.0428 4592 NTISchedulerSvc - ok
22:39:29.0454 4592 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:39:29.0456 4592 Null - ok
22:39:29.0521 4592 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:39:29.0525 4592 nvraid - ok
22:39:29.0548 4592 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:39:29.0551 4592 nvstor - ok
22:39:29.0572 4592 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:39:29.0574 4592 nv_agp - ok
22:39:29.0681 4592 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:39:29.0689 4592 odserv - ok
22:39:29.0727 4592 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:39:29.0730 4592 ohci1394 - ok
22:39:29.0786 4592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:29.0790 4592 ose - ok
22:39:29.0839 4592 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:39:29.0847 4592 p2pimsvc - ok
22:39:29.0885 4592 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:39:29.0892 4592 p2psvc - ok
22:39:29.0914 4592 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:39:29.0915 4592 Parport - ok
22:39:29.0952 4592 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:39:29.0953 4592 partmgr - ok
22:39:29.0993 4592 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:39:29.0996 4592 PcaSvc - ok
22:39:30.0032 4592 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:39:30.0034 4592 pci - ok
22:39:30.0042 4592 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:39:30.0042 4592 pciide - ok
22:39:30.0081 4592 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:39:30.0083 4592 pcmcia - ok
22:39:30.0102 4592 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:39:30.0103 4592 pcw - ok
22:39:30.0144 4592 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:39:30.0152 4592 PEAUTH - ok
22:39:30.0204 4592 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:39:30.0204 4592 PerfHost - ok
22:39:30.0360 4592 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:39:30.0375 4592 pla - ok
22:39:30.0438 4592 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:39:30.0453 4592 PlugPlay - ok
22:39:30.0531 4592 pneteth (a010f13d27c1033a8be09d5fa9bf348b) C:\Windows\system32\DRIVERS\pneteth.sys
22:39:30.0547 4592 pneteth - ok
22:39:30.0594 4592 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:39:30.0594 4592 PNRPAutoReg - ok
22:39:30.0641 4592 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:39:30.0641 4592 PNRPsvc - ok
22:39:30.0687 4592 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:39:30.0703 4592 Point64 - ok
22:39:30.0773 4592 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:39:30.0782 4592 PolicyAgent - ok
22:39:30.0813 4592 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:39:30.0817 4592 Power - ok
22:39:30.0871 4592 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:39:30.0874 4592 PptpMiniport - ok
22:39:30.0904 4592 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:39:30.0905 4592 Processor - ok
22:39:30.0964 4592 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:39:30.0968 4592 ProfSvc - ok
22:39:30.0995 4592 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:39:30.0997 4592 ProtectedStorage - ok
22:39:31.0042 4592 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:39:31.0044 4592 Psched - ok
22:39:31.0124 4592 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:39:31.0135 4592 ql2300 - ok
22:39:31.0168 4592 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:39:31.0171 4592 ql40xx - ok
22:39:31.0220 4592 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:39:31.0229 4592 QWAVE - ok
22:39:31.0254 4592 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:39:31.0256 4592 QWAVEdrv - ok
22:39:31.0270 4592 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:39:31.0273 4592 RasAcd - ok
22:39:31.0317 4592 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:39:31.0320 4592 RasAgileVpn - ok
22:39:31.0353 4592 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:39:31.0356 4592 RasAuto - ok
22:39:31.0389 4592 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:31.0391 4592 Rasl2tp - ok
22:39:31.0437 4592 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:39:31.0442 4592 RasMan - ok
22:39:31.0485 4592 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:31.0487 4592 RasPppoe - ok
22:39:31.0505 4592 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:39:31.0507 4592 RasSstp - ok
22:39:31.0545 4592 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:39:31.0549 4592 rdbss - ok
22:39:31.0566 4592 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:39:31.0567 4592 rdpbus - ok
22:39:31.0587 4592 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:31.0588 4592 RDPCDD - ok
22:39:31.0629 4592 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:39:31.0630 4592 RDPENCDD - ok
22:39:31.0645 4592 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:39:31.0646 4592 RDPREFMP - ok
22:39:31.0675 4592 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:39:31.0678 4592 RDPWD - ok
22:39:31.0733 4592 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:39:31.0735 4592 rdyboost - ok
22:39:31.0766 4592 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:39:31.0769 4592 RemoteAccess - ok
22:39:31.0793 4592 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:39:31.0797 4592 RemoteRegistry - ok
22:39:31.0823 4592 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:39:31.0826 4592 RpcEptMapper - ok
22:39:31.0844 4592 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:39:31.0851 4592 RpcLocator - ok
22:39:31.0902 4592 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:39:31.0907 4592 RpcSs - ok
22:39:31.0946 4592 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:39:31.0948 4592 rspndr - ok
22:39:32.0008 4592 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys
22:39:32.0010 4592 RSUSBSTOR - ok
22:39:32.0060 4592 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
22:39:32.0062 4592 RTHDMIAzAudService - ok
22:39:32.0095 4592 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:39:32.0097 4592 SamSs - ok
22:39:32.0150 4592 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:39:32.0153 4592 sbp2port - ok
22:39:32.0190 4592 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:39:32.0198 4592 SCardSvr - ok
22:39:32.0241 4592 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:39:32.0244 4592 scfilter - ok
22:39:32.0338 4592 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:39:32.0355 4592 Schedule - ok
22:39:32.0389 4592 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:39:32.0390 4592 SCPolicySvc - ok
22:39:32.0442 4592 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:39:32.0451 4592 SDRSVC - ok
22:39:32.0522 4592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:39:32.0524 4592 secdrv - ok
22:39:32.0552 4592 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:39:32.0554 4592 seclogon - ok
22:39:32.0580 4592 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:39:32.0583 4592 SENS - ok
22:39:32.0613 4592 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:39:32.0616 4592 SensrSvc - ok
22:39:32.0632 4592 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:39:32.0634 4592 Serenum - ok
22:39:32.0664 4592 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:39:32.0666 4592 Serial - ok
22:39:32.0714 4592 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:39:32.0716 4592 sermouse - ok
22:39:32.0767 4592 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:39:32.0772 4592 SessionEnv - ok
22:39:32.0816 4592 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:39:32.0818 4592 sffdisk - ok
22:39:32.0838 4592 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:39:32.0840 4592 sffp_mmc - ok
22:39:32.0851 4592 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:39:32.0853 4592 sffp_sd - ok
22:39:32.0881 4592 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:39:32.0882 4592 sfloppy - ok
22:39:32.0913 4592 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:39:32.0918 4592 SharedAccess - ok
22:39:32.0958 4592 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:39:32.0964 4592 ShellHWDetection - ok
22:39:32.0993 4592 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:39:32.0994 4592 SiSRaid2 - ok
22:39:33.0015 4592 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:39:33.0017 4592 SiSRaid4 - ok
22:39:33.0145 4592 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:39:33.0149 4592 SkypeUpdate - ok
22:39:33.0191 4592 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:39:33.0193 4592 Smb - ok
22:39:33.0239 4592 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:39:33.0241 4592 SNMPTRAP - ok
22:39:33.0255 4592 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:39:33.0256 4592 spldr - ok
22:39:33.0324 4592 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:39:33.0335 4592 Spooler - ok
22:39:33.0509 4592 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:39:33.0570 4592 sppsvc - ok
22:39:33.0682 4592 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:39:33.0689 4592 sppuinotify - ok
22:39:33.0758 4592 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:39:33.0768 4592 srv - ok
22:39:33.0803 4592 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:39:33.0809 4592 srv2 - ok
22:39:33.0831 4592 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:39:33.0835 4592 srvnet - ok
22:39:33.0885 4592 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:39:33.0890 4592 SSDPSRV - ok
22:39:33.0909 4592 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:39:33.0912 4592 SstpSvc - ok
22:39:34.0004 4592 Steam Client Service - ok
22:39:34.0041 4592 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:39:34.0042 4592 stexstor - ok
22:39:34.0102 4592 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:39:34.0110 4592 stisvc - ok
22:39:34.0141 4592 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:39:34.0142 4592 swenum - ok
22:39:34.0188 4592 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:39:34.0196 4592 swprv - ok
22:39:34.0256 4592 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
22:39:34.0262 4592 SynTP - ok
22:39:34.0386 4592 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:39:34.0413 4592 SysMain - ok
22:39:34.0538 4592 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:39:34.0545 4592 TabletInputService - ok
22:39:34.0581 4592 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:39:34.0591 4592 TapiSrv - ok
22:39:34.0621 4592 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:39:34.0627 4592 TBS - ok
22:39:34.0772 4592 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:39:34.0799 4592 Tcpip - ok
22:39:34.0979 4592 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:39:34.0992 4592 TCPIP6 - ok
22:39:35.0100 4592 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:39:35.0102 4592 tcpipreg - ok
22:39:35.0126 4592 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:39:35.0128 4592 TDPIPE - ok
22:39:35.0154 4592 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:39:35.0155 4592 TDTCP - ok
22:39:35.0201 4592 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:39:35.0205 4592 tdx - ok
22:39:35.0242 4592 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:39:35.0244 4592 TermDD - ok
22:39:35.0303 4592 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:39:35.0321 4592 TermService - ok
22:39:35.0346 4592 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:39:35.0353 4592 Themes - ok
22:39:35.0390 4592 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:39:35.0394 4592 THREADORDER - ok
22:39:35.0427 4592 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:39:35.0434 4592 TrkWks - ok
22:39:35.0499 4592 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:39:35.0505 4592 TrustedInstaller - ok
22:39:35.0552 4592 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:35.0554 4592 tssecsrv - ok
22:39:35.0611 4592 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:39:35.0614 4592 TsUsbFlt - ok
22:39:35.0669 4592 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:39:35.0674 4592 tunnel - ok
22:39:35.0716 4592 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:39:35.0718 4592 uagp35 - ok
22:39:35.0753 4592 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
22:39:35.0755 4592 UBHelper - ok
22:39:35.0806 4592 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:39:35.0814 4592 udfs - ok
22:39:35.0856 4592 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:39:35.0862 4592 UI0Detect - ok
22:39:35.0895 4592 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:39:35.0897 4592 uliagpkx - ok
22:39:35.0950 4592 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:39:35.0951 4592 umbus - ok
22:39:35.0982 4592 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:39:35.0983 4592 UmPass - ok
22:39:36.0030 4592 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:39:36.0035 4592 upnphost - ok
22:39:36.0080 4592 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:39:36.0082 4592 USBAAPL64 - ok
22:39:36.0126 4592 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:36.0130 4592 usbccgp - ok
22:39:36.0185 4592 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:39:36.0188 4592 usbcir - ok
22:39:36.0211 4592 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:39:36.0214 4592 usbehci - ok
22:39:36.0243 4592 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
22:39:36.0245 4592 usbfilter - ok
22:39:36.0293 4592 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:39:36.0302 4592 usbhub - ok
22:39:36.0324 4592 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:39:36.0326 4592 usbohci - ok
22:39:36.0366 4592 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:39:36.0369 4592 usbprint - ok
22:39:36.0413 4592 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:39:36.0416 4592 usbscan - ok
22:39:36.0466 4592 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:36.0470 4592 USBSTOR - ok
22:39:36.0497 4592 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:39:36.0498 4592 usbuhci - ok
22:39:36.0557 4592 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:39:36.0559 4592 usbvideo - ok
22:39:36.0606 4592 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
22:39:36.0610 4592 usb_rndisx - ok
22:39:36.0641 4592 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:39:36.0647 4592 UxSms - ok
22:39:36.0675 4592 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:39:36.0678 4592 VaultSvc - ok
22:39:36.0723 4592 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
22:39:36.0726 4592 VClone - ok
22:39:36.0773 4592 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:39:36.0776 4592 vdrvroot - ok
22:39:36.0840 4592 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:39:36.0848 4592 vds - ok
22:39:36.0876 4592 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:36.0878 4592 vga - ok
22:39:36.0896 4592 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:39:36.0897 4592 VgaSave - ok
22:39:36.0939 4592 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:39:36.0942 4592 vhdmp - ok
22:39:36.0962 4592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:39:36.0963 4592 viaide - ok
22:39:36.0976 4592 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:39:36.0977 4592 volmgr - ok
22:39:37.0027 4592 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:39:37.0030 4592 volmgrx - ok
22:39:37.0057 4592 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:39:37.0060 4592 volsnap - ok
22:39:37.0088 4592 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:39:37.0091 4592 vsmraid - ok
22:39:37.0179 4592 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:39:37.0198 4592 VSS - ok
22:39:37.0303 4592 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:39:37.0306 4592 vwifibus - ok
22:39:37.0337 4592 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:39:37.0340 4592 vwififlt - ok
22:39:37.0358 4592 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:39:37.0360 4592 vwifimp - ok
22:39:37.0409 4592 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:39:37.0416 4592 W32Time - ok
22:39:37.0441 4592 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:39:37.0443 4592 WacomPen - ok
22:39:37.0497 4592 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:37.0501 4592 WANARP - ok
22:39:37.0515 4592 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:37.0518 4592 Wanarpv6 - ok
22:39:37.0635 4592 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:39:37.0652 4592 WatAdminSvc - ok
22:39:37.0742 4592 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:39:37.0761 4592 wbengine - ok
22:39:37.0867 4592 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:39:37.0878 4592 WbioSrvc - ok
22:39:37.0941 4592 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:39:37.0947 4592 wcncsvc - ok
22:39:37.0966 4592 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:39:37.0969 4592 WcsPlugInService - ok
22:39:38.0017 4592 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:39:38.0018 4592 Wd - ok
22:39:38.0060 4592 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:39:38.0065 4592 Wdf01000 - ok
22:39:38.0089 4592 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:39:38.0092 4592 WdiServiceHost - ok
22:39:38.0101 4592 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:39:38.0104 4592 WdiSystemHost - ok
22:39:38.0146 4592 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:39:38.0146 4592 WebClient - ok
22:39:38.0177 4592 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:39:38.0177 4592 Wecsvc - ok
22:39:38.0199 4592 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:39:38.0202 4592 wercplsupport - ok
22:39:38.0240 4592 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:39:38.0244 4592 WerSvc - ok
22:39:38.0305 4592 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:39:38.0307 4592 WfpLwf - ok
22:39:38.0322 4592 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:39:38.0325 4592 WIMMount - ok
22:39:38.0385 4592 WinDefend - ok
22:39:38.0406 4592 WinHttpAutoProxySvc - ok
22:39:38.0504 4592 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:39:38.0510 4592 Winmgmt - ok
22:39:38.0631 4592 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:39:38.0656 4592 WinRM - ok
22:39:38.0782 4592 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:39:38.0785 4592 WinUsb - ok
22:39:38.0865 4592 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:39:38.0882 4592 Wlansvc - ok
22:39:38.0987 4592 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:39:38.0988 4592 wlcrasvc - ok
22:39:39.0129 4592 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:39:39.0146 4592 wlidsvc - ok
22:39:39.0261 4592 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:39:39.0263 4592 WmiAcpi - ok
22:39:39.0336 4592 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:39:39.0342 4592 wmiApSrv - ok
22:39:39.0400 4592 WMPNetworkSvc - ok
22:39:39.0439 4592 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:39:39.0445 4592 WPCSvc - ok
22:39:39.0774 4592 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:39:39.0781 4592 WPDBusEnum - ok
22:39:39.0816 4592 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:39:39.0818 4592 ws2ifsl - ok
22:39:39.0868 4592 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:39:39.0875 4592 wscsvc - ok
22:39:39.0883 4592 WSearch - ok
22:39:40.0026 4592 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:39:40.0053 4592 wuauserv - ok
22:39:40.0170 4592 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:39:40.0172 4592 WudfPf - ok
22:39:40.0224 4592 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:39:40.0229 4592 WUDFRd - ok
22:39:40.0269 4592 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:39:40.0275 4592 wudfsvc - ok
22:39:40.0324 4592 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:39:40.0334 4592 WwanSvc - ok
22:39:40.0395 4592 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:39:40.0619 4592 \Device\Harddisk0\DR0 - ok
22:39:40.0627 4592 Boot (0x1200) (5bb40f732e9b8fc0ef44c2daf530bb2a) \Device\Harddisk0\DR0\Partition0
22:39:40.0628 4592 \Device\Harddisk0\DR0\Partition0 - ok
22:39:40.0650 4592 Boot (0x1200) (175afda5f8899d2fc2f9812c9ed2593c) \Device\Harddisk0\DR0\Partition1
22:39:40.0652 4592 \Device\Harddisk0\DR0\Partition1 - ok
22:39:40.0653 4592 ============================================================
22:39:40.0653 4592 Scan finished
22:39:40.0653 4592 ============================================================
22:39:40.0666 1296 Detected object count: 0
22:39:40.0666 1296 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 AM

Posted 06 June 2012 - 10:32 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Aaron_301

Aaron_301
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 06 June 2012 - 10:41 PM

Here you go:

OTL:

OTL logfile created on: 06/06/2012 11:33:31 PM - Run 1
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Aaron\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 33.22% Memory free
7.49 Gb Paging File | 4.38 Gb Available in Paging File | 58.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 44.88 Gb Free Space | 20.51% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Aaron\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Aaron\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\pdf.dll ()
MOD - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\libglesv2.dll ()
MOD - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\libegl.dll ()
MOD - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\avutil-51.dll ()
MOD - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\avformat-54.dll ()
MOD - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\avcodec-54.dll ()
MOD - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\gcswf32.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
MOD - C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll ()
MOD - C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\_socket.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\select.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\win32api.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\win32service.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\win32process.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\win32file.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\win32event.pyd ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
MOD - C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd ()
MOD - C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (WSearch) -- C:\Windows\SysNative\SearchIndexer.exe (Microsoft Corporation)
SRV:64bit: - (TabletInputService) -- C:\Windows\SysNative\TabSvc.dll (Microsoft Corporation)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (SCPolicySvc) -- C:\Windows\SysNative\certprop.dll (Microsoft Corporation)
SRV:64bit: - (CertPropSvc) -- C:\Windows\SysNative\certprop.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WerSvc) -- C:\Windows\SysNative\wersvc.dll (Microsoft Corporation)
SRV:64bit: - (TrkWks) -- C:\Windows\SysNative\trkwks.dll (Microsoft Corporation)
SRV:64bit: - (SCardSvr) -- C:\Windows\SysNative\SCardSvr.dll (Microsoft Corporation)
SRV:64bit: - (RemoteRegistry) -- C:\Windows\SysNative\regsvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WSearch) -- C:\Windows\SysWow64\SearchIndexer.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5551&r=27361011q725l04g4z165t5622n34p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5551&r=27361011q725l04g4z165t5622n34p
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Aaron\Downloads
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb161?a=6PQzB3FeGQ&i=26
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA452CA452
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6PQzB3FeGQ&i=26
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Aaron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/10 07:29:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 18:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox

[2012/06/05 19:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.21\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Aaron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\
CHR - Extension: AVG Safe Search = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Android = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigamadkmnamoblmollkcflhaadibjha\1_0\
CHR - Extension: Gmail = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/06 20:06:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001..\Run: [Cloudfogger] C:\Program Files\Cloudfogger\Cloudfogger.exe (Cloudfogger GmbH)
O4 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001..\Run: [Facebook Update] C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001..\Run: [Hide IP Easy] C:\Program Files (x86)\HideIPEasy\HideIPEasy.exe (easy-hideip.com)
O4 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FAC98D8-305F-4712-8BB2-6F6DD61317C7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AAF508A-41B8-41E3-9CD1-AAA137ECDB36}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/06 20:06:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/06 18:40:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/06 18:40:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/06 18:40:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/06 18:40:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/06 18:40:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/06 18:32:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{15872BB6-2E1C-4E85-BBA4-9BA777138661}
[2012/06/06 18:31:52 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{378E601E-E4C1-469E-8B37-A2888C46AE6E}
[2012/06/05 20:56:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\CrashRpt
[2012/06/05 20:56:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Cloudfogger
[2012/06/05 20:55:49 | 000,350,096 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys
[2012/06/05 20:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudfogger
[2012/06/05 20:55:38 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCR100.dll
[2012/06/05 20:55:38 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCP100.dll
[2012/06/05 20:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Cloudfogger
[2012/06/05 19:34:21 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\BuildAGadget Content
[2012/06/05 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/05 18:33:42 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{BFF034F3-E43C-42A1-9D99-5899429CBF61}
[2012/06/05 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D3137D0E-1E9B-4D9A-8F6C-10C97012DA11}
[2012/06/04 22:36:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{988A1CE4-2040-479B-AAD3-562052BCFCD7}
[2012/06/04 22:36:19 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{AB9160A2-7AC2-46E0-B667-EEE405F316A4}
[2012/06/04 10:36:04 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{27D54DBF-A252-4633-A67F-E4D695AAC8A0}
[2012/06/04 10:35:52 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{FD7BB151-1A1E-4AA2-8E47-FCD4A51AF703}
[2012/06/03 22:35:39 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{EE0CA02D-9560-402F-A9A0-8A3F73D8F3C6}
[2012/06/03 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{CB86EF68-5673-4CCD-A891-029176FF7270}
[2012/06/03 10:35:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{86110FD1-0520-4896-82C2-E8A0EAEE9B88}
[2012/06/03 10:35:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{85EC9237-B9E3-4D88-B16E-D9C059DB159A}
[2012/06/02 22:03:13 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{2365FE02-EB2A-48B0-99FF-0B8E16795BB5}
[2012/06/02 22:03:01 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{BD7AFCC7-596A-4086-A85B-986E8AA08D9A}
[2012/06/02 10:02:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{2018758B-8FF0-4593-9A0D-A1C1099EDC84}
[2012/06/02 10:02:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{18C7B9A9-64B6-4FDB-A21A-803326719F37}
[2012/06/01 16:12:43 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D3A5CD2E-95CF-4285-96FD-9EBD443897C3}
[2012/06/01 16:12:30 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{86FC565A-488B-4EE1-86A3-1952E989220F}
[2012/05/31 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4AB13427-85DE-4A08-A074-6B88E2728EEC}
[2012/05/31 16:29:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{816279CA-1C42-4E3E-B76E-B896AB8BA65B}
[2012/05/30 17:36:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{1E161DCC-8B1A-42D8-8012-12D82322F7CE}
[2012/05/30 17:36:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{96011691-A870-4B59-9381-87529AE478B0}
[2012/05/29 16:25:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{B0B5CD28-10F5-47B3-AD4F-1DF31A05C537}
[2012/05/29 16:24:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D24BF63B-03B8-4782-AD27-B04B9415C262}
[2012/05/28 17:18:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{86322E27-A5F8-4378-8985-004BA1CADCBE}
[2012/05/28 17:18:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{C8D272F1-D6A5-40AB-B646-5FF3FDF1124F}
[2012/05/27 22:51:35 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F0FD3973-38AB-46BC-9CB5-00FE57E6F229}
[2012/05/27 22:51:24 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{056DEF2F-5840-48C8-B1DB-E7C2A849EBDE}
[2012/05/27 10:51:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{949374AC-7882-4E0A-B7C3-93004413F5DD}
[2012/05/27 10:50:53 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D9777B20-A607-4E4F-9FD6-22EBA7918807}
[2012/05/26 22:38:35 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4B4FACB1-1655-405D-9104-FF86F5CF6FF6}
[2012/05/26 22:38:24 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3C2DE3BA-7935-45E7-9B5E-A1FB0C391AE2}
[2012/05/26 13:14:20 | 000,000,000 | ---D | C] -- C:\Users\Aaron\.thumbnails
[2012/05/26 13:04:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\fontconfig
[2012/05/26 13:04:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\gegl-0.2
[2012/05/26 13:04:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\.gimp-2.8
[2012/05/26 13:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/05/26 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{DE27B135-AC07-4C20-9110-1BBCA88ACE2D}
[2012/05/26 10:37:54 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9A695AEB-80FD-4D12-8D6A-9801AB09F0E6}
[2012/05/25 18:08:43 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{41235A8C-4388-48DD-B5B7-170047C78BE2}
[2012/05/25 18:08:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{05182908-7877-4AD2-B979-A4AEE2262A4C}
[2012/05/24 17:55:29 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{DE9BE06B-180C-4120-BACE-C60E48D8B8B8}
[2012/05/24 17:55:17 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{538F24A5-C01A-4666-889E-246F1E6D7EEE}
[2012/05/23 17:22:29 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{1DBED319-1BF4-44D6-B948-C8D66EDA9633}
[2012/05/23 17:22:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{839D1341-0C86-4C37-9C5E-FC95DB71A22B}
[2012/05/22 17:42:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Mozilla
[2012/05/22 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F8DDD621-7F95-4FDE-A355-65BD7DFCAFA4}
[2012/05/22 17:36:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{29564B9E-5E5E-4634-8529-346C26B89E1C}
[2012/05/21 22:58:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{C3111617-B78D-4D34-BD15-76836DF23B84}
[2012/05/21 22:58:43 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{75AD7E69-13C1-4839-875B-0C4C95FDE27C}
[2012/05/21 10:58:29 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{FAD6279F-F3AD-4C67-97A5-1F6D4DFE21EC}
[2012/05/21 10:58:18 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{A6D49582-DB71-4B12-BA12-D16B2BB902DA}
[2012/05/20 22:58:00 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{70563DC9-B168-40DD-AC26-1C6AEA5D9947}
[2012/05/20 22:57:43 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7EF52657-E936-4A1F-BD28-2102EB2DFFAC}
[2012/05/20 10:57:30 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{923AA694-1140-4358-8710-4FCB1982A19F}
[2012/05/20 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{DB261473-0776-4E9A-8A26-4DBF9852B42A}
[2012/05/19 22:57:00 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D54E7465-D910-4E47-96D9-1EC2426A0E4D}
[2012/05/19 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F97C9178-F0BB-4C25-BEDE-5FB4C873A718}
[2012/05/19 10:57:11 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{E7D0F772-75DA-4B6A-91C2-111676FDA989}
[2012/05/18 19:14:00 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{50AA5C5D-BB52-4915-9777-E7F1BCE2818D}
[2012/05/18 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{2F621D36-553E-4921-89FA-812D985B1BBF}
[2012/05/18 07:13:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9518FEDA-91FA-4987-8142-9F19A66B583D}
[2012/05/18 07:13:22 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{C68CB10F-406D-4AD0-859B-97A31142EB25}
[2012/05/17 14:44:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{8EFE62AA-BB4A-41F9-8C51-EA1A009D65A5}
[2012/05/17 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D1C9ADE6-1E41-4EA4-97F9-B6C41921B773}
[2012/05/16 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{99D9A5EF-C538-4D00-83A5-9279A3DD1787}
[2012/05/16 17:42:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{24F3B7FC-88ED-4E8C-A01A-C1040F86E8B7}
[2012/05/16 05:42:18 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{2BA1C78A-E7AF-4883-85E8-63C8AC181EC4}
[2012/05/16 05:42:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9143464C-BC85-43B3-90D7-28EA718B886B}
[2012/05/15 17:41:54 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F4B07888-CB09-4E32-BA39-442854495BAF}
[2012/05/15 17:41:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{BCD2D2F8-C897-43B4-A8A1-7DD12A1857D1}
[2012/05/14 18:16:13 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{1ED54D46-48AB-4EAD-B170-88104A7F19B7}
[2012/05/14 18:15:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9F901CAC-F849-4810-8D3C-B50B95984561}
[2012/05/13 22:37:53 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{34833BCA-459C-46A5-9CA5-AAEF8768E1FE}
[2012/05/13 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{AF9ACB57-F940-4BEF-9FBE-5A45B40B2340}
[2012/05/13 11:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/05/13 11:20:59 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/13 11:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/05/13 11:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/05/13 10:37:26 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{FFA2F592-74B8-4D55-A613-DC67DC021302}
[2012/05/13 10:37:15 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{72C0CBB5-8485-492E-AB50-74BBECDAC0EF}
[2012/05/12 22:37:00 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{5B87205E-8ACC-48B4-B4E1-EC99986E5E15}
[2012/05/12 22:36:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{979C8AAB-26F1-4564-992B-EF5E74318F21}
[2012/05/12 10:36:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{64D0A240-CCA0-4687-B00A-0EF70520AA67}
[2012/05/12 10:36:21 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D0A3405B-DC8B-47F7-8DA6-5A6BA9999E1B}
[2012/05/11 19:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2012/05/11 19:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2012/05/11 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/05/11 16:30:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{8BC128E3-F557-4129-83A1-1A180A66DAED}
[2012/05/11 16:30:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{02BFC6D6-47B6-475D-ACEE-B973C3DB50DE}
[2012/05/10 17:03:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{85FFA750-5375-4042-B008-2AB3A568DE39}
[2012/05/10 17:02:54 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{5D1CAB3A-CB4B-4371-952D-8438BBAE0E4B}
[2012/05/09 17:03:05 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{28595E30-D850-4C67-BC2D-F45AC8B42741}
[2012/05/09 17:01:04 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9CE18606-F443-413E-8EB4-8AB25BB8B2F9}
[2012/05/08 15:32:10 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/08 15:32:08 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/08 15:32:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/08 15:32:03 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/08 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7BE629E8-AE9E-40DD-A382-C39AF9FF7F44}
[2012/05/08 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{726D4CCF-9FD9-44A3-A76A-8B41894C4828}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/06 23:24:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/06 23:08:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 23:08:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 23:00:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/06 22:59:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/06 22:59:42 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/06 22:59:41 | 613,543,345 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/06 22:45:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/06 22:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2514091126-916384942-3629948579-1001UA.job
[2012/06/06 20:53:05 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2514091126-916384942-3629948579-1001UA.job
[2012/06/06 20:06:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/06 19:54:58 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/06 19:54:58 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/06 19:54:58 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/06 18:39:52 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2514091126-916384942-3629948579-1001Core.job
[2012/06/06 18:35:20 | 099,900,957 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/05 23:53:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2514091126-916384942-3629948579-1001Core.job
[2012/06/05 20:55:40 | 000,000,852 | ---- | M] () -- C:\Users\Aaron\Desktop\Cloudfogger.lnk
[2012/06/01 16:58:49 | 000,393,900 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/28 17:21:54 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/05/26 13:15:14 | 000,002,105 | ---- | M] () -- C:\Users\Aaron\AppData\Local\recently-used.xbel
[2012/05/24 19:22:43 | 000,001,053 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/24 19:22:32 | 000,001,068 | ---- | M] () -- C:\Windows\wininit.ini
[2012/05/24 19:22:17 | 000,001,021 | ---- | M] () -- C:\Users\Aaron\Desktop\Dropbox.lnk
[2012/05/13 11:20:59 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/13 11:20:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/13 11:20:32 | 000,001,165 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/13 11:20:32 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/05/11 19:12:10 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2012/05/08 23:55:33 | 000,343,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/08 23:29:07 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/08 23:28:02 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/08 23:28:02 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/08 23:28:02 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/06 22:29:24 | 613,543,345 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/06 18:40:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/06 18:40:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/06 18:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/06 18:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/06 18:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/05 20:55:40 | 000,000,852 | ---- | C] () -- C:\Users\Aaron\Desktop\Cloudfogger.lnk
[2012/05/26 13:15:14 | 000,002,105 | ---- | C] () -- C:\Users\Aaron\AppData\Local\recently-used.xbel
[2012/05/26 13:04:10 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/05/13 11:21:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/13 11:20:32 | 000,001,165 | ---- | C] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/13 11:20:32 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/05/11 19:12:10 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/12/30 20:46:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/11/24 00:39:42 | 000,007,605 | ---- | C] () -- C:\Users\Aaron\AppData\Local\Resmon.ResmonCfg
[2011/10/23 12:57:10 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2011/10/23 12:57:10 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE
[2011/10/22 21:23:25 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/10/14 20:08:51 | 000,001,068 | ---- | C] () -- C:\Windows\wininit.ini
[2011/10/06 23:49:06 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/06 19:44:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 AM

Posted 06 June 2012 - 11:21 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <http://mystart.incredibar.com/mb161?a=6PQzB3FeGQ&i=26>
    IE - HKU\S-1-5-21-2514091126-916384942-3629948579-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = <http://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6PQzB3FeGQ&i=26>
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0B4227B4
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Aaron_301

Aaron_301
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 07 June 2012 - 03:35 PM

Still haven't been redirected, so so far so good. Wish I could reply with more of a change, but I haven't noticed any decrease in performance, since we started.

Log:

========== OTL ==========
HKU\S-1-5-21-2514091126-916384942-3629948579-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2514091126-916384942-3629948579-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Aaron\Downloads\cmd.bat deleted successfully.
C:\Users\Aaron\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Aaron
->Java cache emptied: 294074 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Aaron
->Flash cache emptied: 9629 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.46.2 log created on 06072012_163354

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 AM

Posted 07 June 2012 - 04:22 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Aaron_301

Aaron_301
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 07 June 2012 - 05:26 PM

Logs are below. Computer is still doing fine, as previously said, no real threat to originally compare it to besides the redirects. One issue, on windows 7 you cannot install as an administrator, just thought I'd point that out haha.

Malware bytes:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aaron :: AARON-PC [administrator]

Protection: Enabled

07/06/2012 5:52:33 PM
mbam-log-2012-06-07 (17-52-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207782
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:22:45 PM, on 07/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Cloudfogger\Cloudfogger.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Aaron\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5551&r=27361011q725l04g4z165t5622n34p
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [0B32563033AA16DC66E6B0700A375B6E341016C4._service_run] "C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [Hide IP Easy] C:\Program Files (x86)\HideIPEasy\HideIPEasy.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Cloudfogger] C:\Program Files\Cloudfogger\Cloudfogger.exe --silent
O4 - Startup: Dropbox.lnk = Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Malwarebytes Corporation - (no file)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14288 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 AM

Posted 07 June 2012 - 08:33 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
      O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
      O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
      O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKCU\..\Run: [0B32563033AA16DC66E6B0700A375B6E341016C4._service_run] "C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
      O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
      O4 - HKCU\..\Run: [Hide IP Easy] C:\Program Files (x86)\HideIPEasy\HideIPEasy.exe
      O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
      O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [Cloudfogger] C:\Program Files\Cloudfogger\Cloudfogger.exe --silent
      O4 - Startup: Dropbox.lnk = Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Aaron_301

Aaron_301
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 08 June 2012 - 02:50 PM

I followed the instructions twice, and there was no clipboard or copy and paste option, so I'll just write what it says, I hope that's enough.

Scanned Files: 137052
Infected Files: 0
Cleaned Files: 0
Total Time: 1:16:45
San Status: finished.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 AM

Posted 08 June 2012 - 04:38 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 AM

Posted 10 June 2012 - 11:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users