Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan: win32/sirefef.ak & am & ag and sirefef


  • This topic is locked This topic is locked
28 replies to this topic

#1 luckyrabbit

luckyrabbit

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 12 June 2012 - 11:43 PM

Hello, MSE had a message that said detected and cleaned virus and in the history came up Trojan:win32/sirefef.ak
.am
.ag
/sirefef and then proceeded to say remove.
kept getting the MSE logo spinning and saying cleaning and then same viruses would be in history
I used malwarebytes and it found the four aswell and cleaned them but I feel something is still there and runnin in the background because when I reboot my desktop icons keep resetting if I change them. Need help

Thanks
LR

what do you need for me to run a log to show the computer status?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger Trudel :: ROGERTRUDEL-PC [administrator]

12/06/2012 6:25:09 PM
mbam-log-2012-06-12 (18-25-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280359
Time elapsed: 15 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bad: (C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\n.) Good: (%SystemRoot%\system32\shell32.dll) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Roger Trudel\AppData\Local\temp\msimg32.dll (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.

(end)
------------------------------------------------------------------------------------------------------------------------

then I did another one!



alwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger Trudel :: ROGERTRUDEL-PC [administrator]

12/06/2012 9:31:51 PM
mbam-log-2012-06-12 (21-31-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444208
Time elapsed: 3 hour(s), 6 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\n (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Users\Roger Trudel\AppData\LocalLow\GamingWonderlandEI\Installr\Cache\002DE9D2.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 13 June 2012 - 12:06 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    /md5stop
    C:\Windows\assembly\GAC\*.ini /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 13 June 2012 - 09:02 AM

1. Hello ST, and thanks for helping



#2
tdss killer report
--------------------------

07:49:42.0020 3832 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:49:42.0441 3832 ============================================================
07:49:42.0441 3832 Current date / time: 2012/06/13 07:49:42.0441
07:49:42.0441 3832 SystemInfo:
07:49:42.0441 3832
07:49:42.0441 3832 OS Version: 6.0.6002 ServicePack: 2.0
07:49:42.0441 3832 Product type: Workstation
07:49:42.0441 3832 ComputerName: ROGERTRUDEL-PC
07:49:42.0441 3832 UserName: Roger Trudel
07:49:42.0441 3832 Windows directory: C:\Windows
07:49:42.0441 3832 System windows directory: C:\Windows
07:49:42.0441 3832 Processor architecture: Intel x86
07:49:42.0441 3832 Number of processors: 1
07:49:42.0441 3832 Page size: 0x1000
07:49:42.0441 3832 Boot type: Normal boot
07:49:42.0441 3832 ============================================================
07:49:43.0830 3832 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:49:43.0830 3832 ============================================================
07:49:43.0830 3832 \Device\Harddisk0\DR0:
07:49:43.0830 3832 MBR partitions:
07:49:43.0830 3832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x176D000, BlocksNum 0x898C000
07:49:43.0830 3832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA0F9000, BlocksNum 0x8920000
07:49:43.0830 3832 ============================================================
07:49:43.0877 3832 C: <-> \Device\Harddisk0\DR0\Partition0
07:49:44.0017 3832 D: <-> \Device\Harddisk0\DR0\Partition1
07:49:44.0017 3832 ============================================================
07:49:44.0017 3832 Initialize success
07:49:44.0017 3832 ============================================================
07:49:53.0689 2932 ============================================================
07:49:53.0689 2932 Scan started
07:49:53.0689 2932 Mode: Manual; SigCheck; TDLFS;
07:49:53.0689 2932 ============================================================
07:49:54.0141 2932 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
07:49:54.0251 2932 ACPI - ok
07:49:54.0344 2932 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
07:49:54.0375 2932 adp94xx - ok
07:49:54.0438 2932 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
07:49:54.0453 2932 adpahci - ok
07:49:54.0485 2932 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
07:49:54.0500 2932 adpu160m - ok
07:49:54.0547 2932 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
07:49:54.0563 2932 adpu320 - ok
07:49:54.0594 2932 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
07:49:54.0625 2932 AeLookupSvc - ok
07:49:54.0687 2932 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
07:49:54.0703 2932 AFD - ok
07:49:54.0719 2932 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
07:49:54.0734 2932 AgereModemAudio - ok
07:49:54.0890 2932 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
07:49:54.0921 2932 AgereSoftModem - ok
07:49:54.0968 2932 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
07:49:54.0984 2932 agp440 - ok
07:49:55.0015 2932 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:49:55.0031 2932 aic78xx - ok
07:49:55.0077 2932 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
07:49:55.0109 2932 ALG - ok
07:49:55.0124 2932 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:49:55.0140 2932 aliide - ok
07:49:55.0171 2932 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
07:49:55.0187 2932 amdagp - ok
07:49:55.0218 2932 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
07:49:55.0233 2932 amdide - ok
07:49:55.0265 2932 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
07:49:55.0296 2932 AmdK7 - ok
07:49:55.0311 2932 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
07:49:55.0343 2932 AmdK8 - ok
07:49:55.0405 2932 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
07:49:55.0436 2932 androidusb - ok
07:49:55.0483 2932 ApfiltrService (0a0fbc30de483233124cdaef8e5cbcdd) C:\Windows\system32\DRIVERS\Apfiltr.sys
07:49:55.0499 2932 ApfiltrService - ok
07:49:55.0545 2932 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
07:49:55.0561 2932 Appinfo - ok
07:49:55.0686 2932 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:49:55.0701 2932 Apple Mobile Device - ok
07:49:55.0748 2932 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
07:49:55.0764 2932 arc - ok
07:49:55.0826 2932 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
07:49:55.0842 2932 arcsas - ok
07:49:55.0889 2932 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:49:55.0904 2932 AsyncMac - ok
07:49:55.0951 2932 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
07:49:55.0951 2932 atapi - ok
07:49:56.0076 2932 athr (44362605f5fff00c9b7696b47680a8c5) C:\Windows\system32\DRIVERS\athr.sys
07:49:56.0123 2932 athr - ok
07:49:56.0201 2932 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:49:56.0216 2932 AudioEndpointBuilder - ok
07:49:56.0232 2932 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:49:56.0263 2932 Audiosrv - ok
07:49:56.0310 2932 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
07:49:56.0325 2932 b57nd60x - ok
07:49:56.0357 2932 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:49:56.0388 2932 Beep - ok
07:49:56.0591 2932 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
07:49:56.0622 2932 BFE - ok
07:49:56.0747 2932 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
07:49:56.0809 2932 BITS - ok
07:49:56.0840 2932 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
07:49:56.0871 2932 blbdrive - ok
07:49:57.0012 2932 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:49:57.0027 2932 Bonjour Service - ok
07:49:57.0074 2932 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
07:49:57.0090 2932 bowser - ok
07:49:57.0105 2932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:49:57.0137 2932 BrFiltLo - ok
07:49:57.0183 2932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:49:57.0199 2932 BrFiltUp - ok
07:49:57.0261 2932 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
07:49:57.0277 2932 Browser - ok
07:49:57.0308 2932 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:49:57.0355 2932 Brserid - ok
07:49:57.0402 2932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:49:57.0449 2932 BrSerWdm - ok
07:49:57.0480 2932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:49:57.0527 2932 BrUsbMdm - ok
07:49:57.0558 2932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:49:57.0589 2932 BrUsbSer - ok
07:49:57.0620 2932 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:49:57.0667 2932 BTHMODEM - ok
07:49:57.0792 2932 catchme - ok
07:49:57.0885 2932 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:49:57.0901 2932 cdfs - ok
07:49:57.0995 2932 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
07:49:58.0010 2932 cdrom - ok
07:49:58.0104 2932 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:49:58.0119 2932 CertPropSvc - ok
07:49:58.0197 2932 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
07:49:58.0229 2932 circlass - ok
07:49:58.0307 2932 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
07:49:58.0338 2932 CLFS - ok
07:49:58.0400 2932 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:49:58.0416 2932 clr_optimization_v2.0.50727_32 - ok
07:49:58.0447 2932 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:49:58.0478 2932 CmBatt - ok
07:49:58.0509 2932 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
07:49:58.0525 2932 cmdide - ok
07:49:58.0556 2932 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:49:58.0572 2932 Compbatt - ok
07:49:58.0587 2932 COMSysApp - ok
07:49:58.0603 2932 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
07:49:58.0619 2932 crcdisk - ok
07:49:58.0650 2932 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
07:49:58.0681 2932 Crusoe - ok
07:49:58.0837 2932 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
07:49:58.0853 2932 CryptSvc - ok
07:49:58.0946 2932 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:49:58.0977 2932 DcomLaunch - ok
07:49:59.0024 2932 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
07:49:59.0040 2932 DfsC - ok
07:49:59.0289 2932 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
07:49:59.0352 2932 DFSR - ok
07:49:59.0539 2932 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
07:49:59.0570 2932 Dhcp - ok
07:49:59.0633 2932 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
07:49:59.0648 2932 disk - ok
07:49:59.0695 2932 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
07:49:59.0695 2932 DKbFltr - ok
07:49:59.0757 2932 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
07:49:59.0773 2932 Dnscache - ok
07:49:59.0820 2932 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
07:49:59.0851 2932 dot3svc - ok
07:49:59.0913 2932 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
07:49:59.0945 2932 Dot4 - ok
07:49:59.0976 2932 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:50:00.0007 2932 Dot4Print - ok
07:50:00.0038 2932 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
07:50:00.0054 2932 dot4usb - ok
07:50:00.0116 2932 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
07:50:00.0147 2932 DPS - ok
07:50:00.0210 2932 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
07:50:00.0225 2932 DritekPortIO - ok
07:50:00.0257 2932 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:50:00.0272 2932 drmkaud - ok
07:50:00.0381 2932 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
07:50:00.0413 2932 DXGKrnl - ok
07:50:00.0475 2932 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:50:00.0506 2932 E1G60 - ok
07:50:00.0553 2932 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
07:50:00.0569 2932 EapHost - ok
07:50:00.0631 2932 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
07:50:00.0647 2932 Ecache - ok
07:50:00.0771 2932 eDataSecurity Service (876379397458fdfadfb06a62858b9564) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
07:50:00.0803 2932 eDataSecurity Service - ok
07:50:00.0849 2932 eLockService (e28516fed46251119addaf4cf33ba401) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
07:50:00.0849 2932 eLockService ( UnsignedFile.Multi.Generic ) - warning
07:50:00.0849 2932 eLockService - detected UnsignedFile.Multi.Generic (1)
07:50:00.0927 2932 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
07:50:00.0943 2932 elxstor - ok
07:50:01.0052 2932 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
07:50:01.0083 2932 EMDMgmt - ok
07:50:01.0115 2932 eNet Service (44e8e86ceeb0d9f0f934b5edc21e0444) C:\Acer\Empowering Technology\eNet\eNet Service.exe
07:50:01.0115 2932 eNet Service ( UnsignedFile.Multi.Generic ) - warning
07:50:01.0115 2932 eNet Service - detected UnsignedFile.Multi.Generic (1)
07:50:01.0161 2932 eRecoveryService (59fccaf915ba89dd98cadf08da91afee) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
07:50:01.0177 2932 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
07:50:01.0177 2932 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
07:50:01.0224 2932 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
07:50:01.0255 2932 ErrDev - ok
07:50:01.0302 2932 eSettingsService (a9745687a57cdd71237915859aba8dac) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
07:50:01.0302 2932 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
07:50:01.0302 2932 eSettingsService - detected UnsignedFile.Multi.Generic (1)
07:50:01.0395 2932 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
07:50:01.0411 2932 EventSystem - ok
07:50:01.0458 2932 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
07:50:01.0473 2932 exfat - ok
07:50:01.0536 2932 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
07:50:01.0551 2932 fastfat - ok
07:50:01.0645 2932 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
07:50:01.0676 2932 fdc - ok
07:50:01.0801 2932 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
07:50:01.0832 2932 fdPHost - ok
07:50:01.0848 2932 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
07:50:01.0895 2932 FDResPub - ok
07:50:01.0926 2932 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:50:01.0941 2932 FileInfo - ok
07:50:01.0973 2932 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:50:01.0988 2932 Filetrace - ok
07:50:02.0019 2932 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
07:50:02.0051 2932 flpydisk - ok
07:50:02.0097 2932 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
07:50:02.0113 2932 FltMgr - ok
07:50:02.0269 2932 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
07:50:02.0300 2932 FontCache - ok
07:50:02.0394 2932 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:50:02.0409 2932 FontCache3.0.0.0 - ok
07:50:02.0441 2932 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
07:50:02.0456 2932 Fs_Rec - ok
07:50:02.0503 2932 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
07:50:02.0519 2932 gagp30kx - ok
07:50:02.0565 2932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:50:02.0581 2932 GEARAspiWDM - ok
07:50:02.0659 2932 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
07:50:02.0690 2932 gpsvc - ok
07:50:02.0737 2932 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
07:50:02.0784 2932 HdAudAddService - ok
07:50:02.0877 2932 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:50:02.0909 2932 HDAudBus - ok
07:50:02.0955 2932 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:50:03.0002 2932 HidBth - ok
07:50:03.0033 2932 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
07:50:03.0080 2932 HidIr - ok
07:50:03.0143 2932 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
07:50:03.0158 2932 hidserv - ok
07:50:03.0189 2932 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
07:50:03.0205 2932 HidUsb - ok
07:50:03.0236 2932 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
07:50:03.0267 2932 hkmsvc - ok
07:50:03.0299 2932 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
07:50:03.0314 2932 HpCISSs - ok
07:50:03.0455 2932 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:50:03.0455 2932 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
07:50:03.0455 2932 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
07:50:03.0517 2932 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:50:03.0533 2932 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
07:50:03.0533 2932 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
07:50:03.0579 2932 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:50:03.0611 2932 HSFHWAZL - ok
07:50:03.0751 2932 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
07:50:03.0782 2932 HSF_DPV - ok
07:50:03.0829 2932 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
07:50:03.0845 2932 HSXHWAZL - ok
07:50:03.0923 2932 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
07:50:03.0969 2932 HTTP - ok
07:50:04.0032 2932 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
07:50:04.0047 2932 i2omp - ok
07:50:04.0079 2932 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:50:04.0094 2932 i8042prt - ok
07:50:04.0141 2932 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
07:50:04.0157 2932 iaStorV - ok
07:50:04.0313 2932 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:50:04.0344 2932 idsvc - ok
07:50:04.0609 2932 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:50:04.0671 2932 igfx - ok
07:50:04.0874 2932 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:50:04.0874 2932 iirsp - ok
07:50:04.0983 2932 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
07:50:05.0015 2932 IKEEXT - ok
07:50:05.0077 2932 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
07:50:05.0093 2932 int15 - ok
07:50:05.0373 2932 IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
07:50:05.0436 2932 IntcAzAudAddService - ok
07:50:05.0623 2932 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:50:05.0639 2932 intelide - ok
07:50:05.0670 2932 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:50:05.0701 2932 intelppm - ok
07:50:05.0748 2932 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
07:50:05.0763 2932 IPBusEnum - ok
07:50:05.0810 2932 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:50:05.0841 2932 IpFilterDriver - ok
07:50:05.0888 2932 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
07:50:05.0904 2932 iphlpsvc - ok
07:50:05.0919 2932 IpInIp - ok
07:50:05.0951 2932 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
07:50:05.0982 2932 IPMIDRV - ok
07:50:06.0044 2932 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:50:06.0075 2932 IPNAT - ok
07:50:06.0263 2932 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
07:50:06.0294 2932 iPod Service - ok
07:50:06.0309 2932 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:50:06.0341 2932 IRENUM - ok
07:50:06.0372 2932 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
07:50:06.0372 2932 isapnp - ok
07:50:06.0434 2932 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:50:06.0450 2932 iScsiPrt - ok
07:50:06.0497 2932 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:50:06.0512 2932 iteatapi - ok
07:50:06.0559 2932 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:50:06.0575 2932 iteraid - ok
07:50:06.0606 2932 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:50:06.0606 2932 kbdclass - ok
07:50:06.0637 2932 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
07:50:06.0668 2932 kbdhid - ok
07:50:06.0715 2932 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:50:06.0731 2932 KeyIso - ok
07:50:06.0777 2932 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
07:50:06.0809 2932 KSecDD - ok
07:50:06.0980 2932 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
07:50:07.0043 2932 KtmRm - ok
07:50:07.0089 2932 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
07:50:07.0121 2932 LanmanServer - ok
07:50:07.0542 2932 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
07:50:07.0557 2932 LanmanWorkstation - ok
07:50:08.0291 2932 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
07:50:08.0493 2932 LeapFrog Connect Device Service - ok
07:50:08.0712 2932 LeapFrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\Windows\system32\DRIVERS\btblan.sys
07:50:08.0727 2932 LeapFrog-USBLAN - ok
07:50:08.0759 2932 LexBceS - ok
07:50:08.0805 2932 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\Windows\system32\drivers\libusb0.sys
07:50:08.0821 2932 libusb0 - ok
07:50:08.0915 2932 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:50:08.0930 2932 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:50:08.0930 2932 LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:50:08.0961 2932 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:50:08.0993 2932 lltdio - ok
07:50:09.0055 2932 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
07:50:09.0086 2932 lltdsvc - ok
07:50:09.0102 2932 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
07:50:09.0164 2932 lmhosts - ok
07:50:09.0211 2932 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
07:50:09.0211 2932 LSI_FC - ok
07:50:09.0242 2932 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
07:50:09.0258 2932 LSI_SAS - ok
07:50:09.0289 2932 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
07:50:09.0305 2932 LSI_SCSI - ok
07:50:09.0351 2932 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:50:09.0367 2932 luafv - ok
07:50:09.0414 2932 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:50:09.0429 2932 mdmxsdk - ok
07:50:09.0461 2932 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
07:50:09.0476 2932 megasas - ok
07:50:09.0539 2932 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
07:50:09.0554 2932 MegaSR - ok
07:50:09.0601 2932 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:50:09.0617 2932 MMCSS - ok
07:50:09.0663 2932 MobilityService - ok
07:50:09.0710 2932 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:50:09.0757 2932 Modem - ok
07:50:09.0788 2932 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:50:09.0804 2932 monitor - ok
07:50:09.0835 2932 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:50:09.0851 2932 mouclass - ok
07:50:09.0882 2932 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:50:09.0913 2932 mouhid - ok
07:50:09.0929 2932 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:50:09.0944 2932 MountMgr - ok
07:50:10.0022 2932 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
07:50:10.0038 2932 MpFilter - ok
07:50:10.0069 2932 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
07:50:10.0085 2932 mpio - ok
07:50:10.0241 2932 MpKsl7d768f12 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8239F1D5-799B-4485-AFB9-AE878CDC4A03}\MpKsl7d768f12.sys
07:50:10.0256 2932 MpKsl7d768f12 - ok
07:50:10.0272 2932 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:50:10.0303 2932 mpsdrv - ok
07:50:10.0412 2932 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
07:50:10.0443 2932 MpsSvc - ok
07:50:10.0490 2932 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:50:10.0490 2932 Mraid35x - ok
07:50:10.0537 2932 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:50:10.0553 2932 MRxDAV - ok
07:50:10.0615 2932 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:50:10.0631 2932 mrxsmb - ok
07:50:10.0677 2932 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:50:10.0693 2932 mrxsmb10 - ok
07:50:10.0724 2932 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:50:10.0740 2932 mrxsmb20 - ok
07:50:10.0787 2932 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
07:50:10.0802 2932 msahci - ok
07:50:10.0849 2932 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
07:50:10.0849 2932 msdsm - ok
07:50:10.0911 2932 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
07:50:10.0958 2932 MSDTC - ok
07:50:10.0989 2932 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:50:11.0005 2932 Msfs - ok
07:50:11.0052 2932 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:50:11.0067 2932 msisadrv - ok
07:50:11.0099 2932 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
07:50:11.0130 2932 MSiSCSI - ok
07:50:11.0145 2932 msiserver - ok
07:50:11.0161 2932 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:50:11.0192 2932 MSKSSRV - ok
07:50:11.0301 2932 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
07:50:11.0317 2932 MsMpSvc - ok
07:50:11.0348 2932 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:50:11.0364 2932 MSPCLOCK - ok
07:50:11.0395 2932 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:50:11.0426 2932 MSPQM - ok
07:50:11.0489 2932 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:50:11.0504 2932 MsRPC - ok
07:50:11.0520 2932 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:50:11.0535 2932 mssmbios - ok
07:50:11.0567 2932 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:50:11.0598 2932 MSTEE - ok
07:50:11.0629 2932 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:50:11.0629 2932 Mup - ok
07:50:11.0691 2932 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
07:50:11.0723 2932 napagent - ok
07:50:11.0785 2932 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:50:11.0801 2932 NativeWifiP - ok
07:50:11.0894 2932 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:50:11.0910 2932 NDIS - ok
07:50:11.0941 2932 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:50:11.0972 2932 NdisTapi - ok
07:50:12.0019 2932 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:50:12.0050 2932 Ndisuio - ok
07:50:12.0097 2932 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:50:12.0128 2932 NdisWan - ok
07:50:12.0144 2932 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:50:12.0175 2932 NDProxy - ok
07:50:12.0253 2932 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\Windows\system32\HPZinw12.dll
07:50:12.0269 2932 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:50:12.0269 2932 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:50:12.0300 2932 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:50:12.0331 2932 NetBIOS - ok
07:50:12.0378 2932 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:50:12.0409 2932 netbt - ok
07:50:12.0440 2932 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:50:12.0456 2932 Netlogon - ok
07:50:12.0518 2932 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
07:50:12.0549 2932 Netman - ok
07:50:12.0596 2932 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
07:50:12.0627 2932 netprofm - ok
07:50:12.0705 2932 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:50:12.0721 2932 NetTcpPortSharing - ok
07:50:12.0768 2932 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:50:12.0783 2932 nfrd960 - ok
07:50:12.0846 2932 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:50:12.0861 2932 NisDrv - ok
07:50:12.0955 2932 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
07:50:12.0971 2932 NisSrv - ok
07:50:13.0033 2932 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
07:50:13.0095 2932 NlaSvc - ok
07:50:13.0127 2932 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:50:13.0158 2932 Npfs - ok
07:50:13.0173 2932 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
07:50:13.0205 2932 nsi - ok
07:50:13.0251 2932 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:50:13.0267 2932 nsiproxy - ok
07:50:13.0423 2932 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:50:13.0454 2932 Ntfs - ok
07:50:13.0470 2932 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
07:50:13.0485 2932 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
07:50:13.0485 2932 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
07:50:13.0517 2932 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:50:13.0548 2932 ntrigdigi - ok
07:50:13.0563 2932 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:50:13.0595 2932 Null - ok
07:50:13.0641 2932 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
07:50:13.0657 2932 nvraid - ok
07:50:13.0688 2932 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
07:50:13.0704 2932 nvstor - ok
07:50:13.0735 2932 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
07:50:13.0751 2932 nv_agp - ok
07:50:13.0766 2932 NwlnkFlt - ok
07:50:13.0782 2932 NwlnkFwd - ok
07:50:13.0813 2932 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
07:50:13.0860 2932 ohci1394 - ok
07:50:13.0953 2932 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:50:13.0985 2932 p2pimsvc - ok
07:50:14.0000 2932 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:50:14.0031 2932 p2psvc - ok
07:50:14.0063 2932 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:50:14.0109 2932 Parport - ok
07:50:14.0156 2932 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
07:50:14.0172 2932 partmgr - ok
07:50:14.0234 2932 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:50:14.0281 2932 Parvdm - ok
07:50:14.0312 2932 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
07:50:14.0328 2932 PcaSvc - ok
07:50:14.0390 2932 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:50:14.0406 2932 pci - ok
07:50:14.0421 2932 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
07:50:14.0437 2932 pciide - ok
07:50:14.0499 2932 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:50:14.0515 2932 pcmcia - ok
07:50:14.0624 2932 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:50:14.0687 2932 PEAUTH - ok
07:50:14.0889 2932 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
07:50:14.0952 2932 pla - ok
07:50:15.0139 2932 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
07:50:15.0170 2932 PlugPlay - ok
07:50:15.0217 2932 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\Windows\system32\HPZipm12.dll
07:50:15.0217 2932 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:50:15.0217 2932 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:50:15.0326 2932 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:50:15.0357 2932 PNRPAutoReg - ok
07:50:15.0373 2932 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:50:15.0420 2932 PNRPsvc - ok
07:50:15.0513 2932 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
07:50:15.0545 2932 PolicyAgent - ok
07:50:15.0607 2932 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:50:15.0638 2932 PptpMiniport - ok
07:50:15.0669 2932 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
07:50:15.0685 2932 Processor - ok
07:50:15.0732 2932 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
07:50:15.0763 2932 ProfSvc - ok
07:50:15.0794 2932 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:50:15.0825 2932 ProtectedStorage - ok
07:50:15.0857 2932 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:50:15.0888 2932 PSched - ok
07:50:15.0903 2932 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
07:50:15.0903 2932 PSDFilter - ok
07:50:15.0935 2932 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
07:50:15.0950 2932 PSDNServ - ok
07:50:15.0966 2932 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
07:50:15.0981 2932 psdvdisk - ok
07:50:16.0137 2932 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
07:50:16.0184 2932 ql2300 - ok
07:50:16.0215 2932 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:50:16.0231 2932 ql40xx - ok
07:50:16.0293 2932 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
07:50:16.0309 2932 QWAVE - ok
07:50:16.0340 2932 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:50:16.0356 2932 QWAVEdrv - ok
07:50:16.0371 2932 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:50:16.0403 2932 RasAcd - ok
07:50:16.0434 2932 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
07:50:16.0449 2932 RasAuto - ok
07:50:16.0496 2932 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:50:16.0512 2932 Rasl2tp - ok
07:50:16.0590 2932 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
07:50:16.0621 2932 RasMan - ok
07:50:16.0668 2932 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:50:16.0683 2932 RasPppoe - ok
07:50:16.0715 2932 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:50:16.0730 2932 RasSstp - ok
07:50:16.0761 2932 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:50:16.0793 2932 rdbss - ok
07:50:16.0808 2932 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:50:16.0839 2932 RDPCDD - ok
07:50:16.0917 2932 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
07:50:16.0949 2932 rdpdr - ok
07:50:16.0949 2932 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:50:16.0980 2932 RDPENCDD - ok
07:50:17.0058 2932 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
07:50:17.0073 2932 RDPWD - ok
07:50:17.0120 2932 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
07:50:17.0151 2932 RemoteAccess - ok
07:50:17.0198 2932 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
07:50:17.0214 2932 RemoteRegistry - ok
07:50:17.0245 2932 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
07:50:17.0261 2932 RpcLocator - ok
07:50:17.0354 2932 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:50:17.0385 2932 RpcSs - ok
07:50:17.0432 2932 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:50:17.0463 2932 rspndr - ok
07:50:17.0495 2932 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:50:17.0510 2932 SamSs - ok
07:50:17.0541 2932 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:50:17.0557 2932 sbp2port - ok
07:50:17.0619 2932 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
07:50:17.0635 2932 SCardSvr - ok
07:50:17.0744 2932 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
07:50:17.0760 2932 Schedule - ok
07:50:17.0791 2932 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:50:17.0822 2932 SCPolicySvc - ok
07:50:17.0853 2932 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
07:50:17.0885 2932 SDRSVC - ok
07:50:17.0916 2932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:50:17.0963 2932 secdrv - ok
07:50:18.0009 2932 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
07:50:18.0041 2932 seclogon - ok
07:50:18.0072 2932 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
07:50:18.0087 2932 SENS - ok
07:50:18.0119 2932 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:50:18.0165 2932 Serenum - ok
07:50:18.0197 2932 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:50:18.0243 2932 Serial - ok
07:50:18.0275 2932 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:50:18.0290 2932 sermouse - ok
07:50:18.0353 2932 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
07:50:18.0384 2932 SessionEnv - ok
07:50:18.0415 2932 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
07:50:18.0431 2932 sffdisk - ok
07:50:18.0462 2932 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
07:50:18.0493 2932 sffp_mmc - ok
07:50:18.0524 2932 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
07:50:18.0555 2932 sffp_sd - ok
07:50:18.0571 2932 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:50:18.0618 2932 sfloppy - ok
07:50:18.0696 2932 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
07:50:18.0727 2932 SharedAccess - ok
07:50:18.0789 2932 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
07:50:18.0805 2932 ShellHWDetection - ok
07:50:18.0867 2932 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
07:50:18.0883 2932 sisagp - ok
07:50:18.0899 2932 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
07:50:18.0914 2932 SiSRaid2 - ok
07:50:18.0945 2932 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
07:50:18.0961 2932 SiSRaid4 - ok
07:50:19.0335 2932 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
07:50:19.0445 2932 slsvc - ok
07:50:19.0601 2932 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
07:50:19.0632 2932 SLUINotify - ok
07:50:19.0710 2932 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:50:19.0725 2932 Smb - ok
07:50:19.0772 2932 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
07:50:19.0788 2932 SNMPTRAP - ok
07:50:19.0803 2932 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:50:19.0819 2932 spldr - ok
07:50:19.0881 2932 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
07:50:19.0897 2932 Spooler - ok
07:50:19.0991 2932 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
07:50:19.0991 2932 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
07:50:19.0991 2932 sptd ( LockedFile.Multi.Generic ) - warning
07:50:19.0991 2932 sptd - detected LockedFile.Multi.Generic (1)
07:50:20.0053 2932 SQTECH905C (b9ac9023207149a206a9ea037d76cfce) C:\Windows\system32\Drivers\Capt905c.sys
07:50:20.0053 2932 SQTECH905C ( UnsignedFile.Multi.Generic ) - warning
07:50:20.0053 2932 SQTECH905C - detected UnsignedFile.Multi.Generic (1)
07:50:20.0131 2932 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
07:50:20.0147 2932 srv - ok
07:50:20.0193 2932 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
07:50:20.0209 2932 srv2 - ok
07:50:20.0240 2932 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
07:50:20.0256 2932 srvnet - ok
07:50:20.0334 2932 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
07:50:20.0349 2932 ssadbus - ok
07:50:20.0412 2932 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
07:50:20.0427 2932 ssadmdfl - ok
07:50:20.0474 2932 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
07:50:20.0490 2932 ssadmdm - ok
07:50:20.0537 2932 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
07:50:20.0552 2932 ssadserd - ok
07:50:20.0615 2932 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
07:50:20.0646 2932 SSDPSRV - ok
07:50:20.0693 2932 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
07:50:20.0708 2932 SstpSvc - ok
07:50:20.0802 2932 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
07:50:20.0817 2932 stisvc - ok
07:50:20.0895 2932 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\Windows\system32\Drivers\StkAMini.sys
07:50:20.0895 2932 StkAMini ( UnsignedFile.Multi.Generic ) - warning
07:50:20.0895 2932 StkAMini - detected UnsignedFile.Multi.Generic (1)
07:50:20.0942 2932 StkASSrv (5ccfe3b03f97005d221ba897c9a20b38) C:\Windows\System32\StkASv2K.exe
07:50:20.0958 2932 StkASSrv ( UnsignedFile.Multi.Generic ) - warning
07:50:20.0958 2932 StkASSrv - detected UnsignedFile.Multi.Generic (1)
07:50:20.0973 2932 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\Windows\system32\Drivers\StkScan.sys
07:50:20.0973 2932 StkScan ( UnsignedFile.Multi.Generic ) - warning
07:50:20.0973 2932 StkScan - detected UnsignedFile.Multi.Generic (1)
07:50:21.0020 2932 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:50:21.0020 2932 swenum - ok
07:50:21.0083 2932 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
07:50:21.0114 2932 swprv - ok
07:50:21.0145 2932 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:50:21.0161 2932 Symc8xx - ok
07:50:21.0176 2932 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:50:21.0192 2932 Sym_hi - ok
07:50:21.0223 2932 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:50:21.0239 2932 Sym_u3 - ok
07:50:21.0332 2932 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
07:50:21.0363 2932 SysMain - ok
07:50:21.0426 2932 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
07:50:21.0441 2932 TabletInputService - ok
07:50:21.0566 2932 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
07:50:21.0597 2932 TapiSrv - ok
07:50:21.0629 2932 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
07:50:21.0660 2932 TBS - ok
07:50:21.0800 2932 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
07:50:21.0831 2932 Tcpip - ok
07:50:21.0847 2932 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
07:50:21.0894 2932 Tcpip6 - ok
07:50:21.0925 2932 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
07:50:21.0941 2932 tcpipreg - ok
07:50:21.0972 2932 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:50:22.0003 2932 TDPIPE - ok
07:50:22.0019 2932 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:50:22.0050 2932 TDTCP - ok
07:50:22.0097 2932 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:50:22.0112 2932 tdx - ok
07:50:22.0159 2932 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:50:22.0175 2932 TermDD - ok
07:50:22.0253 2932 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
07:50:22.0284 2932 TermService - ok
07:50:22.0377 2932 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
07:50:22.0393 2932 Themes - ok
07:50:22.0424 2932 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:50:22.0455 2932 THREADORDER - ok
07:50:22.0533 2932 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
07:50:22.0565 2932 TrkWks - ok
07:50:22.0611 2932 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
07:50:22.0643 2932 TrustedInstaller - ok
07:50:22.0689 2932 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:50:22.0705 2932 tssecsrv - ok
07:50:22.0736 2932 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:50:22.0752 2932 tunmp - ok
07:50:22.0783 2932 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:50:22.0799 2932 tunnel - ok
07:50:22.0830 2932 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
07:50:22.0845 2932 uagp35 - ok
07:50:22.0908 2932 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:50:22.0923 2932 udfs - ok
07:50:22.0970 2932 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
07:50:23.0001 2932 UI0Detect - ok
07:50:23.0033 2932 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
07:50:23.0048 2932 uliagpkx - ok
07:50:23.0126 2932 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
07:50:23.0142 2932 uliahci - ok
07:50:23.0173 2932 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:50:23.0189 2932 UlSata - ok
07:50:23.0235 2932 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:50:23.0251 2932 ulsata2 - ok
07:50:23.0282 2932 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:50:23.0298 2932 umbus - ok
07:50:23.0345 2932 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
07:50:23.0376 2932 upnphost - ok
07:50:23.0438 2932 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
07:50:23.0454 2932 usbaudio - ok
07:50:23.0485 2932 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:50:23.0516 2932 usbccgp - ok
07:50:23.0547 2932 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:50:23.0594 2932 usbcir - ok
07:50:23.0641 2932 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
07:50:23.0688 2932 usbehci - ok
07:50:23.0719 2932 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
07:50:23.0750 2932 usbhub - ok
07:50:23.0781 2932 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
07:50:23.0828 2932 usbohci - ok
07:50:23.0859 2932 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
07:50:23.0891 2932 usbprint - ok
07:50:23.0937 2932 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
07:50:23.0953 2932 usbscan - ok
07:50:24.0015 2932 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:50:24.0031 2932 USBSTOR - ok
07:50:24.0062 2932 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:50:24.0093 2932 usbuhci - ok
07:50:24.0125 2932 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
07:50:24.0156 2932 UxSms - ok
07:50:24.0234 2932 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
07:50:24.0265 2932 vds - ok
07:50:24.0296 2932 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
07:50:24.0312 2932 vga - ok
07:50:24.0343 2932 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:50:24.0374 2932 VgaSave - ok
07:50:24.0405 2932 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
07:50:24.0421 2932 viaagp - ok
07:50:24.0483 2932 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
07:50:24.0499 2932 ViaC7 - ok
07:50:24.0530 2932 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
07:50:24.0546 2932 viaide - ok
07:50:24.0577 2932 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:50:24.0593 2932 volmgr - ok
07:50:24.0639 2932 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
07:50:24.0671 2932 volmgrx - ok
07:50:24.0717 2932 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
07:50:24.0733 2932 volsnap - ok
07:50:24.0780 2932 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
07:50:24.0795 2932 vsmraid - ok
07:50:24.0936 2932 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
07:50:24.0983 2932 VSS - ok
07:50:25.0045 2932 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
07:50:25.0076 2932 W32Time - ok
07:50:25.0139 2932 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:50:25.0185 2932 WacomPen - ok
07:50:25.0217 2932 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:25.0232 2932 Wanarp - ok
07:50:25.0248 2932 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:25.0279 2932 Wanarpv6 - ok
07:50:25.0357 2932 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
07:50:25.0373 2932 wcncsvc - ok
07:50:25.0404 2932 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
07:50:25.0435 2932 WcsPlugInService - ok
07:50:25.0466 2932 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
07:50:25.0482 2932 Wd - ok
07:50:25.0560 2932 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:50:25.0591 2932 Wdf01000 - ok
07:50:25.0607 2932 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:50:25.0638 2932 WdiServiceHost - ok
07:50:25.0653 2932 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:50:25.0685 2932 WdiSystemHost - ok
07:50:25.0763 2932 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
07:50:25.0794 2932 WebClient - ok
07:50:25.0841 2932 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
07:50:25.0872 2932 Wecsvc - ok
07:50:25.0903 2932 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
07:50:25.0934 2932 wercplsupport - ok
07:50:25.0981 2932 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
07:50:26.0012 2932 WerSvc - ok
07:50:26.0121 2932 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
07:50:26.0153 2932 winachsf - ok
07:50:26.0246 2932 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
07:50:26.0262 2932 WinDefend - ok
07:50:26.0277 2932 WinHttpAutoProxySvc - ok
07:50:26.0387 2932 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
07:50:26.0402 2932 Winmgmt - ok
07:50:26.0574 2932 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
07:50:26.0621 2932 WinRM - ok
07:50:26.0730 2932 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
07:50:26.0745 2932 Wlansvc - ok
07:50:26.0839 2932 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:50:26.0855 2932 WmiAcpi - ok
07:50:26.0948 2932 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
07:50:26.0964 2932 wmiApSrv - ok
07:50:27.0073 2932 WMIService (ee80ac462a171dbf06eeb2058b5d3bc6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
07:50:27.0073 2932 WMIService ( UnsignedFile.Multi.Generic ) - warning
07:50:27.0073 2932 WMIService - detected UnsignedFile.Multi.Generic (1)
07:50:27.0260 2932 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:50:27.0291 2932 WMPNetworkSvc - ok
07:50:27.0479 2932 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
07:50:27.0494 2932 WPCSvc - ok
07:50:27.0541 2932 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
07:50:27.0572 2932 WPDBusEnum - ok
07:50:27.0635 2932 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
07:50:27.0650 2932 WpdUsb - ok
07:50:27.0713 2932 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:50:27.0728 2932 ws2ifsl - ok
07:50:27.0775 2932 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
07:50:27.0791 2932 wscsvc - ok
07:50:27.0806 2932 WSearch - ok
07:50:28.0040 2932 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
07:50:28.0103 2932 wuauserv - ok
07:50:28.0305 2932 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:50:28.0337 2932 WUDFRd - ok
07:50:28.0368 2932 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
07:50:28.0399 2932 wudfsvc - ok
07:50:28.0415 2932 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
07:50:28.0430 2932 XAudio - ok
07:50:28.0493 2932 XAudioService (f82fc2c30a19442b95ae554215837c46) C:\Windows\system32\DRIVERS\xaudio.exe
07:50:28.0524 2932 XAudioService - ok
07:50:28.0571 2932 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
07:50:31.0082 2932 \Device\Harddisk0\DR0 - ok
07:50:31.0113 2932 Boot (0x1200) (1e10536badbc246ac103a0739640eb09) \Device\Harddisk0\DR0\Partition0
07:50:31.0129 2932 \Device\Harddisk0\DR0\Partition0 - ok
07:50:31.0145 2932 Boot (0x1200) (b2a68e550ffeed4ad20ef32bec08ae11) \Device\Harddisk0\DR0\Partition1
07:50:31.0145 2932 \Device\Harddisk0\DR0\Partition1 - ok
07:50:31.0160 2932 ============================================================
07:50:31.0160 2932 Scan finished
07:50:31.0160 2932 ============================================================
07:50:31.0176 3992 Detected object count: 16
07:50:31.0176 3992 Actual detected object count: 16
07:51:20.0409 3992 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0409 3992 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0409 3992 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0409 3992 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0409 3992 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0409 3992 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0409 3992 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0409 3992 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0409 3992 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0409 3992 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0425 3992 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0425 3992 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0425 3992 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:51:20.0425 3992 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:51:20.0425 3992 SQTECH905C ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0425 3992 SQTECH905C ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0425 3992 StkAMini ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0425 3992 StkAMini ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0425 3992 StkASSrv ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0425 3992 StkASSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0425 3992 StkScan ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0425 3992 StkScan ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:20.0425 3992 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
07:51:20.0425 3992 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip

------------------------------------------------------------------------------------------------------

#3

FSS Report


Farbar Service Scanner Version: 09-06-2012
Ran by Roger Trudel (administrator) on 13-06-2012 at 08:01:09
Running from "C:\Users\Roger Trudel\Downloads"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 18:17] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

--------------------------------------------------------------------------
#4 olt.txt

OTL logfile created on: 13/06/2012 8:03:52 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Roger Trudel\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.87% Memory free
4.22 Gb Paging File | 3.11 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 31.71 Gb Free Space | 46.11% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 39.88 Gb Free Space | 58.16% Space Free | Partition Type: NTFS

Computer Name: ROGERTRUDEL-PC | User Name: Roger Trudel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 08:02:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Roger Trudel\Downloads\OTL (1).exe
PRC - [2012/06/13 07:49:29 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Roger Trudel\Desktop\tdsskiller.exe
PRC - [2012/05/28 19:33:58 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/04/13 17:58:15 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/03/11 05:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/05 09:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 09:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/04 13:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/12/20 14:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/10/01 19:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/05/16 23:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/12 21:17:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2008/01/03 05:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2003/06/07 08:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/03/05 09:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 14:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 21:54:36 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/01 19:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/05/16 23:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/24 00:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Disabled | Stopped] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROGERT~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/06/13 07:43:52 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8239F1D5-799B-4485-AFB9-AE878CDC4A03}\MpKsl7d768f12.sys -- (MpKsl7d768f12)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/19 22:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/31 22:23:22 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/09 22:23:06 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV - [2009/01/13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/12/11 05:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/20 15:29:00 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/07/03 11:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/03/09 02:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/01/30 01:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/15 18:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/11/02 16:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/06/27 19:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Roger Trudel\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/29 15:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Roger Trudel\Program Files\DNA [2009/01/29 15:45:22 | 000,000,000 | ---D | M]

[2012/03/03 11:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/03 11:09:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========


O1 HOSTS File: ([2011/06/07 21:25:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Jennifer Trudel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{052544A9-5423-4EE5-B347-BC9AF483EF2B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D50D0437-1909-4A8D-BD2B-8DCFA37F3700}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Roger Trudel\Pictures\56446805-30061526 cup ring.jpg
O24 - Desktop BackupWallPaper: C:\Users\Roger Trudel\Pictures\56446805-30061526 cup ring.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Roger Trudel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Monitor - hkey= - key= - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 07:49:20 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Roger Trudel\Desktop\tdsskiller.exe
[2012/06/12 18:10:46 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

========== Files - Modified Within 30 Days ==========

[2012/06/13 07:49:29 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Roger Trudel\Desktop\tdsskiller.exe
[2012/06/13 07:23:03 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 07:23:03 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 07:22:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 13:41:52 | 000,602,478 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/12 13:41:52 | 000,106,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/02 18:48:46 | 001,694,880 | ---- | M] () -- C:\Users\Roger Trudel\Documents\I5510_UG_EN mobile phone manual.pdf
[2012/05/31 23:01:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/05/26 21:59:50 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLea.DAT
[2012/05/15 20:03:07 | 000,368,055 | ---- | M] () -- C:\Users\Roger Trudel\Documents\79 Cutless.jpg
[2012/05/15 19:54:49 | 002,277,216 | ---- | M] () -- C:\Users\Roger Trudel\Documents\79 Cutless.tif
[2012/05/15 19:50:57 | 002,359,350 | ---- | M] () -- C:\Users\Roger Trudel\Documents\79 Cutless.BMP

========== Files Created - No Company Name ==========

[2012/06/12 10:44:07 | 000,002,048 | ---- | C] () -- C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\U\00000004.@
[2012/06/02 18:48:42 | 001,694,880 | ---- | C] () -- C:\Users\Roger Trudel\Documents\I5510_UG_EN mobile phone manual.pdf
[2012/05/31 23:01:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/05/15 19:54:49 | 002,277,216 | ---- | C] () -- C:\Users\Roger Trudel\Documents\79 Cutless.tif
[2012/05/15 19:52:44 | 000,368,055 | ---- | C] () -- C:\Users\Roger Trudel\Documents\79 Cutless.jpg
[2012/05/15 19:50:56 | 002,359,350 | ---- | C] () -- C:\Users\Roger Trudel\Documents\79 Cutless.BMP
[2012/01/11 10:03:33 | 000,002,048 | -HS- | C] () -- C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\@
[2011/10/12 11:58:46 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/06/07 19:31:17 | 000,000,680 | ---- | C] () -- C:\Users\Roger Trudel\AppData\Local\d3d9caps.dat
[2011/06/07 19:18:59 | 000,000,168 | ---- | C] () -- C:\ProgramData\~30793464r
[2011/06/07 19:18:57 | 000,000,144 | ---- | C] () -- C:\ProgramData\~30793464
[2011/06/07 19:18:30 | 000,000,344 | ---- | C] () -- C:\ProgramData\30793464
[2011/01/02 12:39:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/02 12:39:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/30 21:12:52 | 000,157,508 | ---- | C] () -- C:\Windows\hpoins28.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/12/31 22:23:22 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/03/20 20:44:12 | 000,171,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\MpFilter.sys
[2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\NisDrvWFP.sys
[2012/03/20 19:28:50 | 000,053,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\partmgr.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2012/03/29 09:39:19 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpipreg.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 09:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 09:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 22:33:55 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 09:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/20 22:34:49 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: TDX.SYS >
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 22:34:42 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 22:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 22:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/20 22:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\GAC\*.ini /s >
[2010/12/27 13:02:09 | 000,000,329 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:09 | 000,000,315 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:10 | 000,000,309 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:01:52 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:01:55 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:01:57 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:01:58 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:01 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:02 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:03 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:04 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:05 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:10 | 000,000,311 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:10 | 000,000,313 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:11 | 000,000,315 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:11 | 000,000,313 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:11 | 000,000,315 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2010/12/27 13:02:08 | 000,000,291 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2006/11/02 08:52:45 | 000,000,325 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini
[2006/11/02 08:52:45 | 000,000,328 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/08 13:18:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/08 13:18:24 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/08 13:18:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/08 13:18:24 | 000,748,336 | ---- | M] (Microsoft Corporation)

< HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 /rs >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Roger Trudel\Desktop\JM_30DAY_SHRED.avi:TOC.WMV
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BDEBC850
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E36F5B57

< End of report >


-------------------------------------------------------------------------------------------------------------------------------------

extras.txt

OTL Extras logfile created on: 13/06/2012 8:03:52 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Roger Trudel\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.87% Memory free
4.22 Gb Paging File | 3.11 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 31.71 Gb Free Space | 46.11% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 39.88 Gb Free Space | 58.16% Space Free | Partition Type: NTFS

Computer Name: ROGERTRUDEL-PC | User Name: Roger Trudel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EDCDA90-6623-472C-A7AE-26A2AFF4E3E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{43647186-6332-4FBF-AF41-E93FC4EDEBD5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D5EE0E2-7AF8-4E9F-B369-09A31145F88C}" = rport=139 | protocol=6 | dir=out | app=system |
"{87D63183-42EF-4386-A94A-1ED8E048C7DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5140E1C-5E70-4A01-855C-692674F860C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB09EF0F-0BB1-4C4B-9EAF-05C8665F5ECC}" = rport=445 | protocol=6 | dir=out | app=system |
"{D64E4D22-99A7-45F2-B44F-949CBF916137}" = rport=137 | protocol=17 | dir=out | app=system |
"{D936B01F-740A-41D9-AC07-7FC5DFEEF4E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{E05E2402-D68C-4D20-B990-86C37D8B1E51}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB4D6767-AC01-466A-B337-265B35AFEF9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F11937-945B-4D16-A727-0C8FBA2D1DD8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1389269F-E051-4909-A3DC-9F1CB1F26C06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{176D83EE-42DB-47A2-BFD5-ABA2AA73002E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{27A7CE24-49A6-427D-9670-ED0E6FD999C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30A0B497-20F2-4FF9-8AAA-A0B0C587FAA4}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{38D0F9B5-7159-4FA7-93C8-2CAD3560EBC9}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{4828AC30-CFC4-417E-8E71-9EA1D2034E03}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4F92D9FF-5CB4-437C-AFAA-12C8C657BD0B}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{55B39AAA-833D-4E4B-9566-9152E86C2FBC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{656F169B-B136-499B-A5FA-CA2E2A9DFB44}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F94CE3B-A723-4654-88B0-C8D86B32304B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7818EB74-BEF8-4AB0-87CF-01AFF09C3471}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{79FE88C6-EE54-4DF0-9197-CA52512A1824}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{813B8286-6D01-4FB6-BB3A-5DB31935B0D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{848D80C9-CD90-4D5D-8E35-1F7014DC1BFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9070541E-777B-459C-A113-7A040BAF281A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{94695BD5-74BA-4D5E-AFEB-3A20F62AF8F7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{960A7FAD-06F9-40E5-967C-2F662A74E43B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A8830625-F5BE-4B3E-A25E-95FB2D76B9A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A9F644D6-46EF-4193-A926-21F56521EA3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{BD2F0FA0-900F-442D-B615-08AE220DDDF3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDDA5A81-65B7-4654-81D0-A5223FFA794E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{C5E135D3-2D2A-4EDF-B1F5-91FA7109A08F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DB46FF68-FB41-476C-B490-42243C95D018}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DD60AC93-18D5-4555-8A63-1A33E2812BAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{DE645619-1636-42F2-B905-E2BE6119B8B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E575884D-B0E4-469D-A368-ACE8CC65C37B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{ECA599DA-2578-4120-B144-F978DAA44D86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{06CB6D97-E4F1-4D56-B2FF-D68ECFF62580}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{36243EF0-FDE7-4008-8192-65710FCCEF4B}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{9471E4C4-FAAB-4BE4-A70D-5F042EF1B72A}C:\users\roger trudel\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\roger trudel\program files\dna\btdna.exe |
"TCP Query User{9FB86B54-C91B-408B-8D4B-5D854C9733B8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BD722F7F-B633-4026-872C-674BE32FD6C4}C:\users\roger trudel\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\roger trudel\program files\dna\btdna.exe |
"TCP Query User{E27BCB2A-E075-4B5E-BE8F-C2350F4E8868}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{02CF3365-0939-43B0-B906-6D31884A88CE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{12771E94-5683-4155-997B-03AC828C0A6B}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{39FA6BCD-BBC0-4736-B49A-5691D649A174}C:\users\roger trudel\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\roger trudel\program files\dna\btdna.exe |
"UDP Query User{535F6CB2-EE20-443C-A952-3678CA55D3DA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{774926C7-AD8B-4C5A-95D1-BEF3EE295E78}C:\users\roger trudel\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\roger trudel\program files\dna\btdna.exe |
"UDP Query User{A520B57D-8C8B-4572-B2E6-B9B7A06BE81C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DDC579-834B-4C14-8122-853994FA2214}" = NikonCapture
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 Deluxe
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{585D96E5-1A6A-410C-8F5F-F606CA1CCE1C}" = UFile 2010
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F92CC5-FAEC-47BF-926F-2C79A7B086D7}" = Baseball Mogul 2006
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7087457A-98F4-4F77-967D-0685C8F18308}" = UFile Updater 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C8626FA-408B-4A90-9EDC-9D128ABD61F8}" = UFile 2011
"{7CFB90B6-603B-43D5-B2B4-76DE58C5C3D3}" = USB2.0 VIDBOX NW02
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{86786EAE-1BB0-4031-8F85-D1972C158BBA}" = honestech VHS to DVD 3.0 Deluxe
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{983338D4-D972-4C58-AA6D-B81445070451}" = The Digital Arts and Crafts Studio
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}" = NHL Eastside Hockey Manager 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A859FA27-05AF-4295-BF2C-A9D3A5A707EE}" = UFile Updater 2010
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D859D35F-E947-4F2A-8591-C76A4D116178}" = Dora Backpack
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19F7B24-AAD4-4236-8475-5335483DA676}" = Avery Wizard 3.1
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"BFGC" = Big Fish Games: Game Manager
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Digital Editions" = Adobe Digital Editions
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"Eastside UK saved game Editor for NHL EHM 2007_is1" = Eastside UK saved game Editor v2007.0.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Go Diego Go! Wolf Pup Rescue_is1" = Go Diego Go! Wolf Pup Rescue
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.5 (Standard)
"Kobo" = Kobo
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Lexmark Z25-Z35" = Lexmark Z25-Z35
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Out of the Park 8" = Out of the Park 8
"Photo Viewer" = Photo Viewer 2.4
"RADVideo" = RAD Video Tools
"Reader Rabbit Learn To Read With Phonics" = Reader Rabbit Learn To Read With Phonics
"ST4UNST #1" = Peck's Power Join
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 0.9.6
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/06/2012 10:17:05 PM | Computer Name = RogerTrudel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2012 12:47:18 AM | Computer Name = RogerTrudel-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/06/2012 7:23:01 AM | Computer Name = RogerTrudel-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/06/2012 7:25:00 AM | Computer Name = RogerTrudel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2012 7:25:00 AM | Computer Name = RogerTrudel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2012 7:25:01 AM | Computer Name = RogerTrudel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2012 7:25:01 AM | Computer Name = RogerTrudel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2012 7:25:01 AM | Computer Name = RogerTrudel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2012 7:43:46 AM | Computer Name = RogerTrudel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2012 8:08:39 AM | Computer Name = RogerTrudel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 12/06/2012 6:08:08 PM | Computer Name = RogerTrudel-PC | Source = DCOM | ID = 10005
Description =

Error - 12/06/2012 6:08:08 PM | Computer Name = RogerTrudel-PC | Source = DCOM | ID = 10005
Description =

Error - 12/06/2012 6:08:08 PM | Computer Name = RogerTrudel-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/06/2012 6:14:51 PM | Computer Name = RogerTrudel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/06/2012 6:47:12 PM | Computer Name = RogerTrudel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/06/2012 8:34:10 PM | Computer Name = RogerTrudel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/06/2012 9:26:02 PM | Computer Name = RogerTrudel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 13/06/2012 12:48:43 AM | Computer Name = RogerTrudel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 13/06/2012 7:24:28 AM | Computer Name = RogerTrudel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 13/06/2012 7:25:59 AM | Computer Name = RogerTrudel-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{052544A9-5423-4EE5-B347-BC9AF483EF2B}
because another computer on the network has the same name. The server could not
start.


< End of report >
--------------------------------------------------------------------------------

computer is running good not slowing up..

LR

#4 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 13 June 2012 - 07:47 PM

ST,

forgot to mention that when I did tdss killer I left everything at skip and never quarantined... was I supposed to quarantine then hit continue.. there was no mention in your instructions so I left it alone but feel like something should have been done to contain the virus? Or does it happen in our next step coming up?

LR

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 14 June 2012 - 07:28 AM

Hi luckyrabbit!

Not a problem! I'm glad to be of assistance!

You ran TDSSKiller correctly. What you are seeing with those detections is files that are unsigned, and it's telling you that there could be a problem with them.

We'll be running a more powerful tool a little later in this post, so we'll see where we stand then. :)


OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROGERT~1\AppData\Local\Temp\catchme.sys -- (catchme)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O4 - Startup: C:\Users\Jennifer Trudel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    MsConfig - StartUpFolder: C:^Users^Roger Trudel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - - File not found
    [2011/06/07 19:18:59 | 000,000,168 | ---- | C] () -- C:\ProgramData\~30793464r
    [2011/06/07 19:18:57 | 000,000,144 | ---- | C] () -- C:\ProgramData\~30793464
    [2011/06/07 19:18:30 | 000,000,344 | ---- | C] () -- C:\ProgramData\30793464
    @Alternate Data Stream - 64 bytes -> C:\Users\Roger Trudel\Desktop\JM_30DAY_SHRED.avi:TOC.WMV
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BDEBC850
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E36F5B57
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 14 June 2012 - 06:55 PM

1. did what you asked and at the end of combo fix it said something about runtime and then a box popped up with PEV..(something) sorry never wrote it down then the computer restarted and gave me the combofix log. I did leave the computer for abit while combofix is running that's probably why the runtime.

2. ========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\ROGERT~1\AppData\Local\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
C:\Users\Jennifer Trudel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Roger Trudel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk\ deleted successfully.
C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup moved successfully.
C:\ProgramData\~30793464r moved successfully.
C:\ProgramData\~30793464 moved successfully.
C:\ProgramData\30793464 moved successfully.
ADS C:\Users\Roger Trudel\Desktop\JM_30DAY_SHRED.avi:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:BDEBC850 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Roger Trudel\Desktop\cmd.bat deleted successfully.
C:\Users\Roger Trudel\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Roger Trudel\Desktop\cmd.bat deleted successfully.
C:\Users\Roger Trudel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jennifer Trudel
->Flash cache emptied: 303185 bytes

User: Journal

User: Public

User: RegBack

User: Roger Trudel
->Flash cache emptied: 181462 bytes

User: systemprofile

User: TxR

Total Flash Files Cleaned = 1.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jennifer Trudel
->Java cache emptied: 25828507 bytes

User: Journal

User: Public

User: RegBack

User: Roger Trudel
->Java cache emptied: 14702386 bytes

User: systemprofile

User: TxR

Total Java Files Cleaned = 39.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06142012_182450

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


-------------------------------------------------------------
3.
ComboFix 12-06-14.01 - Roger Trudel 14/06/2012 18:40:49.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2037.994 [GMT -4:00]
Running from: c:\users\Roger Trudel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roger Trudel\AppData\Roaming\Help\coredb\storage
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 23:01 . 2012-06-14 23:01 -------- d-----w- c:\users\TxR\AppData\Local\temp
2012-06-14 23:01 . 2012-06-14 23:01 -------- d-----w- c:\users\systemprofile\AppData\Local\temp
2012-06-14 23:01 . 2012-06-14 23:01 -------- d-----w- c:\users\RegBack\AppData\Local\temp
2012-06-14 23:01 . 2012-06-14 23:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-14 23:01 . 2012-06-14 23:01 -------- d-----w- c:\users\Journal\AppData\Local\temp
2012-06-14 23:01 . 2012-06-14 23:01 -------- d-----w- c:\users\Jennifer Trudel\AppData\Local\temp
2012-06-14 23:01 . 2012-06-14 23:10 -------- d-----w- c:\users\Roger Trudel\AppData\Local\temp
2012-06-14 23:01 . 2012-06-14 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 22:32 . 2012-06-14 22:32 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B477BBF-2745-4551-9B2F-1A3B9E1FF2DF}\offreg.dll
2012-06-14 22:24 . 2012-06-14 22:24 -------- d-----w- C:\_OTL
2012-06-14 00:29 . 2012-02-10 12:52 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FB94C5A-18AE-419E-8916-1785EE42FF73}\gapaengine.dll
2012-06-14 00:26 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B477BBF-2745-4551-9B2F-1A3B9E1FF2DF}\mpengine.dll
2012-06-14 00:14 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-01-01 20:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-10 22:15 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 22:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-10 22:15 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-10 22:17 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-10 22:17 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-21 00:44 . 2010-10-25 02:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2010-10-25 02:25 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 23:28 . 2012-05-10 22:17 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-09-29 06:53 . 2011-10-12 16:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-11-12 17:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-14 19:31:08
ComboFix-quarantined-files.txt 2012-06-14 23:31
ComboFix2.txt 2011-06-08 01:32
.
Pre-Run: 30,880,858,112 bytes free
Post-Run: 30,868,328,448 bytes free
.
- - End Of File - - 070E5BCE5BD98F890E653774396E1F4E
----------------------------------------------------------------------------

4. good news my desktop appears to be fixed my the icons in the same place I beleive that they were (all I know is I had pics on the right side and I have them there again and looks like most(if not all...can't remember) are back


LR

#7 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 14 June 2012 - 08:43 PM

ST

sorry do have another ? before we continue... Am I able to do disk cleanup and clean past restore points or should I wait or am I able to recreate another restore point now then delete pastones? just want to know if it is safe to do so yet?

ty

LR

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 15 June 2012 - 01:02 AM

Hi luckyrabbit!

1. did what you asked and at the end of combo fix it said something about runtime and then a box popped up with PEV..(something) sorry never wrote it down then the computer restarted and gave me the combofix log. I did leave the computer for abit while combofix is running that's probably why the runtime.


Okay, thanks for that information. :)

Am I able to do disk cleanup and clean past restore points or should I wait or am I able to recreate another restore point now then delete pastones? just want to know if it is safe to do so yet?

I would like to have you not do that just yet.

We'll flush out all your old restore points, and create a new one a little later. This will get done once your logs look clean, and we are getting ready to wrap things up.

===================


Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. ESET Online Virus Scan log file.
4. SecurityCheck log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 15 June 2012 - 10:00 PM

Sweet Tech.. what up....

ok here we go ...

1, got nothing for ya

2 . Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.15.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger Trudel :: ROGERTRUDEL-PC [administrator]

15/06/2012 7:41:46 AM
mbam-log-2012-06-15 (07-41-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254491
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------------------------------------------------

3. Was puzzled I never got a log so I did a second scan and same thing.. all it said was no infections detected and press finish


4. Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.61.0.1400
HijackThis 1.99.1
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (7.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Empowering Technology eSettings Service capuserv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

------------------------------------------------------------------------
5. computer seems ok, no popups.. or anything like that.. I will say my windows updates keeps reminding me but I haven't uploaded yet till we get this cleared up.. or should I? one is the malicous removal.. for MSE and windows security updates.. since the day after I got my virus


LR

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 16 June 2012 - 06:51 AM

Hi luckyrabbit!

Not too much is up with me. How about yourself?


We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Double click on Programs and Features
  • Find and click the Uninstall button to uninstall the following (if present):
  • HijackThis 1.99.1


NEXT:

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

-----

Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Adobe flash:
  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.


NEXT



Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586-s.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 13.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting About.

Please make sure that you check for updates again by selecting the Aboutmenu after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Please go ahead and allow the Windows Updates to install to your computer before you run the new OTL scan below.

OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    netsvcs
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 16 June 2012 - 11:20 AM

ok ,

everything is good upto OTL fix... when I ran this it asked to reboot and when it did I got the black screen with the flashing cursor on top left then it kept running for ever till my computer shut down when I fired it back up it gave me a log but I'm not sure if it was truly finished. should I run OTL fix again? here is the log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jennifer Trudel
->Temp folder emptied: 236632 bytes
->Temporary Internet Files folder emptied: 356857692 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20270308 bytes
->Flash cache emptied: 632 bytes

User: Journal
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RegBack
->Temp folder emptied: 0 bytes

User: Roger Trudel
->Temp folder emptied: 62416812 bytes
->Temporary Internet Files folder emptied: 830523032 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1159 bytes

User: systemprofile
->Temp folder emptied: 0 bytes

User: TxR
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88747 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,212.00 mb

Error: Unable to interpret <[EMPTYFLASH> in the current context!

OTL by OldTimer - Version 3.2.48.0 log created on 06162012_093110

Files\Folders moved on Reboot...
C:\Users\Roger Trudel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ER3VIR0A\topic456842[1].htm moved successfully.
C:\Users\Roger Trudel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Roger Trudel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

-----------------------------------------------------------

I haven't installed new updates or OTL fix scan yet... wanted to make sure this looks fine

LR

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 17 June 2012 - 07:46 AM

Hi!

It shouldn't be necessary to re-run the OTL fix. It looks like it ran successfully.

Please proceed with the rest of the instructions in my previous post.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 17 June 2012 - 08:59 PM

OTL custom scan log

OTL logfile created on: 17/06/2012 9:38:29 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Roger Trudel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.35% Memory free
4.22 Gb Paging File | 2.92 Gb Available in Paging File | 69.28% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 26.43 Gb Free Space | 38.44% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 39.70 Gb Free Space | 57.90% Space Free | Partition Type: NTFS

Computer Name: ROGERTRUDEL-PC | User Name: Roger Trudel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 11:19:20 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Jennifer Trudel\AppData\Local\temp\RtkBtMnt.exe
PRC - [2012/06/16 11:13:10 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
PRC - [2012/06/16 08:29:47 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/06/14 18:23:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Roger Trudel\Desktop\OTL.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/03/11 05:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/05 09:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 09:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/04 13:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/12/20 14:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/10/01 19:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/05/16 23:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/12 21:17:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2008/01/03 05:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/06/07 08:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)
SRV - [2012/06/16 12:51:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/03/05 09:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 14:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 21:54:36 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/01 19:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/05/16 23:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/24 00:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Disabled | Stopped] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROGERT~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/19 22:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/31 22:23:22 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/09 22:23:06 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV - [2009/01/13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/12/11 05:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/20 15:29:00 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/07/03 11:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/03/09 02:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/01/30 01:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/15 18:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/11/02 16:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/06/27 19:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKCU\..\SearchScopes\{AF65A6A3-DADF-4014-A46E-F430B05B85E2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Roger Trudel\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Roger Trudel\Program Files\DNA [2009/01/29 15:45:22 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2012/06/14 19:10:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{052544A9-5423-4EE5-B347-BC9AF483EF2B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D50D0437-1909-4A8D-BD2B-8DCFA37F3700}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Roger Trudel\Pictures\56446805-30061526 cup ring.jpg
O24 - Desktop BackupWallPaper: C:\Users\Roger Trudel\Pictures\56446805-30061526 cup ring.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 22:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/06/16 08:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/16 08:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/14 19:31:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/14 19:31:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/14 19:31:10 | 000,000,000 | ---D | C] -- C:\Users\Roger Trudel\AppData\Local\temp
[2012/06/14 18:35:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/14 18:35:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/14 18:35:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/14 18:35:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/14 18:33:02 | 004,557,483 | R--- | C] (Swearware) -- C:\Users\Roger Trudel\Desktop\ComboFix.exe
[2012/06/14 18:24:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/14 18:23:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Roger Trudel\Desktop\OTL.exe
[2012/06/13 07:49:20 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Roger Trudel\Desktop\tdsskiller.exe

========== Files - Modified Within 30 Days ==========

[2012/06/17 21:28:33 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/17 21:28:33 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/17 20:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 20:21:51 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 20:21:51 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 20:21:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 18:52:08 | 002,640,140 | ---- | M] () -- C:\Users\Roger Trudel\Desktop\DSCN6548.JPG
[2012/06/17 18:50:59 | 002,799,088 | ---- | M] () -- C:\Users\Roger Trudel\Desktop\DSCN6543.JPG
[2012/06/17 18:50:35 | 002,593,479 | ---- | M] () -- C:\Users\Roger Trudel\Desktop\DSCN6547.JPG
[2012/06/17 18:49:48 | 001,742,196 | ---- | M] () -- C:\Users\Roger Trudel\Desktop\DSCN6551.JPG
[2012/06/17 18:48:46 | 002,800,910 | ---- | M] () -- C:\Users\Roger Trudel\Desktop\DSCN6546.JPG
[2012/06/17 18:47:49 | 002,086,725 | ---- | M] () -- C:\Users\Roger Trudel\Desktop\DSCN6544.JPG
[2012/06/17 14:59:08 | 001,236,116 | ---- | M] () -- C:\Users\Roger Trudel\Desktop\DSCN6545.JPG
[2012/06/17 10:23:10 | 000,119,296 | ---- | M] () -- C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/17 09:50:36 | 000,297,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/16 22:33:14 | 000,000,887 | ---- | M] () -- C:\Users\Roger Trudel\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/06/16 22:33:13 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/06/16 09:25:25 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/15 22:44:17 | 000,853,862 | ---- | M] () -- C:\Users\Roger Trudel\Desktop\SecurityCheck.exe
[2012/06/14 19:10:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/14 18:33:05 | 004,557,483 | R--- | M] (Swearware) -- C:\Users\Roger Trudel\Desktop\ComboFix.exe
[2012/06/14 18:23:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Roger Trudel\Desktop\OTL.exe
[2012/06/13 07:49:29 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Roger Trudel\Desktop\tdsskiller.exe
[2012/06/02 18:48:46 | 001,694,880 | ---- | M] () -- C:\Users\Roger Trudel\Documents\I5510_UG_EN mobile phone manual.pdf
[2012/05/31 23:01:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/05/26 21:59:50 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLea.DAT

========== Files Created - No Company Name ==========

[2012/06/17 18:46:38 | 001,742,196 | ---- | C] () -- C:\Users\Roger Trudel\Desktop\DSCN6551.JPG
[2012/06/17 18:46:30 | 002,086,725 | ---- | C] () -- C:\Users\Roger Trudel\Desktop\DSCN6544.JPG
[2012/06/17 18:46:30 | 001,236,116 | ---- | C] () -- C:\Users\Roger Trudel\Desktop\DSCN6545.JPG
[2012/06/17 18:46:20 | 002,593,479 | ---- | C] () -- C:\Users\Roger Trudel\Desktop\DSCN6547.JPG
[2012/06/17 18:46:17 | 002,800,910 | ---- | C] () -- C:\Users\Roger Trudel\Desktop\DSCN6546.JPG
[2012/06/17 18:46:13 | 002,799,088 | ---- | C] () -- C:\Users\Roger Trudel\Desktop\DSCN6543.JPG
[2012/06/17 18:46:10 | 002,640,140 | ---- | C] () -- C:\Users\Roger Trudel\Desktop\DSCN6548.JPG
[2012/06/16 22:33:14 | 000,000,887 | ---- | C] () -- C:\Users\Roger Trudel\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/06/16 22:33:13 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/06/16 09:25:25 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/16 09:25:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/16 08:29:48 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 22:44:06 | 000,853,862 | ---- | C] () -- C:\Users\Roger Trudel\Desktop\SecurityCheck.exe
[2012/06/14 18:35:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/14 18:35:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/14 18:35:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/14 18:35:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/14 18:35:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/12 10:44:07 | 000,002,048 | ---- | C] () -- C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\U\00000004.@
[2012/06/02 18:48:42 | 001,694,880 | ---- | C] () -- C:\Users\Roger Trudel\Documents\I5510_UG_EN mobile phone manual.pdf
[2012/05/31 23:01:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/01/11 10:03:33 | 000,002,048 | -HS- | C] () -- C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\@
[2011/10/12 11:58:46 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/06/07 19:31:17 | 000,000,680 | ---- | C] () -- C:\Users\Roger Trudel\AppData\Local\d3d9caps.dat
[2011/01/02 12:39:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/02 12:39:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/30 21:12:52 | 000,157,508 | ---- | C] () -- C:\Windows\hpoins28.dat

========== LOP Check ==========

[2008/11/16 21:11:37 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Acer
[2008/03/21 12:58:52 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Acer GameZone Console
[2012/04/26 12:21:07 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\BitTorrent
[2010/12/13 19:19:48 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1
[2009/01/29 17:27:56 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\DNA
[2010/12/27 13:07:54 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Fisher-Price
[2008/11/16 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Leadertech
[2011/01/16 13:37:37 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Nikon
[2011/08/04 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Out of the Park Developments
[2011/12/23 01:51:11 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\OverDrive
[2009/01/11 00:08:36 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Sports Interactive
[2010/04/01 21:20:55 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Template
[2012/01/25 15:32:45 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Windows Desktop Search
[2012/01/25 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\Windows Search
[2011/03/29 13:18:58 | 000,000,000 | ---D | M] -- C:\Users\Roger Trudel\AppData\Roaming\WorksImaging
[2012/06/17 20:17:40 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/08 13:18:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\*. /rp /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/05/12 21:37:58 | 000,000,916 | ---- | M] () -- C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Local State
[2012/05/11 12:55:58 | 000,000,350 | ---- | M] () -- C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Preferences

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-18 01:28:42

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

-----------------------------------------------------------------------------------------

If this all good.. I'm curious about startup programs.. it seems like the computer takes abit to connect first thing when starting and wondering if I have startup programs that don't need to be running in the background. I saw something on bleeping computer about saying you might not have a virus your computer might be slow due to startup programs bogging it down. Well I knew I had a virus but still would like to figure out the SU programs and see if it would help I just want to make sure I don't delete something I need. Thanks

LR

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 18 June 2012 - 06:58 AM

Hi!

In terms of your start-up programs, you really don't have that many that are scheduled to start at boot-up, so I don't believe there is a concern there.

Please run this OTL fix for me below:

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROGERT~1\AppData\Local\Temp\catchme.sys -- (catchme)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    [2012/06/12 10:44:07 | 000,002,048 | ---- | C] () -- C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\U\00000004.@
    [2012/01/11 10:03:33 | 000,002,048 | -HS- | C] () -- C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\@
    
    :Reg
    
    :Files
    C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\
    C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\U\00000004.@
    C:\Windows\Installer\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Edited by SweetTech, 18 June 2012 - 07:01 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 18 June 2012 - 09:01 AM

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\ROGERT~1\AppData\Local\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\U\00000004.@ moved successfully.
C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\@ moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\U folder moved successfully.
C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\L folder moved successfully.
C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc} folder moved successfully.
File\Folder C:\Users\Roger Trudel\AppData\Local\{ef6b07c5-3008-0fd3-6dbd-66519728eefc}\U\00000004.@ not found.
Folder C:\Windows\Installer\{ef6b07c5-3008-0fd3-6dbd-66519728eefc} not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Roger Trudel\Desktop\cmd.bat deleted successfully.
C:\Users\Roger Trudel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jennifer Trudel
->Temp folder emptied: 2104490 bytes
->Temporary Internet Files folder emptied: 36765576 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Journal
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RegBack
->Temp folder emptied: 0 bytes

User: Roger Trudel
->Temp folder emptied: 3609085 bytes
->Temporary Internet Files folder emptied: 68481019 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: systemprofile
->Temp folder emptied: 0 bytes

User: TxR
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4226569 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3574443 bytes

Total Files Cleaned = 113.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jennifer Trudel
->Flash cache emptied: 0 bytes

User: Journal

User: Public

User: RegBack

User: Roger Trudel
->Flash cache emptied: 0 bytes

User: systemprofile

User: TxR

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jennifer Trudel
->Java cache emptied: 0 bytes

User: Journal

User: Public

User: RegBack

User: Roger Trudel
->Java cache emptied: 0 bytes

User: systemprofile

User: TxR

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06182012_081150

Files\Folders moved on Reboot...
C:\Users\Roger Trudel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N97DRAYW\topic456842[1].htm moved successfully.
C:\Users\Roger Trudel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Roger Trudel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users