Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan sirefef, rootkit0 infection


  • This topic is locked This topic is locked
27 replies to this topic

#1 GMathiasf

GMathiasf

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 19 June 2012 - 12:04 AM

Vista Home Premium-Service Pack 2

I've had some experience removing things in the past, but just picked up a bug that won't seem to go away. The good news is I have internet access, access to most antivirus software functioning, but the thing keeps coming back on reload, so I'm in need of some expert help.

I first notice the problem 2 days ago when my MSE went red and when you try and update it, a program attempts to install itself. When you click cancel, it keeps coming back up. I would have to rkill it to get it to go away. I can't recall the exact *.exe as it was a mix mash of letters, and my cleaning since then has at least gotten rid of that. The virus has shut down my ability to activate MSE and I get error messages when I try. So that was my trigger that I was infected. I've run malwarebytes, quick and full scans, MS safety scanner quick and full, and things are found. But upon reload, I run again and still not clean.

Let me know what else you need to know, and special thanks in advance to anyone taking their personal time to help out.

Initial topic link-http://www.bleepingcomputer.com/forums/topic457449.html

Following the Prep guide:

DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Geoff at 17:18:56 on 2012-06-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3001.1689 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEJA.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
uInternet Settings,ProxyServer = http=127.0.0.1:51960
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON NX300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieja.exe /fu "c:\windows\temp\E_SFEF9.tmp" /EF "HKCU"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{155D15D6-3A37-46C1-829C-818AF14FD13A} : DhcpNameServer = 192.168.254.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\geoff\appdata\roaming\mozilla\firefox\profiles\y8lv93lf.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 81461c7e-3f92-4bbb-8dde-9a1f4feab7a8
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2009-6-6 117256]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2011-6-17 703008]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2011-6-17 118784]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2011-6-17 237568]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-6 112128]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2011-6-17 50176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-23 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-23 136176]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-18 20:52:44 54016 ----a-w- c:\windows\system32\drivers\icbge.sys
2012-06-17 15:52:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-17 15:52:03 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-06-17 15:52:02 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-06-17 15:52:02 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-06-17 15:50:14 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-17 15:50:14 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 15:50:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 15:50:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-17 15:50:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 04:23:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-16 00:03:52 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{75a99d43-12d7-4cc0-8477-34ac1cc30e76}\mpengine.dll
2012-06-14 19:16:22 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-12 15:20:58 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0f11c9f-57d9-4353-92cd-59e602c51faf}\gapaengine.dll
2012-06-07 16:24:51 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-07 16:24:51 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-05-30 17:59:30 4966600 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-05-29 20:51:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-29 20:51:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 17:19:42.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:18 AM

Posted 19 June 2012 - 01:24 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 GMathiasf

GMathiasf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 19 June 2012 - 08:31 AM

1.First, I just wanted to say thank you very much for your quick response, and taking your time to help. It is so appreciated! Without further ado, my logs.

2.

08:49:48.0214 3696 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
08:49:48.0651 3696 ============================================================
08:49:48.0651 3696 Current date / time: 2012/06/19 08:49:48.0651
08:49:48.0651 3696 SystemInfo:
08:49:48.0651 3696
08:49:48.0651 3696 OS Version: 6.0.6002 ServicePack: 2.0
08:49:48.0651 3696 Product type: Workstation
08:49:48.0651 3696 ComputerName: HOME
08:49:48.0653 3696 UserName: Geoff
08:49:48.0654 3696 Windows directory: C:\Windows
08:49:48.0654 3696 System windows directory: C:\Windows
08:49:48.0654 3696 Processor architecture: Intel x86
08:49:48.0654 3696 Number of processors: 1
08:49:48.0654 3696 Page size: 0x1000
08:49:48.0654 3696 Boot type: Normal boot
08:49:48.0654 3696 ============================================================
08:49:49.0245 3696 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:49:49.0248 3696 ============================================================
08:49:49.0248 3696 \Device\Harddisk0\DR0:
08:49:49.0248 3696 MBR partitions:
08:49:49.0248 3696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x240A5800
08:49:49.0248 3696 ============================================================
08:49:49.0280 3696 C: <-> \Device\Harddisk0\DR0\Partition0
08:49:49.0280 3696 ============================================================
08:49:49.0280 3696 Initialize success
08:49:49.0280 3696 ============================================================
08:49:55.0645 3604 ============================================================
08:49:55.0645 3604 Scan started
08:49:55.0645 3604 Mode: Manual; SigCheck; TDLFS;
08:49:55.0645 3604 ============================================================
08:49:56.0677 3604 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:49:56.0839 3604 ACPI - ok
08:49:56.0944 3604 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
08:49:56.0977 3604 adp94xx - ok
08:49:57.0081 3604 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
08:49:57.0108 3604 adpahci - ok
08:49:57.0161 3604 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
08:49:57.0182 3604 adpu160m - ok
08:49:57.0229 3604 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
08:49:57.0256 3604 adpu320 - ok
08:49:57.0325 3604 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
08:49:57.0359 3604 AeLookupSvc - ok
08:49:57.0417 3604 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
08:49:57.0442 3604 AFD - ok
08:49:57.0495 3604 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
08:49:57.0513 3604 agp440 - ok
08:49:57.0606 3604 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:49:57.0627 3604 aic78xx - ok
08:49:57.0697 3604 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
08:49:57.0735 3604 ALG - ok
08:49:57.0769 3604 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
08:49:57.0787 3604 aliide - ok
08:49:57.0826 3604 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
08:49:57.0845 3604 amdagp - ok
08:49:57.0882 3604 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
08:49:57.0901 3604 amdide - ok
08:49:57.0961 3604 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
08:49:58.0002 3604 AmdK7 - ok
08:49:58.0060 3604 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
08:49:58.0099 3604 AmdK8 - ok
08:49:58.0162 3604 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
08:49:58.0184 3604 Appinfo - ok
08:49:58.0349 3604 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:49:58.0368 3604 Apple Mobile Device - ok
08:49:58.0413 3604 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
08:49:58.0434 3604 arc - ok
08:49:58.0475 3604 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
08:49:58.0494 3604 arcsas - ok
08:49:58.0528 3604 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:49:58.0567 3604 AsyncMac - ok
08:49:58.0595 3604 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
08:49:58.0614 3604 atapi - ok
08:49:58.0699 3604 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
08:49:58.0737 3604 athr - ok
08:49:58.0883 3604 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:49:58.0924 3604 AudioEndpointBuilder - ok
08:49:58.0937 3604 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:49:58.0975 3604 Audiosrv - ok
08:49:59.0060 3604 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:49:59.0104 3604 b57nd60x - ok
08:49:59.0152 3604 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:49:59.0194 3604 Beep - ok
08:49:59.0301 3604 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
08:49:59.0351 3604 BITS - ok
08:49:59.0391 3604 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
08:49:59.0431 3604 blbdrive - ok
08:49:59.0588 3604 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:49:59.0613 3604 Bonjour Service - ok
08:49:59.0635 3604 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:49:59.0656 3604 bowser - ok
08:49:59.0715 3604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:49:59.0747 3604 BrFiltLo - ok
08:49:59.0777 3604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:49:59.0807 3604 BrFiltUp - ok
08:49:59.0860 3604 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
08:49:59.0904 3604 Browser - ok
08:49:59.0997 3604 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:50:00.0079 3604 Brserid - ok
08:50:00.0118 3604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:50:00.0184 3604 BrSerWdm - ok
08:50:00.0210 3604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:50:00.0296 3604 BrUsbMdm - ok
08:50:00.0354 3604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:50:00.0428 3604 BrUsbSer - ok
08:50:00.0553 3604 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:50:00.0622 3604 BTHMODEM - ok
08:50:00.0666 3604 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:50:00.0735 3604 cdfs - ok
08:50:00.0786 3604 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:50:00.0814 3604 cdrom - ok
08:50:00.0899 3604 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:50:00.0927 3604 CertPropSvc - ok
08:50:00.0976 3604 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
08:50:01.0017 3604 circlass - ok
08:50:01.0086 3604 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:50:01.0110 3604 CLFS - ok
08:50:01.0224 3604 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:50:01.0241 3604 clr_optimization_v2.0.50727_32 - ok
08:50:01.0402 3604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:50:01.0424 3604 clr_optimization_v4.0.30319_32 - ok
08:50:01.0486 3604 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:50:01.0524 3604 CmBatt - ok
08:50:01.0562 3604 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
08:50:01.0580 3604 cmdide - ok
08:50:01.0620 3604 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:50:01.0638 3604 Compbatt - ok
08:50:01.0670 3604 COMSysApp - ok
08:50:01.0682 3604 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
08:50:01.0703 3604 crcdisk - ok
08:50:01.0744 3604 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
08:50:01.0781 3604 Crusoe - ok
08:50:01.0863 3604 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
08:50:01.0887 3604 CryptSvc - ok
08:50:01.0967 3604 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:50:02.0013 3604 DcomLaunch - ok
08:50:02.0058 3604 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:50:02.0078 3604 DfsC - ok
08:50:02.0207 3604 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
08:50:02.0275 3604 DFSR - ok
08:50:02.0438 3604 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
08:50:02.0473 3604 Dhcp - ok
08:50:02.0606 3604 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:50:02.0625 3604 disk - ok
08:50:02.0678 3604 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
08:50:02.0702 3604 DKbFltr - ok
08:50:02.0747 3604 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
08:50:02.0767 3604 Dnscache - ok
08:50:02.0831 3604 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
08:50:02.0864 3604 dot3svc - ok
08:50:02.0914 3604 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
08:50:02.0956 3604 DPS - ok
08:50:02.0999 3604 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:50:03.0029 3604 drmkaud - ok
08:50:03.0115 3604 DsiWMIService (d8ecf13e587619cdf716b2ae8e12ddbb) C:\Program Files\Launch Manager\dsiwmis.exe
08:50:03.0129 3604 DsiWMIService - ok
08:50:03.0218 3604 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:50:03.0256 3604 DXGKrnl - ok
08:50:03.0304 3604 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:50:03.0345 3604 E1G60 - ok
08:50:03.0411 3604 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
08:50:03.0443 3604 EapHost - ok
08:50:03.0523 3604 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:50:03.0546 3604 Ecache - ok
08:50:03.0603 3604 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
08:50:03.0626 3604 ehRecvr - ok
08:50:03.0687 3604 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
08:50:03.0778 3604 ehSched - ok
08:50:03.0799 3604 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
08:50:03.0816 3604 ehstart - ok
08:50:03.0883 3604 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
08:50:03.0909 3604 elxstor - ok
08:50:03.0994 3604 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
08:50:04.0031 3604 EMDMgmt - ok
08:50:04.0135 3604 ePowerSvc (6d49242536f8397ae9af2a2a360e2edd) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
08:50:04.0170 3604 ePowerSvc - ok
08:50:04.0266 3604 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
08:50:04.0305 3604 ErrDev - ok
08:50:04.0383 3604 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
08:50:04.0418 3604 EventSystem - ok
08:50:04.0500 3604 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:50:04.0522 3604 exfat - ok
08:50:04.0581 3604 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:50:04.0613 3604 fastfat - ok
08:50:04.0675 3604 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
08:50:04.0719 3604 fdc - ok
08:50:04.0766 3604 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
08:50:04.0809 3604 fdPHost - ok
08:50:04.0880 3604 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
08:50:04.0950 3604 FDResPub - ok
08:50:04.0965 3604 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:50:04.0983 3604 FileInfo - ok
08:50:05.0020 3604 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:50:05.0056 3604 Filetrace - ok
08:50:05.0231 3604 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
08:50:05.0257 3604 FlipShare Service - ok
08:50:05.0338 3604 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
08:50:05.0370 3604 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
08:50:05.0370 3604 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
08:50:05.0524 3604 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:50:05.0569 3604 flpydisk - ok
08:50:05.0624 3604 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:50:05.0648 3604 FltMgr - ok
08:50:05.0769 3604 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
08:50:05.0812 3604 FontCache - ok
08:50:05.0916 3604 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:50:05.0933 3604 FontCache3.0.0.0 - ok
08:50:05.0970 3604 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
08:50:05.0990 3604 Fs_Rec - ok
08:50:06.0028 3604 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
08:50:06.0047 3604 gagp30kx - ok
08:50:06.0167 3604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:50:06.0180 3604 GEARAspiWDM - ok
08:50:06.0322 3604 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
08:50:06.0365 3604 gpsvc - ok
08:50:06.0544 3604 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:50:06.0561 3604 gupdate - ok
08:50:06.0598 3604 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:50:06.0621 3604 gupdatem - ok
08:50:06.0685 3604 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
08:50:06.0767 3604 HdAudAddService - ok
08:50:06.0854 3604 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:50:06.0897 3604 HDAudBus - ok
08:50:06.0929 3604 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:50:07.0001 3604 HidBth - ok
08:50:07.0039 3604 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:50:07.0112 3604 HidIr - ok
08:50:07.0203 3604 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
08:50:07.0224 3604 hidserv - ok
08:50:07.0263 3604 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
08:50:07.0378 3604 HidUsb - ok
08:50:07.0514 3604 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
08:50:07.0572 3604 hkmsvc - ok
08:50:07.0628 3604 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
08:50:07.0646 3604 HpCISSs - ok
08:50:07.0726 3604 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
08:50:07.0754 3604 HTTP - ok
08:50:07.0787 3604 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
08:50:07.0806 3604 i2omp - ok
08:50:07.0888 3604 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:50:07.0921 3604 i8042prt - ok
08:50:07.0999 3604 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:50:08.0025 3604 IAANTMON - ok
08:50:08.0074 3604 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
08:50:08.0096 3604 iaStor - ok
08:50:08.0136 3604 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
08:50:08.0159 3604 iaStorV - ok
08:50:08.0254 3604 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:50:08.0295 3604 idsvc - ok
08:50:08.0745 3604 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:50:09.0096 3604 igfx - ok
08:50:09.0231 3604 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:50:09.0249 3604 iirsp - ok
08:50:09.0361 3604 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
08:50:09.0404 3604 IKEEXT - ok
08:50:09.0564 3604 IntcAzAudAddService (d4a1767fd9d5c7762e9b8b36527b8af3) C:\Windows\system32\drivers\RTKVHDA.sys
08:50:09.0651 3604 IntcAzAudAddService - ok
08:50:09.0785 3604 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
08:50:09.0802 3604 IntcHdmiAddService - ok
08:50:09.0859 3604 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
08:50:09.0877 3604 intelide - ok
08:50:09.0913 3604 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:50:09.0981 3604 intelppm - ok
08:50:10.0018 3604 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
08:50:10.0059 3604 IPBusEnum - ok
08:50:10.0097 3604 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:50:10.0141 3604 IpFilterDriver - ok
08:50:10.0200 3604 IpInIp - ok
08:50:10.0242 3604 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
08:50:10.0282 3604 IPMIDRV - ok
08:50:10.0308 3604 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:50:10.0347 3604 IPNAT - ok
08:50:10.0461 3604 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
08:50:10.0498 3604 iPod Service - ok
08:50:10.0553 3604 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
08:50:10.0593 3604 irda - ok
08:50:10.0625 3604 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:50:10.0664 3604 IRENUM - ok
08:50:10.0712 3604 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
08:50:10.0786 3604 Irmon - ok
08:50:10.0840 3604 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
08:50:10.0859 3604 isapnp - ok
08:50:10.0948 3604 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:50:10.0972 3604 iScsiPrt - ok
08:50:11.0007 3604 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:50:11.0024 3604 iteatapi - ok
08:50:11.0065 3604 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:50:11.0082 3604 iteraid - ok
08:50:11.0106 3604 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:50:11.0125 3604 kbdclass - ok
08:50:11.0165 3604 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
08:50:11.0205 3604 kbdhid - ok
08:50:11.0287 3604 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:50:11.0334 3604 KeyIso - ok
08:50:11.0373 3604 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
08:50:11.0401 3604 KSecDD - ok
08:50:11.0481 3604 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
08:50:11.0531 3604 KtmRm - ok
08:50:11.0598 3604 L1C (d2862bf2e43718dbdd24664ef4b6c0f0) C:\Windows\system32\DRIVERS\L1C60x86.sys
08:50:11.0615 3604 L1C - ok
08:50:11.0701 3604 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
08:50:11.0725 3604 LanmanServer - ok
08:50:11.0845 3604 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
08:50:11.0871 3604 LanmanWorkstation - ok
08:50:12.0283 3604 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
08:50:12.0567 3604 LeapFrog Connect Device Service - ok
08:50:12.0737 3604 LeapFrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\Windows\system32\DRIVERS\btblan.sys
08:50:12.0754 3604 LeapFrog-USBLAN - ok
08:50:12.0798 3604 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:50:12.0838 3604 lltdio - ok
08:50:12.0892 3604 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
08:50:12.0935 3604 lltdsvc - ok
08:50:12.0969 3604 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
08:50:13.0040 3604 lmhosts - ok
08:50:13.0076 3604 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
08:50:13.0096 3604 LSI_FC - ok
08:50:13.0127 3604 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
08:50:13.0150 3604 LSI_SAS - ok
08:50:13.0181 3604 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
08:50:13.0202 3604 LSI_SCSI - ok
08:50:13.0237 3604 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:50:13.0277 3604 luafv - ok
08:50:13.0310 3604 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
08:50:13.0329 3604 Mcx2Svc - ok
08:50:13.0390 3604 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
08:50:13.0413 3604 megasas - ok
08:50:13.0463 3604 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
08:50:13.0492 3604 MegaSR - ok
08:50:13.0530 3604 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:50:13.0571 3604 MMCSS - ok
08:50:13.0603 3604 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:50:13.0650 3604 Modem - ok
08:50:13.0710 3604 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:50:13.0753 3604 monitor - ok
08:50:13.0781 3604 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:50:13.0798 3604 mouclass - ok
08:50:13.0837 3604 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
08:50:13.0885 3604 mouhid - ok
08:50:13.0916 3604 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:50:13.0934 3604 MountMgr - ok
08:50:14.0021 3604 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:50:14.0039 3604 MozillaMaintenance - ok
08:50:14.0096 3604 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
08:50:14.0121 3604 MpFilter - ok
08:50:14.0168 3604 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
08:50:14.0189 3604 mpio - ok
08:50:14.0225 3604 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:50:14.0256 3604 mpsdrv - ok
08:50:14.0297 3604 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:50:14.0314 3604 Mraid35x - ok
08:50:14.0368 3604 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:50:14.0390 3604 MRxDAV - ok
08:50:14.0433 3604 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:50:14.0454 3604 mrxsmb - ok
08:50:14.0527 3604 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:50:14.0549 3604 mrxsmb10 - ok
08:50:14.0568 3604 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:50:14.0588 3604 mrxsmb20 - ok
08:50:14.0638 3604 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
08:50:14.0657 3604 msahci - ok
08:50:14.0685 3604 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
08:50:14.0706 3604 msdsm - ok
08:50:14.0760 3604 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
08:50:14.0803 3604 MSDTC - ok
08:50:14.0844 3604 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:50:14.0884 3604 Msfs - ok
08:50:14.0904 3604 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:50:14.0922 3604 msisadrv - ok
08:50:14.0979 3604 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
08:50:15.0050 3604 MSiSCSI - ok
08:50:15.0064 3604 msiserver - ok
08:50:15.0144 3604 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:50:15.0196 3604 MSKSSRV - ok
08:50:15.0214 3604 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:50:15.0252 3604 MSPCLOCK - ok
08:50:15.0291 3604 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:50:15.0327 3604 MSPQM - ok
08:50:15.0396 3604 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:50:15.0418 3604 MsRPC - ok
08:50:15.0445 3604 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:50:15.0467 3604 mssmbios - ok
08:50:15.0504 3604 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:50:15.0551 3604 MSTEE - ok
08:50:15.0578 3604 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
08:50:15.0599 3604 Mup - ok
08:50:15.0648 3604 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:50:15.0662 3604 mwlPSDFilter - ok
08:50:15.0703 3604 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:50:15.0717 3604 mwlPSDNServ - ok
08:50:15.0745 3604 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:50:15.0759 3604 mwlPSDVDisk - ok
08:50:15.0852 3604 MWLService (77f8ad024059a9a8e17e654b887d1ef0) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
08:50:15.0873 3604 MWLService - ok
08:50:15.0946 3604 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
08:50:15.0984 3604 napagent - ok
08:50:16.0056 3604 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
08:50:16.0086 3604 NativeWifiP - ok
08:50:16.0154 3604 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
08:50:16.0189 3604 NDIS - ok
08:50:16.0256 3604 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
08:50:16.0292 3604 NdisTapi - ok
08:50:16.0317 3604 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
08:50:16.0367 3604 Ndisuio - ok
08:50:16.0416 3604 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:50:16.0455 3604 NdisWan - ok
08:50:16.0493 3604 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
08:50:16.0525 3604 NDProxy - ok
08:50:16.0556 3604 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
08:50:16.0592 3604 NetBIOS - ok
08:50:16.0646 3604 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
08:50:16.0679 3604 netbt - ok
08:50:16.0731 3604 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:50:16.0752 3604 Netlogon - ok
08:50:16.0805 3604 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
08:50:16.0851 3604 Netman - ok
08:50:16.0878 3604 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
08:50:16.0932 3604 netprofm - ok
08:50:17.0004 3604 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:50:17.0024 3604 NetTcpPortSharing - ok
08:50:17.0091 3604 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:50:17.0109 3604 nfrd960 - ok
08:50:17.0178 3604 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:50:17.0195 3604 NisDrv - ok
08:50:17.0317 3604 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
08:50:17.0343 3604 NisSrv - ok
08:50:17.0392 3604 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
08:50:17.0443 3604 NlaSvc - ok
08:50:17.0536 3604 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
08:50:17.0577 3604 Npfs - ok
08:50:17.0630 3604 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
08:50:17.0668 3604 NSCIRDA - ok
08:50:17.0704 3604 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
08:50:17.0745 3604 nsi - ok
08:50:17.0761 3604 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
08:50:17.0801 3604 nsiproxy - ok
08:50:17.0915 3604 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
08:50:17.0976 3604 Ntfs - ok
08:50:18.0074 3604 NTI IScheduleSvc (453a4aa289ca08dfdd7b34c3064d0b05) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
08:50:18.0091 3604 NTI IScheduleSvc - ok
08:50:18.0129 3604 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
08:50:18.0143 3604 NTIBackupSvc - ok
08:50:18.0178 3604 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
08:50:18.0192 3604 NTIDrvr - ok
08:50:18.0221 3604 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
08:50:18.0236 3604 NTISchedulerSvc - ok
08:50:18.0287 3604 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:50:18.0358 3604 ntrigdigi - ok
08:50:18.0395 3604 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
08:50:18.0433 3604 Null - ok
08:50:18.0458 3604 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
08:50:18.0479 3604 nvraid - ok
08:50:18.0503 3604 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
08:50:18.0524 3604 nvstor - ok
08:50:18.0553 3604 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
08:50:18.0576 3604 nv_agp - ok
08:50:18.0588 3604 NwlnkFlt - ok
08:50:18.0602 3604 NwlnkFwd - ok
08:50:18.0656 3604 ODDPwrSvc (69316583d4cc032b3e4e72fd86c2ffa8) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
08:50:18.0663 3604 ODDPwrSvc ( UnsignedFile.Multi.Generic ) - warning
08:50:18.0663 3604 ODDPwrSvc - detected UnsignedFile.Multi.Generic (1)
08:50:18.0767 3604 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:50:18.0794 3604 odserv - ok
08:50:18.0850 3604 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
08:50:18.0908 3604 ohci1394 - ok
08:50:18.0943 3604 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:50:18.0961 3604 ose - ok
08:50:19.0050 3604 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:50:19.0093 3604 p2pimsvc - ok
08:50:19.0110 3604 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:50:19.0149 3604 p2psvc - ok
08:50:19.0183 3604 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
08:50:19.0257 3604 Parport - ok
08:50:19.0306 3604 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
08:50:19.0327 3604 partmgr - ok
08:50:19.0371 3604 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
08:50:19.0440 3604 Parvdm - ok
08:50:19.0468 3604 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
08:50:19.0488 3604 PcaSvc - ok
08:50:19.0554 3604 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
08:50:19.0577 3604 pci - ok
08:50:19.0606 3604 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
08:50:19.0625 3604 pciide - ok
08:50:19.0676 3604 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
08:50:19.0698 3604 pcmcia - ok
08:50:19.0774 3604 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:50:19.0863 3604 PEAUTH - ok
08:50:20.0062 3604 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
08:50:20.0129 3604 pla - ok
08:50:20.0284 3604 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
08:50:20.0343 3604 PlugPlay - ok
08:50:20.0428 3604 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:50:20.0463 3604 PNRPAutoReg - ok
08:50:20.0480 3604 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:50:20.0518 3604 PNRPsvc - ok
08:50:20.0555 3604 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
08:50:20.0591 3604 PolicyAgent - ok
08:50:20.0647 3604 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
08:50:20.0689 3604 PptpMiniport - ok
08:50:20.0731 3604 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
08:50:20.0771 3604 Processor - ok
08:50:20.0830 3604 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
08:50:20.0868 3604 ProfSvc - ok
08:50:20.0931 3604 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:50:20.0952 3604 ProtectedStorage - ok
08:50:21.0014 3604 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
08:50:21.0046 3604 PSched - ok
08:50:21.0124 3604 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
08:50:21.0218 3604 ql2300 - ok
08:50:21.0241 3604 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:50:21.0259 3604 ql40xx - ok
08:50:21.0362 3604 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
08:50:21.0386 3604 QWAVE - ok
08:50:21.0422 3604 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
08:50:21.0441 3604 QWAVEdrv - ok
08:50:21.0470 3604 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
08:50:21.0517 3604 RasAcd - ok
08:50:21.0547 3604 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
08:50:21.0590 3604 RasAuto - ok
08:50:21.0610 3604 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:50:21.0653 3604 Rasl2tp - ok
08:50:21.0721 3604 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
08:50:21.0758 3604 RasMan - ok
08:50:21.0815 3604 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
08:50:21.0845 3604 RasPppoe - ok
08:50:21.0870 3604 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
08:50:21.0894 3604 RasSstp - ok
08:50:21.0959 3604 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
08:50:21.0993 3604 rdbss - ok
08:50:22.0024 3604 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:50:22.0071 3604 RDPCDD - ok
08:50:22.0110 3604 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
08:50:22.0158 3604 rdpdr - ok
08:50:22.0172 3604 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
08:50:22.0213 3604 RDPENCDD - ok
08:50:22.0265 3604 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
08:50:22.0286 3604 RDPWD - ok
08:50:22.0367 3604 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
08:50:22.0434 3604 RemoteAccess - ok
08:50:22.0501 3604 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
08:50:22.0542 3604 RemoteRegistry - ok
08:50:22.0633 3604 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
08:50:22.0655 3604 RpcLocator - ok
08:50:22.0744 3604 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:50:22.0794 3604 RpcSs - ok
08:50:22.0831 3604 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
08:50:22.0871 3604 rspndr - ok
08:50:22.0961 3604 RS_Service (8e250687e5f020cd337cc9d8252c0b56) C:\Program Files\Acer\Acer VCM\RS_Service.exe
08:50:22.0971 3604 RS_Service ( UnsignedFile.Multi.Generic ) - warning
08:50:22.0971 3604 RS_Service - detected UnsignedFile.Multi.Generic (1)
08:50:23.0017 3604 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
08:50:23.0042 3604 RTSTOR - ok
08:50:23.0098 3604 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:50:23.0119 3604 SamSs - ok
08:50:23.0167 3604 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:50:23.0186 3604 sbp2port - ok
08:50:23.0247 3604 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
08:50:23.0281 3604 SCardSvr - ok
08:50:23.0347 3604 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
08:50:23.0384 3604 Schedule - ok
08:50:23.0420 3604 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:50:23.0451 3604 SCPolicySvc - ok
08:50:23.0504 3604 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
08:50:23.0549 3604 sdbus - ok
08:50:23.0591 3604 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
08:50:23.0651 3604 SDRSVC - ok
08:50:23.0671 3604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:50:23.0755 3604 secdrv - ok
08:50:23.0784 3604 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
08:50:23.0863 3604 seclogon - ok
08:50:23.0926 3604 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
08:50:23.0973 3604 SENS - ok
08:50:23.0998 3604 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
08:50:24.0070 3604 Serenum - ok
08:50:24.0102 3604 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
08:50:24.0174 3604 Serial - ok
08:50:24.0209 3604 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
08:50:24.0245 3604 sermouse - ok
08:50:24.0303 3604 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
08:50:24.0345 3604 SessionEnv - ok
08:50:24.0373 3604 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
08:50:24.0401 3604 sffdisk - ok
08:50:24.0448 3604 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
08:50:24.0487 3604 sffp_mmc - ok
08:50:24.0521 3604 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
08:50:24.0566 3604 sffp_sd - ok
08:50:24.0586 3604 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
08:50:24.0661 3604 sfloppy - ok
08:50:24.0708 3604 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
08:50:24.0732 3604 ShellHWDetection - ok
08:50:24.0757 3604 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
08:50:24.0776 3604 sisagp - ok
08:50:24.0805 3604 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
08:50:24.0824 3604 SiSRaid2 - ok
08:50:24.0851 3604 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
08:50:24.0871 3604 SiSRaid4 - ok
08:50:25.0144 3604 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
08:50:25.0259 3604 Skype C2C Service - ok
08:50:25.0392 3604 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
08:50:25.0408 3604 SkypeUpdate - ok
08:50:25.0691 3604 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
08:50:25.0838 3604 slsvc - ok
08:50:25.0995 3604 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
08:50:26.0029 3604 SLUINotify - ok
08:50:26.0108 3604 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
08:50:26.0156 3604 Smb - ok
08:50:26.0236 3604 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
08:50:26.0259 3604 SNMPTRAP - ok
08:50:26.0314 3604 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
08:50:26.0334 3604 spldr - ok
08:50:26.0377 3604 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
08:50:26.0399 3604 Spooler - ok
08:50:26.0443 3604 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
08:50:26.0466 3604 srv - ok
08:50:26.0507 3604 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
08:50:26.0527 3604 srv2 - ok
08:50:26.0550 3604 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
08:50:26.0582 3604 srvnet - ok
08:50:26.0652 3604 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
08:50:26.0669 3604 sscdbus - ok
08:50:26.0726 3604 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
08:50:26.0739 3604 sscdmdfl - ok
08:50:26.0777 3604 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
08:50:26.0793 3604 sscdmdm - ok
08:50:26.0830 3604 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
08:50:26.0880 3604 SSDPSRV - ok
08:50:26.0911 3604 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
08:50:26.0935 3604 SstpSvc - ok
08:50:27.0019 3604 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
08:50:27.0050 3604 stisvc - ok
08:50:27.0085 3604 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
08:50:27.0107 3604 swenum - ok
08:50:27.0176 3604 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
08:50:27.0214 3604 swprv - ok
08:50:27.0251 3604 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:50:27.0268 3604 Symc8xx - ok
08:50:27.0304 3604 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:50:27.0321 3604 Sym_hi - ok
08:50:27.0384 3604 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:50:27.0402 3604 Sym_u3 - ok
08:50:27.0508 3604 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
08:50:27.0525 3604 SynTP - ok
08:50:27.0608 3604 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
08:50:27.0650 3604 SysMain - ok
08:50:27.0696 3604 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
08:50:27.0721 3604 TabletInputService - ok
08:50:27.0786 3604 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
08:50:27.0823 3604 TapiSrv - ok
08:50:27.0846 3604 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
08:50:27.0888 3604 TBS - ok
08:50:27.0988 3604 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
08:50:28.0035 3604 Tcpip - ok
08:50:28.0065 3604 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
08:50:28.0111 3604 Tcpip6 - ok
08:50:28.0140 3604 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
08:50:28.0159 3604 tcpipreg - ok
08:50:28.0192 3604 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
08:50:28.0233 3604 TDPIPE - ok
08:50:28.0276 3604 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
08:50:28.0316 3604 TDTCP - ok
08:50:28.0372 3604 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
08:50:28.0403 3604 tdx - ok
08:50:28.0461 3604 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
08:50:28.0482 3604 TermDD - ok
08:50:28.0579 3604 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
08:50:28.0626 3604 TermService - ok
08:50:28.0698 3604 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
08:50:28.0725 3604 Themes - ok
08:50:28.0765 3604 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:50:28.0803 3604 THREADORDER - ok
08:50:28.0847 3604 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
08:50:28.0893 3604 TrkWks - ok
08:50:28.0976 3604 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
08:50:29.0010 3604 TrustedInstaller - ok
08:50:29.0057 3604 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:50:29.0096 3604 tssecsrv - ok
08:50:29.0139 3604 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
08:50:29.0161 3604 tunmp - ok
08:50:29.0202 3604 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
08:50:29.0221 3604 tunnel - ok
08:50:29.0253 3604 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
08:50:29.0273 3604 uagp35 - ok
08:50:29.0316 3604 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
08:50:29.0328 3604 UBHelper - ok
08:50:29.0395 3604 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
08:50:29.0429 3604 udfs - ok
08:50:29.0474 3604 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
08:50:29.0526 3604 UI0Detect - ok
08:50:29.0562 3604 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
08:50:29.0580 3604 uliagpkx - ok
08:50:29.0617 3604 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
08:50:29.0639 3604 uliahci - ok
08:50:29.0670 3604 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:50:29.0690 3604 UlSata - ok
08:50:29.0714 3604 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:50:29.0735 3604 ulsata2 - ok
08:50:29.0813 3604 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
08:50:29.0862 3604 umbus - ok
08:50:29.0937 3604 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
08:50:29.0980 3604 upnphost - ok
08:50:30.0044 3604 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
08:50:30.0063 3604 USBAAPL - ok
08:50:30.0115 3604 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
08:50:30.0147 3604 usbccgp - ok
08:50:30.0198 3604 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:50:30.0270 3604 usbcir - ok
08:50:30.0320 3604 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
08:50:30.0351 3604 usbehci - ok
08:50:30.0405 3604 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
08:50:30.0438 3604 usbhub - ok
08:50:30.0478 3604 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
08:50:30.0544 3604 usbohci - ok
08:50:30.0592 3604 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
08:50:30.0631 3604 usbprint - ok
08:50:30.0676 3604 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
08:50:30.0707 3604 usbscan - ok
08:50:30.0758 3604 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:50:30.0792 3604 USBSTOR - ok
08:50:30.0835 3604 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:50:30.0866 3604 usbuhci - ok
08:50:30.0909 3604 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
08:50:30.0950 3604 usbvideo - ok
08:50:31.0026 3604 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
08:50:31.0071 3604 UxSms - ok
08:50:31.0166 3604 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
08:50:31.0207 3604 vds - ok
08:50:31.0249 3604 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
08:50:31.0288 3604 vga - ok
08:50:31.0328 3604 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
08:50:31.0375 3604 VgaSave - ok
08:50:31.0418 3604 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
08:50:31.0438 3604 viaagp - ok
08:50:31.0462 3604 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
08:50:31.0500 3604 ViaC7 - ok
08:50:31.0532 3604 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
08:50:31.0551 3604 viaide - ok
08:50:31.0587 3604 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
08:50:31.0607 3604 volmgr - ok
08:50:31.0683 3604 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
08:50:31.0710 3604 volmgrx - ok
08:50:31.0773 3604 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
08:50:31.0798 3604 volsnap - ok
08:50:31.0842 3604 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
08:50:31.0863 3604 vsmraid - ok
08:50:31.0963 3604 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
08:50:32.0019 3604 VSS - ok
08:50:32.0092 3604 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
08:50:32.0130 3604 W32Time - ok
08:50:32.0219 3604 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:50:32.0311 3604 WacomPen - ok
08:50:32.0354 3604 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:50:32.0388 3604 Wanarp - ok
08:50:32.0399 3604 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:50:32.0431 3604 Wanarpv6 - ok
08:50:32.0471 3604 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
08:50:32.0500 3604 wcncsvc - ok
08:50:32.0544 3604 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
08:50:32.0578 3604 WcsPlugInService - ok
08:50:32.0616 3604 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
08:50:32.0635 3604 Wd - ok
08:50:32.0687 3604 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
08:50:32.0728 3604 Wdf01000 - ok
08:50:32.0751 3604 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:50:32.0793 3604 WdiServiceHost - ok
08:50:32.0805 3604 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:50:32.0851 3604 WdiSystemHost - ok
08:50:32.0915 3604 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
08:50:32.0939 3604 WebClient - ok
08:50:33.0004 3604 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
08:50:33.0030 3604 Wecsvc - ok
08:50:33.0066 3604 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
08:50:33.0104 3604 wercplsupport - ok
08:50:33.0168 3604 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
08:50:33.0202 3604 WerSvc - ok
08:50:33.0223 3604 WinHttpAutoProxySvc - ok
08:50:33.0281 3604 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
08:50:33.0314 3604 Winmgmt - ok
08:50:33.0429 3604 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
08:50:33.0479 3604 WinRM - ok
08:50:33.0569 3604 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
08:50:33.0620 3604 Wlansvc - ok
08:50:33.0684 3604 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:50:33.0712 3604 WmiAcpi - ok
08:50:33.0807 3604 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
08:50:33.0841 3604 wmiApSrv - ok
08:50:33.0983 3604 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:50:34.0020 3604 WMPNetworkSvc - ok
08:50:34.0054 3604 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
08:50:34.0078 3604 WPCSvc - ok
08:50:34.0141 3604 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
08:50:34.0165 3604 WPDBusEnum - ok
08:50:34.0282 3604 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:50:34.0326 3604 WPFFontCache_v0400 - ok
08:50:34.0382 3604 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
08:50:34.0422 3604 ws2ifsl - ok
08:50:34.0438 3604 WSearch - ok
08:50:34.0561 3604 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
08:50:34.0646 3604 wuauserv - ok
08:50:34.0799 3604 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:50:34.0837 3604 WUDFRd - ok
08:50:34.0901 3604 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
08:50:34.0944 3604 wudfsvc - ok
08:50:35.0021 3604 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
08:50:35.0308 3604 \Device\Harddisk0\DR0 - ok
08:50:35.0316 3604 Boot (0x1200) (e65e2dab445f30243b0cd098705cd6ea) \Device\Harddisk0\DR0\Partition0
08:50:35.0321 3604 \Device\Harddisk0\DR0\Partition0 - ok
08:50:35.0325 3604 ============================================================
08:50:35.0325 3604 Scan finished
08:50:35.0325 3604 ============================================================
08:50:35.0346 3368 Detected object count: 3
08:50:35.0347 3368 Actual detected object count: 3
08:50:42.0646 3368 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:42.0646 3368 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:42.0646 3368 ODDPwrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:42.0646 3368 ODDPwrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:42.0647 3368 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:42.0647 3368 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:47.0450 3844 Deinitialize success

3.

Farbar Service Scanner Version: 19-06-2012
Ran by Geoff (administrator) on 19-06-2012 at 08:48:12
Running from "C:\Users\Geoff\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-29 16:53] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2012-06-19 01:10] - [2012-06-02 18:19] - 1933848 ____A (Microsoft Corporation) FC3EC24FCE372C89423E015A2AC1A31E

C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-17 11:50] - [2012-04-23 12:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

4.

OTL logfile created on: 6/19/2012 8:55:20 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Geoff\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 63.46% Memory free
6.08 Gb Paging File | 5.02 Gb Available in Paging File | 82.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 190.06 Gb Free Space | 65.92% Space Free | Partition Type: NTFS
Drive E: | 7.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME | User Name: Geoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/19 08:53:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
PRC - [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2009/05/15 22:39:46 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009/05/15 22:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009/05/15 22:39:44 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009/04/29 19:56:28 | 000,176,128 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
PRC - [2009/04/29 17:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/04/08 20:56:14 | 001,071,624 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/01/22 06:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEJA.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/17 02:44:33 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/22 16:33:55 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003/06/07 17:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/17 02:44:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/05/15 22:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/04/29 17:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2009/04/10 22:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/02/21 22:41:44 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/02/21 22:41:44 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/02/21 22:41:44 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/10/09 22:23:06 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV - [2009/04/01 15:54:44 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2008/12/29 18:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/09 16:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 16:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 16:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/09/22 09:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\..\SearchScopes,DefaultScope = {4FAC635F-89EA-4C69-90F0-D11E574AFA4E}
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\..\SearchScopes\{4FAC635F-89EA-4C69-90F0-D11E574AFA4E}: "URL" = http://findgala.com/?&uid=8039&q={searchTerms}
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=4c652ac8-0825-4e0e-b24f-c6a9f271a547&query={searchTerms}
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51960

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 02:44:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/03 00:15:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 02:44:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/03 00:15:50 | 000,000,000 | ---D | M]

[2011/10/27 20:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Extensions
[2012/05/19 14:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\extensions
[2012/05/19 14:19:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/28 00:24:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\extensions\plugin@yontoo.com
[2011/10/31 09:45:58 | 000,002,230 | ---- | M] () -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\searchplugins\iBryte_playbryte.xml
[2011/12/15 22:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/05 20:27:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/07 07:44:58 | 000,043,151 | ---- | M] () (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y8LV93LF.DEFAULT\EXTENSIONS\LOUDEFIANT@SENOCULAR.COM.XPI
[2011/06/21 08:41:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/17 02:44:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/07 12:24:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/07 12:24:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: LoU Suite (76's Edit) = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\goghfdccicjnpcpkpnndmhoadebgpaep\1.1_0\
CHR - Extension: LoU Tweak = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglgjgbiphjfbkbdgaffpdplhhbmpmkb\1.6.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
CHR - Extension: LoU BoS = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkipfhjcbcbkeheedegdfbeeamdcapa\1.5.3_0\
CHR - Extension: Gmail = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000..\Run: [EPSON NX300 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE (SEIKO EPSON CORPORATION)
O7 - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155D15D6-3A37-46C1-829C-818AF14FD13A}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/08/07 21:10:59 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{4d760fe5-98ff-11e0-9772-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4d760fe5-98ff-11e0-9772-806e6f6e6963}\Shell\AutoRun\command - "" = E:\shellexec.exe rom\index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: MsMpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 08:53:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
[2012/06/19 08:42:11 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Geoff\Desktop\tdsskiller.exe
[2012/06/19 08:33:07 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012/06/19 01:10:41 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 01:10:41 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 01:10:15 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 01:10:15 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 01:10:15 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 01:10:05 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 01:10:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/18 17:17:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Geoff\Desktop\dds.scr
[2012/06/17 11:52:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/17 11:51:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/17 11:51:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/17 11:51:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/17 11:51:56 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/17 11:51:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/17 11:51:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/17 11:50:14 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/16 00:23:17 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/05/29 16:53:11 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/29 16:53:11 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/29 16:53:11 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/29 16:53:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/29 16:53:11 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/29 16:51:40 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/29 16:51:40 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/06/19 08:53:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
[2012/06/19 08:50:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/19 08:47:15 | 000,338,161 | ---- | M] () -- C:\Users\Geoff\Desktop\FSS.exe
[2012/06/19 08:42:29 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Geoff\Desktop\tdsskiller.exe
[2012/06/19 08:33:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/19 08:32:55 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RealUpgradeLogonTaskS-1-5-21-3883246492-1624535444-3722503841-1000.job
[2012/06/19 08:32:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 08:32:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 08:32:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/19 08:31:55 | 3145,596,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/18 17:17:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Geoff\Desktop\dds.scr
[2012/06/18 17:15:46 | 000,000,000 | ---- | M] () -- C:\Users\Geoff\defogger_reenable
[2012/06/17 12:32:05 | 000,296,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/17 12:04:28 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/17 12:04:28 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/17 12:02:13 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/06/14 09:00:12 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3883246492-1624535444-3722503841-1000.job
[2012/06/11 22:51:33 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/05/22 15:12:44 | 000,000,850 | ---- | M] () -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/06/19 08:47:15 | 000,338,161 | ---- | C] () -- C:\Users\Geoff\Desktop\FSS.exe
[2012/06/19 08:33:07 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\800000cb.@
[2012/06/19 08:33:06 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\80000000.@
[2012/06/19 08:33:06 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\00000001.@
[2012/06/18 17:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Geoff\defogger_reenable
[2012/06/17 12:02:13 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/05/22 15:12:44 | 000,000,850 | ---- | C] () -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 01:48:00 | 000,007,168 | ---- | C] () -- C:\Users\Geoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 04:18:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\@
[2012/01/30 04:18:08 | 000,002,048 | -HS- | C] () -- C:\Users\Geoff\AppData\Local\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\@
[2011/12/23 04:49:57 | 000,001,940 | -HS- | C] () -- C:\Users\Geoff\AppData\Local\onyjp1hx77po832tr117ov1g77b1s
[2011/12/23 04:49:57 | 000,001,940 | -HS- | C] () -- C:\ProgramData\onyjp1hx77po832tr117ov1g77b1s
[2011/12/10 23:10:45 | 000,011,408 | -HS- | C] () -- C:\ProgramData\mdtffr1f6yca6adb3cpj6q021g7c
[2011/12/08 13:53:40 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/09 05:20:06 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/10/09 05:20:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/10/09 05:20:06 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/10/09 05:20:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/10/09 05:20:06 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/10/09 05:20:06 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/10/09 05:20:06 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/10/09 05:20:06 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/10/09 05:20:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/10/09 05:20:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/10/09 05:20:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/10/09 05:20:06 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/10/09 05:20:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/10/09 05:20:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/10/09 05:20:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/10/09 05:20:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/07/15 16:48:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/15 16:48:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/17 15:32:55 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/06/17 15:32:54 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011/06/17 15:32:54 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/17 15:32:54 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2011/06/17 15:27:40 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2011/06/17 15:27:40 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2011/06/17 15:27:40 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/06/17 15:27:40 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/06/17 15:27:40 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/06/17 15:27:40 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/06/17 15:27:40 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/06/17 13:22:40 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/05/01 10:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2012/03/29 09:39:19 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpipreg.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 09:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 09:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 22:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 09:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/20 22:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: TDX.SYS >
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 22:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB53143$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

OTL Extras logfile created on: 6/19/2012 8:55:20 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Geoff\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 63.46% Memory free
6.08 Gb Paging File | 5.02 Gb Available in Paging File | 82.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 190.06 Gb Free Space | 65.92% Space Free | Partition Type: NTFS
Drive E: | 7.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME | User Name: Geoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{459D0CEE-BBAD-465D-A0BF-C7820085A050}" = H&R Block Ohio 2011
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}" = SamsungSimpleDL_lite
"{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}" = SAMSUNG USB Driver for Mobile Phones V5.16.0.0
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E249CA45-5A83-11D5-BC5C-00008640B504}" = LeapFrog® LeapPrint
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}" = SamsungSimpleDL_lite
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UPCShell" = LeapFrog Connect
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3883246492-1624535444-3722503841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2012 6:05:06 AM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 6:05:06 AM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 8:06:34 AM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 8:06:34 AM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 8:06:34 AM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 8:06:34 AM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 2:02:15 PM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 2:02:15 PM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 2:02:15 PM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/16/2012 2:02:16 PM | Computer Name = Home | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 1/21/2012 3:36:52 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 5/5/2012 3:05:59 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 5/20/2012 3:10:26 AM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 4:20:55 AM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 12:02:50 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 3:19:19 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 8:22:31 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 2:49:05 AM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 4:46:28 AM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 2:26:23 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/18/2012 10:50:13 AM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =

Error - 6/18/2012 10:50:13 AM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =

Error - 6/18/2012 4:03:14 PM | Computer Name = Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:00:41 PM on 6/18/2012 was unexpected.

Error - 6/18/2012 4:03:28 PM | Computer Name = Home | Source = Service Control Manager | ID = 7023
Description =

Error - 6/18/2012 4:03:28 PM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =

Error - 6/18/2012 4:03:28 PM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =

Error - 6/19/2012 2:18:01 AM | Computer Name = Home | Source = Service Control Manager | ID = 7024
Description =

Error - 6/19/2012 8:32:51 AM | Computer Name = Home | Source = Service Control Manager | ID = 7023
Description =

Error - 6/19/2012 8:32:51 AM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =

Error - 6/19/2012 8:32:51 AM | Computer Name = Home | Source = Service Control Manager | ID = 7003
Description =


< End of report >


5.
Nothing new to report. Computer still running pretty well. No major errors or issues. Thanks again!

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:18 AM

Posted 20 June 2012 - 12:39 AM

Hi GMathiasf!

Not a problem! I'm glad to be of assistance. :)

I can see that there are still some chunks of ZeroAccess present, so we'll be running a fix, followed by a more powerful tool to remove them.

If you have any questions or concerns about anything in this fix, please do not hesitate, to ask me. :)

=======

Your Farbar Service Scanner log file seems to indicate that this infection has corrupted some values in the registry.

We'll need to repair these a little later:

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

----------

We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Double click on Programs and Features
  • Find and click the Uninstall button to uninstall the following (if present):
  • Yontoo Layers Runtime 1.10.01


NEXT:


OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\..\SearchScopes\{4FAC635F-89EA-4C69-90F0-D11E574AFA4E}: "URL" = http://findgala.com/?&uid=8039&q={searchTerms}
    IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=4c652ac8-0825-4e0e-b24f-c6a9f271a547&query={searchTerms}
    IE - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51960
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    [2011/10/28 00:24:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\extensions\plugin@yontoo.com
    [2011/10/31 09:45:58 | 000,002,230 | ---- | M] () -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\searchplugins\iBryte_playbryte.xml
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-3883246492-1624535444-3722503841-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
    O33 - MountPoints2\{4d760fe5-98ff-11e0-9772-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{4d760fe5-98ff-11e0-9772-806e6f6e6963}\Shell\AutoRun\command - "" = E:\shellexec.exe rom\index.html
    MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
    MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
    MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
    [2012/06/16 00:23:17 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/06/19 08:33:07 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\800000cb.@
    [2012/06/19 08:33:06 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\80000000.@
    [2012/06/19 08:33:06 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\00000001.@
    [2012/01/30 04:18:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\@
    [2012/01/30 04:18:08 | 000,002,048 | -HS- | C] () -- C:\Users\Geoff\AppData\Local\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\@
    [2011/12/23 04:49:57 | 000,001,940 | -HS- | C] () -- C:\Users\Geoff\AppData\Local\onyjp1hx77po832tr117ov1g77b1s
    [2011/12/23 04:49:57 | 000,001,940 | -HS- | C] () -- C:\ProgramData\onyjp1hx77po832tr117ov1g77b1s
    [2011/12/10 23:10:45 | 000,011,408 | -HS- | C] () -- C:\ProgramData\mdtffr1f6yca6adb3cpj6q021g7c
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 GMathiasf

GMathiasf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 20 June 2012 - 02:41 AM

Computer crashes (goes blue screen and restarts itself) when I try and run the fix on OTL. I copy and paste verbatim, and even tried it a second time with the same result. I did not go on to the next step of combofix because I wasn't sure what was going on. I could not find a log, but my hidden files are now showing (not sure if that's relevant or not).

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:18 AM

Posted 20 June 2012 - 03:00 AM

Hi!

This infection can cause issues like this when we attempt to remove it.

I'd like to have you attempt to run the ComboFix instructions, and see if you have better luck doing that.

Let me know.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 GMathiasf

GMathiasf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 20 June 2012 - 04:19 AM

1. Took some time and what appeared to be quite a bit of effort, but the Combofix fought it's way through.

2. As mentioned before, OTL failed

3.

ComboFix 12-06-19.03 - Geoff 06/20/2012 4:43.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3001.1951 [GMT -4:00]
Running from: c:\users\Geoff\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\windows\$NtUninstallKB53143$
c:\windows\$NtUninstallKB53143$\139781783
c:\windows\$NtUninstallKB53143$\3975095160\@
c:\windows\$NtUninstallKB53143$\3975095160\bckfg.tmp
c:\windows\$NtUninstallKB53143$\3975095160\cfg.ini
c:\windows\$NtUninstallKB53143$\3975095160\Desktop.ini
c:\windows\$NtUninstallKB53143$\3975095160\keywords
c:\windows\$NtUninstallKB53143$\3975095160\kwrd.dll
c:\windows\$NtUninstallKB53143$\3975095160\L\qnbwvoto
c:\windows\$NtUninstallKB53143$\3975095160\lsflt7.ver
c:\windows\$NtUninstallKB53143$\3975095160\U\00000001.@
c:\windows\$NtUninstallKB53143$\3975095160\U\00000002.@
c:\windows\$NtUninstallKB53143$\3975095160\U\00000004.@
c:\windows\$NtUninstallKB53143$\3975095160\U\80000000.@
c:\windows\$NtUninstallKB53143$\3975095160\U\80000004.@
c:\windows\$NtUninstallKB53143$\3975095160\U\80000032.@
c:\windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\@
c:\windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\00000001.@
c:\windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\80000000.@
c:\windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\800000cb.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy8_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 08:59 . 2012-06-20 08:59 -------- d-----w- c:\users\Steph\AppData\Local\temp
2012-06-20 08:59 . 2012-06-20 09:02 -------- d-----w- c:\users\Geoff\AppData\Local\temp
2012-06-20 08:59 . 2012-06-20 08:59 -------- d-----w- c:\users\Johnny\AppData\Local\temp
2012-06-20 08:59 . 2012-06-20 08:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 08:59 . 2012-06-20 08:59 -------- d-----w- c:\users\Ailani\AppData\Local\temp
2012-06-19 05:10 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 05:10 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 05:10 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 05:10 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 05:10 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 05:10 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 05:10 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 05:10 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 05:10 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 15:52 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-17 15:52 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-17 15:52 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-17 15:52 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-06-17 15:50 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-17 15:50 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 15:50 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 15:50 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-17 15:50 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 04:23 . 2012-06-16 04:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-16 00:03 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75A99D43-12D7-4CC0-8477-34AC1CC30E76}\mpengine.dll
2012-06-14 19:16 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-12 15:20 . 2012-02-11 00:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0F11C9F-57D9-4353-92CD-59E602C51FAF}\gapaengine.dll
2012-06-07 16:24 . 2012-06-07 16:24 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 16:24 . 2012-06-07 16:24 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-30 17:59 . 2012-05-30 17:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-29 20:51 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-29 20:51 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 18:03 . 2012-05-16 18:03 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-04 19:56 . 2011-07-31 10:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 06:44 . 2012-01-03 07:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 16:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-31 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-16 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-02 01:06 249600 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 19:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 23:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-02-12 00:38 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 23:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-10-27 16:05 346672 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 23:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 22:58]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 22:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
uInternet Settings,ProxyServer = http=127.0.0.1:51960
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-MsMpSvc
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-20 05:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:96,c8,fe,d0,6d,95,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,bd,a4,0b,b4,b7,4b,4e,bc,4c,32,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,bd,a4,0b,b4,b7,4b,4e,bc,4c,32,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3820)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Launch Manager\dsiwmis.exe
c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-20 05:10:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-20 09:10
.
Pre-Run: 203,616,595,968 bytes free
Post-Run: 205,722,357,760 bytes free
.
- - End Of File - - 8BDCFB344D8BAC6FCCEF2CD171C5DEA0

4. Still running pretty well, no noticeable difficulties

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:18 AM

Posted 20 June 2012 - 06:30 AM

Hi GMathiasf!!

1. Took some time and what appeared to be quite a bit of effort, but the Combofix fought it's way through.

Glad to hear that you were able to get ComboFix to run. :)

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
Folder::
c:\windows\system32\%APPDATA%

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log file.
3. MalwareBytes' Anti-Malware log file.
4. ESET Online Virus Scan log file.
5. SecurityCheck log file.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 GMathiasf

GMathiasf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 20 June 2012 - 02:40 PM

1. I am somewhat confused as to whether or not my Windows Defender is disabled since it has been disabled by the virus, not me. So I ran everything under the assumption that is is disabled as I don't really have an option to otherwise.

One other concern that I wanted to note was that I made a mistake when reading the directions for the ESET Online Scanner. It said to press start, I did that. Wasn't until it was done (2 hour scan!) that I realized that I was supposed to uncheck the "Remove Found Threats" box. :/ So it did that and I hope it didn't screw anything up for your analysis. Sorry!

2. ComboFix 12-06-20.01 - Geoff 06/20/2012 11:40:40.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3001.2086 [GMT -4:00]
Running from: c:\users\Geoff\Desktop\ComboFix.exe
Command switches used :: c:\users\Geoff\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\%APPDATA%
c:\windows\system32\%APPDATA%\Microsoft\Internet Explorer\UserData\AA9IM30L\phoenix[1].xml
c:\windows\system32\%APPDATA%\Microsoft\Internet Explorer\UserData\index.dat
c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 15:51 . 2012-06-20 15:52 -------- d-----w- c:\users\Geoff\AppData\Local\temp
2012-06-20 15:51 . 2012-06-20 15:51 -------- d-----w- c:\users\Steph\AppData\Local\temp
2012-06-20 15:51 . 2012-06-20 15:51 -------- d-----w- c:\users\Johnny\AppData\Local\temp
2012-06-20 15:51 . 2012-06-20 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 15:51 . 2012-06-20 15:51 -------- d-----w- c:\users\Ailani\AppData\Local\temp
2012-06-19 05:10 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 05:10 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 05:10 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 05:10 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 05:10 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 05:10 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 05:10 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 05:10 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 05:10 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 15:52 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-17 15:52 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-17 15:52 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-17 15:52 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-06-17 15:50 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-17 15:50 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 15:50 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 15:50 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-17 15:50 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 00:03 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75A99D43-12D7-4CC0-8477-34AC1CC30E76}\mpengine.dll
2012-06-14 19:16 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-12 15:20 . 2012-02-11 00:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0F11C9F-57D9-4353-92CD-59E602C51FAF}\gapaengine.dll
2012-06-07 16:24 . 2012-06-07 16:24 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 16:24 . 2012-06-07 16:24 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-30 17:59 . 2012-05-30 17:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-29 20:51 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-29 20:51 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 18:03 . 2012-05-16 18:03 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-04 19:56 . 2011-07-31 10:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 06:44 . 2012-01-03 07:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 16:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-31 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-16 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-02 01:06 249600 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 19:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 23:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-02-12 00:38 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 23:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-10-27 16:05 346672 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 23:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 22:58]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 22:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
uInternet Settings,ProxyServer = http=127.0.0.1:51960
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-20 11:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:96,c8,fe,d0,6d,95,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,bd,a4,0b,b4,b7,4b,4e,bc,4c,32,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,bd,a4,0b,b4,b7,4b,4e,bc,4c,32,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3556)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Launch Manager\dsiwmis.exe
c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-20 11:59:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-20 15:59
ComboFix2.txt 2012-06-20 09:10
.
Pre-Run: 205,540,995,072 bytes free
Post-Run: 205,403,951,104 bytes free
.
- - End Of File - - 43740E97650D73990EF81BBCB0854ABA

3.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Geoff :: HOME [administrator]

6/20/2012 12:17:39 PM
mbam-log-2012-06-20 (12-17-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257842
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

4.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Geoff :: HOME [administrator]

6/20/2012 12:17:39 PM
mbam-log-2012-06-20 (12-17-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257842
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

5.
Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.62
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

6. Still going well, Nothing noteworthy.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:18 AM

Posted 21 June 2012 - 01:48 AM

Hi GMathiasf!

1. I am somewhat confused as to whether or not my Windows Defender is disabled since it has been disabled by the virus, not me. So I ran everything under the assumption that is is disabled as I don't really have an option to otherwise.

No worries, that's fine.

One other concern that I wanted to note was that I made a mistake when reading the directions for the ESET Online Scanner. It said to press start, I did that. Wasn't until it was done (2 hour scan!) that I realized that I was supposed to uncheck the "Remove Found Threats" box. :/ So it did that and I hope it didn't screw anything up for your analysis. Sorry!

I ask that the option to remove found threats get unchecked, because at times the scan can produce false positives or detect a critical system file as being infected. So I like to see what it finds first, then give you a fix to run.

It looks like you posted the MalwareBytes' Anti-Malware log twice.

Could you please try to do the following to get me the complete contents of the ESET Online Scan log file?

Locate ESET Online Scanner Log
The ESET Online Scanner log that you provided for me looks to be incomplete.

I need to get a look at the complete file if possible.

Please do the following:
On your keyboard press the Windows key + R
By pressing those two keys at the same time this should display the run dialog box.
Once the Run Dialog box appears please copy and paste the following:
C:\Program Files/ESET/ESET Online Scanner\log.txt
After you've copied and pasted the above please select OK.
This should display the ESET Online Scanner log.

Once the ESET Online Scanner log is displayed please copy and paste the contents of the file into your next post.


-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 GMathiasf

GMathiasf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 21 June 2012 - 07:46 AM

Sorry! This look right?

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=61e5c1b3527cbf4696be3d86c1e7a77f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-20 07:12:39
# local_time=2012-06-20 03:12:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 26998957 176817307 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=226081
# found=4
# cleaned=4
# scan_time=9780
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\800000cb.@.vir probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUH9XUL3\index7[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:18 AM

Posted 21 June 2012 - 07:56 AM

Hi!

Yep, it does!

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

-----

Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Adobe flash:
  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.


NEXT:


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Files
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 GMathiasf

GMathiasf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 21 June 2012 - 09:09 AM

***Log was too long to post, and too big to attach so I'm going to try and break it up and post it

Updated Reader and Flash

Once again, I got a critical error blue screen crash when I tried running the OTL fix.

OTL Scan log-too long

Performance-wise, the computer continues to show no signs of problems. I still cannot turn on Microsoft Security Essentials being the only noticeable problem.

OTL logfile created on: 6/21/2012 9:20:56 AM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Geoff\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 65.03% Memory free
6.06 Gb Paging File | 5.05 Gb Available in Paging File | 83.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 191.29 Gb Free Space | 66.35% Space Free | Partition Type: NTFS
Drive E: | 7.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME | User Name: Geoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 09:00:52 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/19 08:53:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
PRC - [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2009/05/15 22:39:46 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009/05/15 22:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009/05/15 22:39:44 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009/04/29 19:56:28 | 000,176,128 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
PRC - [2009/04/29 17:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/04/08 20:56:14 | 001,071,624 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/21 09:00:51 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/17 02:44:33 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003/06/07 17:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/17 02:44:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/05/15 22:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/04/29 17:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2009/04/10 22:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/02/21 22:41:44 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/02/21 22:41:44 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/02/21 22:41:44 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/10/09 22:23:06 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV - [2009/04/01 15:54:44 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2008/12/29 18:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/09 16:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 16:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 16:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/09/22 09:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0611&m=aspire_5810t
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {4FAC635F-89EA-4C69-90F0-D11E574AFA4E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4FAC635F-89EA-4C69-90F0-D11E574AFA4E}: "URL" = http://findgala.com/?&uid=8039&q={searchTerms}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=4c652ac8-0825-4e0e-b24f-c6a9f271a547&query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51960

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 02:44:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/21 09:12:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 02:44:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/21 09:12:44 | 000,000,000 | ---D | M]

[2011/10/27 20:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Extensions
[2012/06/20 03:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\extensions
[2012/05/19 14:19:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/31 09:45:58 | 000,002,230 | ---- | M] () -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\y8lv93lf.default\searchplugins\iBryte_playbryte.xml
[2011/12/15 22:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/05 20:27:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/07 07:44:58 | 000,043,151 | ---- | M] () (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y8LV93LF.DEFAULT\EXTENSIONS\LOUDEFIANT@SENOCULAR.COM.XPI
[2011/06/21 08:41:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/17 02:44:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/07 12:24:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/07 12:24:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: LoU Suite (76's Edit) = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\goghfdccicjnpcpkpnndmhoadebgpaep\1.1_0\
CHR - Extension: LoU Tweak = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglgjgbiphjfbkbdgaffpdplhhbmpmkb\1.6.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
CHR - Extension: LoU BoS = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkipfhjcbcbkeheedegdfbeeamdcapa\1.5.3_0\
CHR - Extension: Gmail = C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/20 11:52:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155D15D6-3A37-46C1-829C-818AF14FD13A}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/08/07 21:10:59 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

#14 GMathiasf

GMathiasf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 21 June 2012 - 09:15 AM

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 09:15:27 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012/06/21 09:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/21 09:08:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/21 09:01:27 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Macromedia
[2012/06/20 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/20 12:02:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/20 11:59:20 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\temp
[2012/06/20 11:58:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/20 11:37:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/20 04:21:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/20 04:21:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/20 04:21:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/20 04:03:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/20 04:03:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/20 04:03:01 | 004,563,504 | R--- | C] (Swearware) -- C:\Users\Geoff\Desktop\ComboFix.exe
[2012/06/20 03:22:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/19 08:53:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
[2012/06/19 08:42:11 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Geoff\Desktop\tdsskiller.exe
[2012/06/18 17:17:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Geoff\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/06/21 09:15:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 09:15:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 09:15:32 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 09:14:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 09:14:51 | 3147,612,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 09:14:49 | 262,433,505 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/21 09:12:44 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/21 08:50:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 13:59:32 | 000,881,475 | ---- | M] () -- C:\Users\Geoff\Desktop\SecurityCheck.exe
[2012/06/20 11:52:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/20 11:37:15 | 004,563,504 | R--- | M] (Swearware) -- C:\Users\Geoff\Desktop\ComboFix.exe
[2012/06/19 08:53:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
[2012/06/19 08:47:15 | 000,338,161 | ---- | M] () -- C:\Users\Geoff\Desktop\FSS.exe
[2012/06/19 08:42:29 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Geoff\Desktop\tdsskiller.exe
[2012/06/18 17:17:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Geoff\Desktop\dds.scr
[2012/06/18 17:15:46 | 000,000,000 | ---- | M] () -- C:\Users\Geoff\defogger_reenable
[2012/06/17 12:32:05 | 000,296,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/17 12:04:28 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/17 12:04:28 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/17 12:02:13 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/06/11 22:51:33 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/22 15:12:44 | 000,000,850 | ---- | M] () -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/06/21 09:12:44 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/21 09:12:44 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/20 13:59:28 | 000,881,475 | ---- | C] () -- C:\Users\Geoff\Desktop\SecurityCheck.exe
[2012/06/20 04:21:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/20 04:21:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/20 04:21:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/20 04:21:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/20 04:21:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/20 03:22:48 | 262,433,505 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/19 08:47:15 | 000,338,161 | ---- | C] () -- C:\Users\Geoff\Desktop\FSS.exe
[2012/06/18 17:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Geoff\defogger_reenable
[2012/06/17 12:02:13 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/05/22 15:12:44 | 000,000,850 | ---- | C] () -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 01:48:00 | 000,007,168 | ---- | C] () -- C:\Users\Geoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 04:18:08 | 000,002,048 | -HS- | C] () -- C:\Users\Geoff\AppData\Local\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\@
[2011/12/23 04:49:57 | 000,001,940 | -HS- | C] () -- C:\Users\Geoff\AppData\Local\onyjp1hx77po832tr117ov1g77b1s
[2011/12/23 04:49:57 | 000,001,940 | -HS- | C] () -- C:\ProgramData\onyjp1hx77po832tr117ov1g77b1s
[2011/12/10 23:10:45 | 000,011,408 | -HS- | C] () -- C:\ProgramData\mdtffr1f6yca6adb3cpj6q021g7c
[2011/12/08 13:53:40 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/09 05:20:06 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/10/09 05:20:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/10/09 05:20:06 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/10/09 05:20:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/10/09 05:20:06 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/10/09 05:20:06 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/10/09 05:20:06 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/10/09 05:20:06 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/10/09 05:20:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/10/09 05:20:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/10/09 05:20:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/10/09 05:20:06 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/10/09 05:20:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/10/09 05:20:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/10/09 05:20:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/10/09 05:20:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/07/15 16:48:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/15 16:48:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/17 15:32:55 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/06/17 15:32:54 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011/06/17 15:32:54 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/17 15:32:54 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2011/06/17 15:27:40 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2011/06/17 15:27:40 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2011/06/17 15:27:40 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/06/17 15:27:40 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/06/17 15:27:40 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/06/17 15:27:40 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/06/17 15:27:40 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/06/17 13:22:40 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== LOP Check ==========

[2011/06/17 16:02:14 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Acer
[2009/04/08 04:03:12 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Acer GameZone Console
[2011/11/13 05:25:36 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Avo4pmH5sQdKRYw
[2012/02/06 02:34:48 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\B59B5
[2012/05/31 11:28:32 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\C29B5
[2011/06/17 21:53:32 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\eSobi
[2012/05/15 19:54:31 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Flip Video
[2011/11/13 06:03:40 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\i99YwIzNApGsdf9
[2011/06/17 16:01:58 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Leadertech
[2011/11/13 05:25:06 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\nFF4HsJELgZY
[2011/10/27 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\OpenCandy
[2011/11/13 05:25:12 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\pDn5dhUND4J8etA
[2012/02/09 19:09:29 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\TaxCut
[2011/11/13 05:25:38 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\ullIIBtNA
[2011/11/13 05:54:30 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\yqjYCekIVzNx0c2
[2011/11/13 05:54:29 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\zQWK7fRL9T
[2012/06/21 02:18:30 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< >

< >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/17 02:44:24 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/17 02:44:34 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/27 20:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\*. /rp /s >

#15 GMathiasf

GMathiasf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 21 June 2012 - 09:17 AM

There's a HUGE chunk of google chrome user data. Do you need that?

Then after that ends, just this.


< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-17 16:07:18

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users