Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Alureon [Solved]

Started by nanabentley , Aug 20 2009 10:20 AM

  • This topic is locked This topic is locked

#1
nanabentley
Posted 20 August 2009 - 10:20 AM

nanabentley

    Member

  • Member
  • PipPip
  • 37 posts
I am having a big mess. AVG found a virus and 2 trojans on my laptop. My son downloaded something and now I dont know what to do. The virus is Win32/Alureon and the trojans are Agent2.PQV and Generic14.PKD. Can anyone help me. I have tried to remove them and its not working. I hope someone has an answer for me. Thank you for your time. CB

Edited by Essexboy, 20 August 2009 - 11:30 AM.
email removed

  • 0

Advertisements

#2
Essexboy
Posted 20 August 2009 - 11:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need a touch more information :)

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



THEN

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

  • 0

#3
nanabentley
Posted 20 August 2009 - 02:06 PM

nanabentley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Attached File  OTS.Txt   144.96KB   211 downloads

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 488
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 564
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 608
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 692
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 704
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 712
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 768
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 964
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1048
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1240
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1292
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1348
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1468
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1504
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1548
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1712
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1908
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1932
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2240
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 2816
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2824
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2932
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2556
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2956
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 3076
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wuauclt.exe
PID: 4048
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgui.exe
PID: 5528
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 3632
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 5092
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 5676
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 2476
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 5236
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 1616
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 2172
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 5864
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 5176
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eNet\eNet Service.exe
PID: 4920
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PID: 5432
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PID: 3036
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PID: 744
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 3524
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 568
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 5828
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WUDFHost.exe
PID: 5096
Hidden: No
Window Visible: No

Name: C:\Users\Acer\Downloads\OTS.exe
PID: 2428
Hidden: No
Window Visible: No

Name: C:\Windows\notepad.exe
PID: 5200
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 4036
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 5204
Hidden: No
Window Visible: No

Name: C:\Program Files\jZip\jZip.exe
PID: 5036
Hidden: No
Window Visible: No

Name: C:\Users\Acer\Desktop\SysProt\SysProt.exe
PID: 4592
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\system32\drivers\ESQULttrukrosnxxmbdvpwqndbqcefnwtjwfc.sys
Service Name: ESQULserv.sys
Module Base: ---
Module End: ---
Hidden: Yes

Module Name: \??\C:\Users\Acer\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B0998000
Module End: B09A3000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 8241C000
Module End: 827D5000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 827D5000
Module End: 82808000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8060D000
Module End: 80615000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80615000
Module End: 80675000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80675000
Module End: 80686000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80686000
Module End: 8068E000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8068E000
Module End: 806CF000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 806CF000
Module End: 807AF000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 82A0D000
Module End: 82A89000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 82A89000
Module End: 82A96000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 82A96000
Module End: 82ADC000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 82ADC000
Module End: 82AE5000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 82AE5000
Module End: 82AED000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 82AED000
Module End: 82B14000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 82B14000
Module End: 82B23000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 82B23000
Module End: 82B26000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 82B26000
Module End: 82B30000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 82B30000
Module End: 82B3F000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 82B3F000
Module End: 82B89000
Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 82B89000
Module End: 82B90000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 82B90000
Module End: 82B9E000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 82B9E000
Module End: 82BAE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\iaStor.sys
Service Name: iaStor
Module Base: 88009000
Module End: 880C7000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 880C7000
Module End: 880CF000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 880CF000
Module End: 880ED000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 880ED000
Module End: 8811F000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 8811F000
Module End: 8812F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\psdfilter.sys
Service Name: PSDFilter
Module Base: 8812F000
Module End: 88138000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 88138000
Module End: 88141000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 88141000
Module End: 881B2000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 88203000
Module End: 8830E000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 88339000
Module End: 88373000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 88408000
Module End: 884EF000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 884EF000
Module End: 8850A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 88601000
Module End: 88710000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 88710000
Module End: 88749000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 88749000
Module End: 88751000
Hidden: No

Module Name: C:\Windows\system32\drivers\psdvdisk.sys
Service Name: disk
Module Base: 88751000
Module End: 88763000
Hidden: No

Module Name: C:\Windows\system32\drivers\PSDNServ.sys
Service Name: PSDNServ
Module Base: 88763000
Module End: 8876C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8876C000
Module End: 8877B000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8877B000
Module End: 887A2000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: ---
Module Base: 887A2000
Module End: 887B3000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 887B3000
Module End: 887D4000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 887D4000
Module End: 887DD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 887EA000
Module End: 887F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 887F5000
Module End: 887FE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 885C8000
Module End: 885D7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys
Service Name: igfx
Module Base: 8C401000
Module End: 8CA38000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8CA38000
Module End: 8CAD7000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8CAD7000
Module End: 8CAE4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 8CAE4000
Module End: 8CAEF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8CAEF000
Module End: 8CB2D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8CB2D000
Module End: 8CB3C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8CB3C000
Module End: 8CB4E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\NETw4v32.sys
Service Name: NETw4v32
Module Base: 8CC09000
Module End: 8CE32000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8CE32000
Module End: 8CE42000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8CE42000
Module End: 8CE50000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 8CE50000
Module End: 8CE6A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 8CE6A000
Module End: 8CE7B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 8CE7B000
Module End: 8CE8F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 8CE8F000
Module End: 8CEE1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\winbondcir.sys
Service Name: winbondcir
Module Base: 8CEE1000
Module End: 8CEF6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8CEF6000
Module End: 8CF09000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\DKbFltr.sys
Service Name: DKbFltr
Module Base: 8CF09000
Module End: 8CF13000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8CF13000
Module End: 8CF1E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 8CF1E000
Module End: 8CF4C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8CF4C000
Module End: 8CF4E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8CF4E000
Module End: 8CF59000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8CF59000
Module End: 8CF71000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\NTIDrvr.sys
Service Name: NTIDrvr
Module Base: 8CF71000
Module End: 8CF73000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 8CF73000
Module End: 8CF7D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 8CF7D000
Module End: 8CF81000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 8CF81000
Module End: 8CF8A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8CF8A000
Module End: 8CFB8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8CFB8000
Module End: 8CFF9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8CB4E000
Module End: 8CB59000
Hidden: No

Module Name: C:\Windows\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: 8CC00000
Module End: 8CC08000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8CB59000
Module End: 8CB66000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8CB66000
Module End: 8CB7D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8CB7D000
Module End: 8CB88000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8CB88000
Module End: 8CBAB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8CBAB000
Module End: 8CBBA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8CBBA000
Module End: 8CBCE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8CBCE000
Module End: 8CBE3000
Hidden: No

Module Name: C:\Windows\System32\Drivers\pcouffin.sys
Service Name: pcouffin
Module Base: 8CBE3000
Module End: 8CBEF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\RimSerial.sys
Service Name: RimVSerPort
Module Base: 8CFF9000
Module End: 8D000000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8CBEF000
Module End: 8CBFF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 887FE000
Module End: 88800000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 88373000
Module End: 8839D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\circlass.sys
Service Name: circlass
Module Base: 885D7000
Module End: 885E5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 885E5000
Module End: 885EF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 885EF000
Module End: 885FC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8839D000
Module End: 883D1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 883D1000
Module End: 883E2000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8D202000
Module End: 8D3DD000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 881B2000
Module End: 881DF000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 82BAE000
Module End: 82BD3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 807AF000
Module End: 807EC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8D404000
Module End: 8D507000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8D507000
Module End: 8D5BC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidir.sys
Service Name: HidIr
Module Base: 8D5BC000
Module End: 8D5C7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8D5C7000
Module End: 8D5D7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8D5D7000
Module End: 8D5DE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 8D5DE000
Module End: 8D5E7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8D5E7000
Module End: 8D5EF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\snp2uvc.sys
Service Name: SNP2UVC
Module Base: 8EE0F000
Module End: 8EFB6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\STREAM.SYS
Service Name: ---
Module Base: 8EFB6000
Module End: 8EFC3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sncduvc.SYS
Service Name: ---
Module Base: 8EFC3000
Module End: 8EFCA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8EFDA000
Module End: 8EFE1000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8EFE1000
Module End: 8EFED000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8D3DD000
Module End: 8D3FE000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8EFED000
Module End: 8EFF5000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8EFF5000
Module End: 8EFFD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8EE00000
Module End: 8EE09000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 883E2000
Module End: 883F0000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 883F0000
Module End: 883F9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 881DF000
Module End: 881F5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: 93202000
Module End: 9321B000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 9321B000
Module End: 9324D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 9324D000
Module End: 93261000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 93261000
Module End: 932A9000
Hidden: No

Module Name: C:\Windows\system32\drivers\ws2ifsl.sys
Service Name: ws2ifsl
Module Base: 932A9000
Module End: 932B2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 932B2000
Module End: 932C8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 932C8000
Module End: 932D6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 932D6000
Module End: 932E9000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: 932E9000
Module End: 93309000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 93310000
Module End: 9334C000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 9334C000
Module End: 93356000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 93356000
Module End: 9336D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: 9336D000
Module End: 93373000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: 93373000
Module End: 933C4000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 933C4000
Module End: 933D1000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8850A000
Module End: 885C8000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 933D1000
Module End: 933DB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 933DB000
Module End: 933EA000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 81209000
Module End: 81224000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 8122C000
Module End: 812DB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\RMCAST.sys
Service Name: RMCAST
Module Base: 812DB000
Module End: 8130B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 8130B000
Module End: 8131B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 8131B000
Module End: 81345000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 81345000
Module End: 8134F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 8134F000
Module End: 81362000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 81362000
Module End: 813CD000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 813CD000
Module End: 813EA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: AE007000
Module End: AE020000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: AE020000
Module End: AE035000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: AE035000
Module End: AE055000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: AE055000
Module End: AE074000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: AE074000
Module End: AE0AD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: AE0AD000
Module End: AE0C5000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: AE0C5000
Module End: AE0EC000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: AE0EC000
Module End: AE138000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: AE150000
Module End: AE166000
Hidden: No

Module Name: \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
Service Name: int15
Module Base: AE166000
Module End: AE16D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: AE16D000
Module End: AE171000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: B080C000
Module End: B08EA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: B08EA000
Module End: B08F4000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: B08F4000
Module End: B0900000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: B0900000
Module End: B0908000
Hidden: No

Module Name: \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
Service Name: {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}
Module Base: B0908000
Module End: B0925000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Service Name: SASENUM
Module Base: B0925000
Module End: B092A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: B0931000
Module End: B0948000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbscan.sys
Service Name: usbscan
Module Base: B0948000
Module End: B0955000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: B0955000
Module End: B095F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: B095F000
Module End: B0971000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Name: WUDFRd
Module Base: B0971000
Module End: B0986000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFPf.sys
Service Name: ---
Module Base: B0986000
Module End: B0998000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8EFD3000
Module End: 8EFDA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8D5EF000
Module End: 8D5FA000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: 932F1660
Driver Base: 932E9000
Driver End: 93309000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwSaveKeyEx
At Address: 8267162A
Jump To: 8F9FF8F2
Module Name: _unknown_

Hooked Function: ZwSaveKey
At Address: 82671523
Jump To: 8FDF9E92
Module Name: _unknown_

Hooked Function: ZwFlushInstructionCache
At Address: 825CE30B
Jump To: 8F3B66DC
Module Name: _unknown_

Hooked Function: ZwEnumerateKey
At Address: 82623BA2
Jump To: 8F9FE9FC
Module Name: _unknown_

Hooked Function: IofCompleteRequest
At Address: 82455FE2
Jump To: 8F9F774B
Module Name: _unknown_

Hooked Function: IofCallDriver
At Address: 824D7F6F
Jump To: 8F9F362A
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: JACKSON-PC:64514
Remote Address: BW-IN-F137.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: JACKSON-PC:64502
Remote Address: FK-IN-F166.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: JACKSON-PC:64490
Remote Address: A92-123-220-20.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: CLOSE_WAIT

Local Address: JACKSON-PC:64467
Remote Address: FX-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: JACKSON-PC:64461
Remote Address: FX-IN-F99.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:64459
Remote Address: FX-IN-F99.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:64455
Remote Address: FK-IN-F97.GOOGLE.COM:HTTPS
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: JACKSON-PC:64453
Remote Address: BW-IN-F100.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: JACKSON-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JACKSON-PC:64513
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: JACKSON-PC:64501
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: JACKSON-PC:64489
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: JACKSON-PC:64466
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: JACKSON-PC:64452
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: JACKSON-PC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: JACKSON-PC:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: JACKSON-PC:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: JACKSON-PC:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64513
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64509
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64506
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64501
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64499
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64497
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64495
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64493
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64491
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64489
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: FIN_WAIT2

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64483
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64479
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64477
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64475
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64466
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: JACKSON-PC:10080
Remote Address: LOCALHOST:64452
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: JACKSON-PC:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: JACKSON-PC:49213
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: JACKSON-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: JACKSON-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JACKSON-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JACKSON-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: JACKSON-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JACKSON-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JACKSON-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JACKSON-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JACKSON-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JACKSON-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JACKSON-PC:62456
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: JACKSON-PC:55439
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JACKSON-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JACKSON-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JACKSON-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JACKSON-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JACKSON-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\SPP
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{4d75ff7c-7d5b-11de-a166-c10df17cff41}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{90ca969d-8d74-11de-bf5b-8a9c9ce7acf6}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{925dac84-8b37-11de-8f06-9838b4581b31}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{925dae80-8b37-11de-8f06-9838b4581b31}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{c7b34bf1-8a04-11de-8cac-92bee74dcd21}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{c7b34caf-8a04-11de-8cac-b305264d0fe0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{cf94ba48-7a23-11de-9627-001b24b4e75b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{cf94baa1-7a23-11de-9627-001b24b4e75b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{cf94bb59-7a23-11de-9627-001b24b4e75b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{dc80559d-8646-11de-bc93-fb9eb965e3ba}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{dc8055f0-8646-11de-bc93-a2e14c0036e3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{dc80562e-8646-11de-bc93-c9db06d5211c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{dc805638-8646-11de-bc93-c9db06d5211c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{dc805681-8646-11de-bc93-e3c4389c3b1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{dc80577c-8646-11de-bc93-e3c4389c3b1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{dc805786-8646-11de-bc93-e3c4389c3b1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{f7563dc3-88ba-11de-a5af-cdc50bf4e513}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\SystemRestore
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{90ca969c-8d74-11de-bf5b-8a9c9ce7acf6}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Users\Acer\Downloaded Programs & Misc\Hallmark Card Studio 2009 Deluxe\wedding_march__mendelssohn_.
Status: Hidden

Object: C:\Users\Acer\Downloaded Programs & Misc\Hallmark Card Studio 2009 Deluxe\_812_overture__tchaikovsky_.
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
  • 0

#4
nanabentley
Posted 20 August 2009 - 02:08 PM

nanabentley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I hope I did this correctly. Thank you for your time in dealing with this. I am eternally grateful. CB
  • 0

#5
Essexboy
Posted 20 August 2009 - 03:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again CB I can see the miscreant so lets start to clean you up.. This will be fairly long but should kill most of it by the time you are finished. If you have any questions then stop and ask, I shall be online for the next hour or so :)

FIRST

Run Sysprot and select the Kernel Modules tab
Place a tick in the box entitled Hidden Objects Only
Click Refresh
Locate the following entry :

Module Name: \systemroot\system32\drivers\ESQULttrukrosnxxmbdvpwqndbqcefnwtjwfc.sys

Left click and then select Disable on the bottom right

Reboot your computer

NEXT

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Win32 Services - Safe List]
YY -> (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> 
[Registry - Safe List]
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
YN -> NameServer -> 85.255.112.88,85.255.112.236
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {73B976B0-6E6F-4077-B6A4-35E411255651}\\NameServer -> 85.255.112.88,85.255.112.236   (Intel(R) Wireless WiFi Link 4965AGN)
[Files/Folders - Created Within 30 Days]
NY -> {7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[Files/Folders - Modified Within 30 Days]
NY -> {7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[File - Lop Check]
NY -> {7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

FINALLY FOR NOW

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a OTL log so we can continue cleaning the system.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#6
nanabentley
Posted 20 August 2009 - 07:03 PM

nanabentley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here again I hope this is right.......

All Processes Killed
[Win32 Services - Safe List]
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File not found.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NameServer updated successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73B976B0-6E6F-4077-B6A4-35E411255651}\\NameServer updated successfully.
[Files/Folders - Created Within 30 Days]
C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job moved successfully.
[Files/Folders - Modified Within 30 Days]
File C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job not found!
[File - Lop Check]
File C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job not found!
[Empty Temp Folders]


User: Acer
->Temp folder emptied: 387522 bytes
File delete failed. C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 5688870 bytes

User: All Users

User: cody
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.79 mb

< End of fix log >
OTS by OldTimer - Version 3.0.10.3 fix logfile created on 08202009_175619

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#7
nanabentley
Posted 20 August 2009 - 07:36 PM

nanabentley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Sorry............... Heres the other log you asked for below. I had a hard time opening IE to go online. Finally I went into my programs and right clicked on it and ran as administrator and here I am....... Thanks bunches CB

ComboFix 09-08-20.02 - Acer 08/20/2009 18:13.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1026 [GMT -7:00]
Running from: c:\users\Acer\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Acer\AppData\Roaming\inst.exe
c:\windows\system32\drivers\ESQULttrukrosnxxmbdvpwqndbqcefnwtjwfc.sys
c:\windows\system32\ESQULedvesqvrenkcmhbimofrnxubbhiehxdt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 00:56 . 2009-08-21 00:56 -------- d-----w- C:\_OTS
2009-08-20 16:28 . 2007-12-14 08:55 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-08-20 08:52 . 2009-08-20 08:52 -------- d-----w- c:\program files\RAR Password Unlocker
2009-08-17 06:12 . 2009-08-17 06:12 -------- d-----w- c:\program files\iPod
2009-08-17 06:11 . 2009-08-17 06:12 -------- d-----w- c:\program files\iTunes
2009-08-17 06:08 . 2009-08-17 06:08 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-16 21:28 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-16 21:28 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-16 21:28 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-16 21:28 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-16 21:28 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-16 21:28 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-16 21:28 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-16 21:28 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-16 01:08 . 2009-08-16 01:16 -------- d-----w- c:\programdata\DVD Shrink
2009-08-16 01:08 . 2009-08-16 01:08 -------- d-----w- c:\program files\DVD Shrink
2009-08-15 00:27 . 2009-08-15 00:27 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCE99.tmp.exe
2009-08-15 00:27 . 2009-08-17 01:51 -------- d-----w- c:\users\cody\AppData\Local\Google
2009-08-14 23:54 . 2009-08-14 23:54 680 ----a-w- c:\users\cody\AppData\Local\d3d9caps.dat
2009-08-13 12:23 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 12:23 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 12:23 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 12:23 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 12:23 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 12:23 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 12:23 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 12:22 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 19:11 . 2009-08-20 09:36 -------- d-----w- C:\ipod_video
2009-08-12 19:06 . 2007-04-12 21:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-08-12 19:06 . 2006-09-26 20:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2009-08-12 19:06 . 2009-08-12 19:09 -------- d-----w- c:\program files\Ultra iPod Movie Converter
2009-07-30 23:35 . 2009-07-30 23:35 -------- d-----w- c:\program files\Red Kawa
2009-07-30 22:45 . 2009-07-30 22:45 -------- d-----w- c:\users\Acer\AppData\Local\SupportSoft
2009-07-30 22:45 . 2009-07-30 22:45 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-07-25 01:58 . 2009-07-25 01:58 713992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-23 02:48 . 2009-07-23 03:18 -------- d-----w- c:\users\Acer\AppData\Roaming\Roxio
2009-07-23 02:41 . 2009-07-23 02:41 -------- d-----w- c:\programdata\InstallShield
2009-07-23 02:41 . 2009-07-23 02:41 -------- d-----w- c:\programdata\Sonic
2009-07-23 02:39 . 2009-07-23 02:39 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-23 02:36 . 2007-01-18 17:24 26496 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2009-07-23 02:36 . 2009-07-23 02:36 -------- d-----w- c:\program files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 01:25 . 2009-03-22 01:16 -------- d-----w- c:\users\Acer\AppData\Roaming\uTorrent
2009-08-20 19:43 . 2009-04-02 00:26 -------- d-----w- c:\programdata\CanonIJPLM
2009-08-20 16:26 . 2009-03-22 02:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-20 16:25 . 2009-03-22 01:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-20 14:25 . 2009-03-22 01:37 -------- d-----w- c:\programdata\avg8
2009-08-17 06:12 . 2009-03-23 04:56 -------- d-----w- c:\program files\Common Files\Apple
2009-08-15 00:27 . 2009-08-14 23:43 -------- d-----w- c:\users\cody\AppData\Roaming\yahoo!
2009-08-14 23:43 . 2009-08-14 23:43 141360 ----a-w- c:\users\cody\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 23:43 . 2009-08-14 23:43 -------- d-----w- c:\users\cody\AppData\Roaming\Acer
2009-08-14 23:43 . 2009-08-14 23:43 -------- d-----w- c:\users\cody\AppData\Roaming\Research In Motion
2009-08-14 23:43 . 2009-08-14 23:43 -------- d-----w- c:\users\cody\AppData\Roaming\Leadertech
2009-08-14 10:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-12 18:06 . 2009-03-22 02:02 -------- d-----w- c:\users\Acer\AppData\Roaming\Vso
2009-08-12 16:51 . 2009-03-22 01:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 17:11 . 2009-03-23 05:01 -------- d-----w- c:\users\Acer\AppData\Roaming\Apple Computer
2009-07-26 03:46 . 2009-03-20 23:33 2876 ----a-w- c:\users\Acer\AppData\Roaming\wklnhst.dat
2009-07-25 15:39 . 2009-04-12 11:57 -------- d-----w- c:\users\Acer\AppData\Roaming\dvdcss
2009-07-23 03:18 . 2009-07-23 02:38 -------- d-----w- c:\programdata\Roxio
2009-07-23 02:44 . 2008-11-03 23:42 141360 ----a-w- c:\users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-23 02:41 . 2008-11-04 00:03 -------- d-----w- c:\users\Acer\AppData\Roaming\InstallShield
2009-07-23 02:39 . 2009-07-23 02:38 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-23 02:39 . 2009-07-23 02:38 -------- d-----w- c:\program files\Roxio
2009-07-23 02:38 . 2009-07-23 02:38 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-07-23 02:38 . 2007-12-18 07:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-23 02:36 . 2009-06-18 06:40 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-18 16:06 . 2009-07-29 12:46 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 12:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 12:46 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 05:46 . 2009-07-15 05:16 -------- d-----w- c:\programdata\NOS
2009-07-15 05:45 . 2009-07-15 05:16 -------- d-----w- c:\program files\NOS
2009-06-25 15:59 . 2009-03-22 01:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 15:59 . 2009-03-22 01:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 03:41 . 2009-06-22 03:41 -------- d-----w- c:\users\Acer\AppData\Roaming\acccore
2009-06-22 03:35 . 2009-06-22 03:32 -------- d-----w- c:\programdata\AOL OCP
2009-06-22 03:34 . 2009-06-22 03:31 -------- d-----w- c:\program files\AIM6
2009-06-22 03:33 . 2009-06-22 03:33 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-06-22 03:33 . 2009-06-22 03:33 -------- d-----w- c:\program files\Viewpoint
2009-06-22 03:33 . 2009-06-22 03:33 -------- d-----w- c:\programdata\Viewpoint
2009-06-22 03:33 . 2009-06-22 03:33 -------- d-----w- c:\programdata\acccore
2009-06-22 03:32 . 2009-06-22 03:32 -------- d-----w- c:\programdata\AOL
2009-06-22 03:32 . 2009-06-22 03:32 -------- d-----w- c:\program files\Common Files\AOL
2009-06-18 06:40 . 2009-06-18 06:40 10134 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{03B0EB18-51D2-4302-B92C-BBAE869FFBBF}\ARPPRODUCTICON.exe
2009-06-18 01:21 . 2007-04-26 17:45 6540 ----a-w- c:\users\Acer\AppData\Local\d3d9caps.dat
2009-06-15 15:24 . 2009-07-14 19:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-14 19:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-14 19:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-14 19:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-13 09:36 . 2009-06-13 09:36 237568 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
2009-06-13 09:36 . 2009-06-13 09:36 319488 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\NewShortcut4_10BBCB1500964695A88260002365C651.exe
2009-06-13 09:36 . 2009-06-13 09:36 319488 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\NewShortcut3_3987B53B5DA14BC1A6C6F7287E3934AC.exe
2009-06-13 09:36 . 2009-06-13 09:36 319488 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\NewShortcut1_E03900ACFBF7448FBB42EB050CC37F67.exe
2009-06-13 09:36 . 2009-06-13 09:36 319488 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\ARPPRODUCTICON.exe
2009-06-13 09:36 . 2009-06-13 09:36 237568 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\SHORTCUT_EP_3190D92A30664FA7847D17E0404C2F43.exe
2009-06-09 16:34 . 2009-06-09 16:34 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-06-09 15:42 . 2009-03-22 16:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-05 18:42 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-22 270128]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-22 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-14 154136]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-09-01 1286144]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-02 151552]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-12-14 1826816]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-12-14 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Acer Tour Reminder"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Persistence"=c:\windows\system32\igfxpers.exe
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF665330-CB5E-44E9-966C-A956F77BE7F9}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{C3432620-CF0A-4C34-B94E-DCFBFE405D1C}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{BEF5B974-3178-442C-89C2-7EE0B1F4CA9F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{EB435A7A-031E-47C9-AC08-26EBF795F484}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{A5E7ADEB-655C-41BF-B532-DC4014EB853C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FF761DED-5389-41AD-A7C3-CFE64887C705}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B00FEB21-9121-4DD2-B410-1B02F2CB8632}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{131574A5-A6C7-44C1-A2ED-C0D8958BB7C0}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{2F8D22DB-DA2F-4E5A-8CC7-4A01E803017F}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{AA69A782-78C1-4865-B080-010526844939}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{61478FC6-77BE-458E-B5EA-95A58B725EC8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{891F3485-4A25-4D51-B5C0-B717D513619D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{25097BEF-B84D-4061-A3A3-C9C6DD28E107}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{FECC3B2D-4253-4B4E-AFB8-42E0A68A2613}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{2DB0C1E0-66C3-4BBA-A275-9A2539445EB2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A885393C-5121-4920-B817-B2E0B0D85AEB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{8D64ABA4-D6D1-409D-9C79-8A93D1F5ABB4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{77B1DB5E-3AD8-4311-A4D7-FBD377E547DF}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{492E388F-3D62-4D02-B00F-1454BDEEB964}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2BB06534-DFA4-4051-AAAD-24FAA302F020}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{CE13EDD0-7324-42C7-B06C-4711B8155714}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FE027801-CF5A-4C4D-B73B-88DF917DFAE4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{ECEDE76D-60FD-4E2D-B0B7-9471610BD0FB}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{421D4509-02D0-4B04-BE9D-E018745708DB}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{8114A153-A8CA-44CC-BE09-7723C35ECBC3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{527D9E7A-752D-456A-B590-A1542109C5B4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/21/2009 6:37 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/22/2009 9:37 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 2:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 2:03 PM 51440]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [11/3/2008 4:46 PM 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/21/2009 6:37 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/22/2009 9:37 AM 298776]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [11/3/2008 4:55 PM 233472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [3/21/2009 6:59 PM 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/21/2009 8:33 PM 24652]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [12/17/2007 11:10 PM 43008]
S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [12/17/2007 11:10 PM 26368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [12/17/2007 11:10 PM 179712]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [12/17/2007 11:10 PM 42240]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 2:51 PM 4096]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\Acer\Desktop\SysProt\SysProtDrv.sys [8/20/2009 5:40 PM 44288]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://en.us.acer.yahoo.com
IE: E&xport to Microsoft Excel
LSP: c:\windows\system32\wpclsp.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2336)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-21 18:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 01:27

Pre-Run: 36,492,259,328 bytes free
Post-Run: 36,322,963,456 bytes free

306 --- E O F --- 2009-08-17 10:02
  • 0

#8
Essexboy
Posted 21 August 2009 - 02:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking much better - I will now do another sweep with a different tool and then look at any repairs that need to be made

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

THEN

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

When you post these logs can you let me know of all your problems still being experienced
  • 0

#9
nanabentley
Posted 21 August 2009 - 08:44 AM

nanabentley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hey okay here goes. Although it says that there are no infected files, my AVG scan from this morning says that the virus is still there. So I dont know what to think. The computer is running okay so far, but it keeps hanging up and not responding. Anyways I appreciate your time and hard work. Here are the logs you requested.........

Malwarebytes' Anti-Malware 1.40
Database version: 2670
Windows 6.0.6001 Service Pack 1

8/21/2009 7:22:52 AM
mbam-log-2009-08-21 (07-22-52).txt

Scan type: Quick Scan
Objects scanned: 92680
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




OTL logfile created on: 8/21/2009 7:36:04 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Acer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.94% Memory free
4.00 Gb Paging File | 2.96 Gb Available in Paging File | 73.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 30.25 Gb Free Space | 27.09% Space Free | Partition Type: NTFS
Drive D: | 107.56 Gb Total Space | 68.14 Gb Free Space | 63.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKSON-PC
Current User Name: Acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Users\Acer\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (eDataSecurity Service [Auto | Running]) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (eLockService [Auto | Running]) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (eNet Service [Auto | Running]) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eRecoveryService [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService [Auto | Running]) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MobilityService [Auto | Running]) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RS_Service [Auto | Running]) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMIService [Auto | Running]) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (A310 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (b57nd60x [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BDASwCap [On_Demand | Stopped]) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (int15 [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PSDFilter [Boot | Running]) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (PSDNServ [Boot | Running]) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk [Boot | Running]) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RMCAST [Auto | Running]) -- C:\Windows\System32\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ()
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ()
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SNP2UVC [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\snp2uvc.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (SysProtDrv.sys [On_Demand | Stopped]) -- C:\Users\Acer\Desktop\SysProt\SysProtDrv.sys ()
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (winbondcir [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running]) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\S-1-5-21-1466171669-638389705-3811094347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 03:05:53 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( )
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [Acer Tour Reminder] File not found
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\..Trusted Domains: 22 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/21 07:35:32 | 00,629,521 | ---- | C] () -- C:\Users\Acer\Desktop\Replying in Win32-Alureon - Geeks to Go!.mht
[2009/08/21 07:32:13 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/08/21 07:16:32 | 00,000,913 | ---- | C] () -- C:\Users\Acer\Desktop\Internet Explorer.lnk
[2009/08/21 07:15:05 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2009/08/21 07:15:03 | 00,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/21 07:15:00 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/21 07:14:59 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/21 07:14:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/21 07:14:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/21 03:00:28 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/08/21 03:00:27 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/08/21 03:00:27 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/08/21 03:00:27 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/08/21 03:00:27 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/08/21 03:00:26 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/08/21 03:00:24 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/08/21 03:00:21 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/08/20 20:54:40 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Acer\Desktop\Start-up Lite.exe
[2009/08/20 18:28:25 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/08/20 18:28:25 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\temp
[2009/08/20 18:24:35 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/20 18:09:51 | 00,228,864 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/20 18:09:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/20 18:09:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/20 18:09:51 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/20 18:09:51 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/20 18:09:51 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/20 18:09:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/20 18:09:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/20 18:09:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/20 18:06:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/20 18:05:29 | 03,180,706 | R--- | C] () -- C:\Users\Acer\Desktop\Combo-Fix.exe
[2009/08/20 17:56:19 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/08/20 13:00:42 | 00,000,000 | ---D | C] -- C:\Users\Acer\Desktop\SysProt
[2009/08/20 09:28:42 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2009/08/20 03:18:07 | 00,000,004 | ---- | C] () -- C:\Windows\System32\ESQULzxspectrum
[2009/08/20 01:52:34 | 00,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2009/08/16 23:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/16 23:11:57 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/16 14:28:56 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/16 14:28:56 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/16 14:28:56 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/16 14:28:56 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/16 14:28:56 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/16 14:28:55 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/16 14:28:55 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/16 14:28:55 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/15 18:08:31 | 00,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2009/08/15 18:08:30 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/08/13 05:23:18 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/13 05:23:16 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/13 05:23:14 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/13 05:23:12 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/13 05:23:08 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/13 05:23:07 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/13 05:23:06 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/13 05:23:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/13 05:23:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/13 05:22:56 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/13 05:22:55 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/13 05:22:55 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/12 12:11:40 | 00,000,000 | ---D | C] -- C:\ipod_video
[2009/08/12 12:06:07 | 00,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\Windows\System32\GplMpgDec.ax
[2009/08/12 12:06:07 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/08/12 12:06:07 | 00,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/08/12 12:06:06 | 00,000,000 | ---D | C] -- C:\Program Files\Ultra iPod Movie Converter
[2009/07/30 16:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2009/07/30 15:46:17 | 00,000,972 | ---- | C] () -- C:\net_save.dna
[2009/07/30 15:45:58 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\SupportSoft
[2009/07/30 15:45:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2009/07/29 05:46:34 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/29 05:46:33 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/29 05:46:32 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/29 05:46:31 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/29 05:46:30 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/29 05:46:28 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/29 05:46:26 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/29 05:46:26 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/29 05:46:24 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/29 05:46:23 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/29 05:46:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/29 05:46:22 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/29 05:46:21 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/29 05:46:20 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/29 05:46:20 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/24 18:20:07 | 02,680,440 | ---- | C] () -- C:\Users\Acer\Documents\psp users guide.PDF
[2009/07/22 19:48:16 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Roxio
[2009/07/22 19:41:14 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/07/22 19:41:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2009/07/22 19:39:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/07/22 19:38:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2009/07/22 19:38:42 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2009/07/22 19:38:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009/07/22 19:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/07/22 19:36:53 | 00,026,496 | ---- | C] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys
[2009/07/22 19:36:03 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2008/11/03 19:31:41 | 00,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/11/03 19:26:26 | 00,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008/11/03 19:26:11 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/11/03 16:56:20 | 00,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2008/11/03 16:56:19 | 01,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/11/03 16:56:19 | 00,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/11/03 16:56:19 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/12/18 02:28:41 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/12/18 02:07:12 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/12/18 02:06:31 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/12/18 01:59:44 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/12/18 01:59:39 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/12/17 23:11:14 | 00,000,128 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/12/17 23:10:59 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/17 23:10:59 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/17 23:10:59 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/12/17 23:10:59 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/17 23:08:02 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/25 17:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 17:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 17:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 17:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 17:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 17:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[2009/08/21 07:35:39 | 00,629,521 | ---- | M] () -- C:\Users\Acer\Desktop\Replying in Win32-Alureon - Geeks to Go!.mht
[2009/08/21 07:32:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/08/21 07:16:32 | 00,000,913 | ---- | M] () -- C:\Users\Acer\Desktop\Internet Explorer.lnk
[2009/08/21 07:15:03 | 00,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/21 07:14:00 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/21 07:14:00 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/21 07:07:31 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/21 07:07:31 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/21 07:07:31 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/21 03:14:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/21 03:13:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/21 03:13:00 | 21,353,59488 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/21 03:11:53 | 02,897,084 | -H-- | M] () -- C:\Users\Acer\AppData\Local\IconCache.db
[2009/08/20 22:17:15 | 00,228,864 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/20 20:54:52 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Acer\Desktop\Start-up Lite.exe
[2009/08/20 18:24:46 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/20 18:24:31 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/20 18:06:00 | 03,180,706 | R--- | M] () -- C:\Users\Acer\Desktop\Combo-Fix.exe
[2009/08/20 04:03:32 | 00,067,836 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/20 04:03:31 | 40,014,703 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/20 03:31:28 | 00,000,004 | ---- | M] () -- C:\Windows\System32\ESQULzxspectrum
[2009/08/20 02:34:06 | 00,123,392 | ---- | M] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 11:06:37 | 00,000,671 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\vso_ts_preview.xml
[2009/08/12 09:51:58 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/30 15:46:17 | 00,000,972 | ---- | M] () -- C:\net_save.dna
[2009/07/29 17:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/25 20:46:55 | 00,002,876 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\wklnhst.dat
[2009/07/24 18:20:18 | 02,680,440 | ---- | M] () -- C:\Users\Acer\Documents\psp users guide.PDF
[2009/07/22 19:44:46 | 00,141,360 | ---- | M] () -- C:\Users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/22 19:43:57 | 00,448,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== LOP Check ==========

[2009/08/21 07:15:05 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming
[2009/06/21 20:41:25 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\acccore
[2009/03/20 16:20:11 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer
[2009/06/13 14:56:02 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Canon
[2009/03/17 13:17:52 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\CyberLink
[2009/07/25 08:39:04 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\dvdcss
[2008/11/03 17:03:46 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Leadertech
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Media Center Programs
[2009/06/17 23:40:30 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Research In Motion
[2009/07/22 20:18:20 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Roxio
[2009/03/21 17:10:53 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Template
[2009/08/21 07:01:49 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\uTorrent
[2009/08/12 11:06:37 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Vso
[2009/08/14 17:27:29 | 00,000,000 | ---D | M] -- C:\Users\cody\AppData\Roaming
[2009/08/14 16:43:42 | 00,000,000 | ---D | M] -- C:\Users\cody\AppData\Roaming\Acer
[2009/08/14 16:43:40 | 00,000,000 | ---D | M] -- C:\Users\cody\AppData\Roaming\Leadertech
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\cody\AppData\Roaming\Media Center Programs
[2009/08/14 16:43:41 | 00,000,000 | ---D | M] -- C:\Users\cody\AppData\Roaming\Research In Motion
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2009/08/21 03:14:01 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/21 03:12:02 | 00,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Sony Voice Recorder.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\psp users guide.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\LDS_org - Liahona Article - The Healing Power of Forgiveness.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Ebay comcast account info.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Blackberry8100 SmartPhone Tips.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Blackberry Zen 8100.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Blackberry users guide 8100.pdf:Roxio EMC Stream
< End of report >



OTL Extras logfile created on: 8/21/2009 7:36:04 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Acer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.94% Memory free
4.00 Gb Paging File | 2.96 Gb Available in Paging File | 73.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 30.25 Gb Free Space | 27.09% Space Free | Partition Type: NTFS
Drive D: | 107.56 Gb Total Space | 68.14 Gb Free Space | 63.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKSON-PC
Current User Name: Acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C21862FD-E29F-4C7D-9310-DDDDF2CBC2DA}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{131574A5-A6C7-44C1-A2ED-C0D8958BB7C0}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{142F010B-0276-49DE-B862-7292E9E07146}" = protocol=58 | dir=out | [email protected],-203 |
"{25097BEF-B84D-4061-A3A3-C9C6DD28E107}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{2BB06534-DFA4-4051-AAAD-24FAA302F020}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2DB0C1E0-66C3-4BBA-A275-9A2539445EB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F8D22DB-DA2F-4E5A-8CC7-4A01E803017F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{421D4509-02D0-4B04-BE9D-E018745708DB}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{492E388F-3D62-4D02-B00F-1454BDEEB964}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{527D9E7A-752D-456A-B590-A1542109C5B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{61478FC6-77BE-458E-B5EA-95A58B725EC8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8114A153-A8CA-44CC-BE09-7723C35ECBC3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{891F3485-4A25-4D51-B5C0-B717D513619D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9196E7CA-D9C4-48C5-A046-89FAD4B168DC}" = protocol=58 | dir=in | app=system |
"{A5E7ADEB-655C-41BF-B532-DC4014EB853C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A885393C-5121-4920-B817-B2E0B0D85AEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA69A782-78C1-4865-B080-010526844939}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{AF665330-CB5E-44E9-966C-A956F77BE7F9}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{B00FEB21-9121-4DD2-B410-1B02F2CB8632}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{BEF5B974-3178-442C-89C2-7EE0B1F4CA9F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C3432620-CF0A-4C34-B94E-DCFBFE405D1C}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{CE13EDD0-7324-42C7-B06C-4711B8155714}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{EB435A7A-031E-47C9-AC08-26EBF795F484}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{ECEDE76D-60FD-4E2D-B0B7-9471610BD0FB}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FE027801-CF5A-4C4D-B73B-88DF917DFAE4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FECC3B2D-4253-4B4E-AFB8-42E0A68A2613}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{FF761DED-5389-41AD-A7C3-CFE64887C705}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{8D64ABA4-D6D1-409D-9C79-8A93D1F5ABB4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{77B1DB5E-3AD8-4311-A4D7-FBD377E547DF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2009 4:17:22 AM | Computer Name = JACKSON-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18248 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 113c Start Time: 01ca02c7e84cd953 Termination Time: 53

Error - 7/18/2009 6:10:13 PM | Computer Name = JACKSON-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18248 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 169c Start Time: 01ca07f44f35fe29 Termination Time: 15

Error - 7/18/2009 7:47:39 PM | Computer Name = JACKSON-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/22/2009 11:01:37 PM | Computer Name = JACKSON-PC | Source = Application Hang | ID = 1002
Description = The program RoxWatchTray9.exe version 9.4.4.1 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12a4 Start Time: 01ca0b4029dc6b03 Termination Time: 10

Error - 7/30/2009 3:05:15 AM | Computer Name = JACKSON-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18248 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7dc Start Time: 01ca10e2f8f73dc1 Termination Time: 0

Error - 7/30/2009 4:15:59 AM | Computer Name = JACKSON-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/30/2009 6:25:50 AM | Computer Name = JACKSON-PC | Source = Application Hang | ID = 1002
Description = The program DesktopMgr.exe version 4.7.0.32 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f60 Start Time: 01ca10fffa1dff0e Termination Time: 202

Error - 7/30/2009 6:53:08 PM | Computer Name = JACKSON-PC | Source = Application Hang | ID = 1002
Description = The program DesktopMgr.exe version 4.7.0.32 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ec0 Start Time: 01ca11685477593b Termination Time: 11

Error - 7/30/2009 7:49:25 PM | Computer Name = JACKSON-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18294, time stamp
0x4a6199f8, faulting module jscript.dll, version 5.7.0.18068, time stamp 0x482376a4,
exception code 0xc0000005, fault offset 0x00019b3a, process id 0xb94, application
start time 0x01ca1169028f400b.

Error - 7/30/2009 7:54:37 PM | Computer Name = JACKSON-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18294, time stamp
0x4a6199f8, faulting module jscript.dll, version 5.7.0.18068, time stamp 0x482376a4,
exception code 0xc0000005, fault offset 0x00019b3a, process id 0x10b0, application
start time 0x01ca11706397bfbb.

[ Media Center Events ]
Error - 7/9/2009 5:35:34 PM | Computer Name = JACKSON-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/18/2009 7:32:41 PM | Computer Name = JACKSON-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/20/2009 9:58:54 PM | Computer Name = JACKSON-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/20/2009 9:58:54 PM | Computer Name = JACKSON-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/20/2009 11:32:02 PM | Computer Name = JACKSON-PC | Source = HTTP | ID = 15016
Description =

Error - 8/20/2009 11:32:43 PM | Computer Name = JACKSON-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/20/2009 11:32:43 PM | Computer Name = JACKSON-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/20/2009 11:35:22 PM | Computer Name = JACKSON-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.109 for the Network Card with network
address 001DE0108C9B has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/20/2009 11:35:49 PM | Computer Name = JACKSON-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001DE0108C9B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/21/2009 6:14:01 AM | Computer Name = JACKSON-PC | Source = HTTP | ID = 15016
Description =

Error - 8/21/2009 6:14:42 AM | Computer Name = JACKSON-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/21/2009 6:14:42 AM | Computer Name = JACKSON-PC | Source = Service Control Manager | ID = 7009
Description =


< End of report >
  • 0

#10
Essexboy
Posted 21 August 2009 - 09:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does AVG have a log or state which file it is that it is alerting on ?

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

Advertisements

#11
nanabentley
Posted 21 August 2009 - 10:47 AM

nanabentley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
This is what AVG said this morning: "C:\Qoobox\Quarantine\C\Windows\System32\drivers\ESQULttrukrosnxxmbdvpwqndbqcefnwtjwfc.sys.vir";"Trojan horse Rootkit-Pakes.L";"Moved to Virus Vault"

Here are the logs. The first came up after reboot so I included that too. Hope I was supposed to. Thank you again.

All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Acer
->Temp folder emptied: 241596 bytes
->Temporary Internet Files folder emptied: 3443659 bytes

User: All Users

User: cody
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 50027231 bytes
RecycleBin emptied: 727313 bytes

Total Files Cleaned = 51.95 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08212009_092131

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Here is the one you requested.

OTL logfile created on: 8/21/2009 9:35:45 AM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Acer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.82% Memory free
4.00 Gb Paging File | 2.98 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 30.29 Gb Free Space | 27.12% Space Free | Partition Type: NTFS
Drive D: | 107.56 Gb Total Space | 68.14 Gb Free Space | 63.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKSON-PC
Current User Name: Acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Users\Acer\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (eDataSecurity Service [Auto | Running]) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (eLockService [Auto | Running]) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (eNet Service [Auto | Running]) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eRecoveryService [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService [Auto | Running]) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MobilityService [Auto | Running]) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RS_Service [Auto | Running]) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMIService [Auto | Running]) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (A310 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (b57nd60x [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BDASwCap [On_Demand | Stopped]) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (int15 [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PSDFilter [Boot | Running]) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (PSDNServ [Boot | Running]) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk [Boot | Running]) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RMCAST [Auto | Running]) -- C:\Windows\System32\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ()
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ()
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SNP2UVC [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\snp2uvc.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (SysProtDrv.sys [On_Demand | Stopped]) -- C:\Users\Acer\Desktop\SysProt\SysProtDrv.sys ()
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (winbondcir [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running]) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\S-1-5-21-1466171669-638389705-3811094347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 03:05:53 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( )
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [Acer Tour Reminder] File not found
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1466171669-638389705-3811094347-1000\..Trusted Domains: 22 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/21 09:21:31 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/21 07:32:13 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/08/21 07:16:32 | 00,000,913 | ---- | C] () -- C:\Users\Acer\Desktop\Internet Explorer.lnk
[2009/08/21 07:15:05 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2009/08/21 07:15:03 | 00,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/21 07:15:00 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/21 07:14:59 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/21 07:14:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/21 07:14:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/21 03:00:28 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/08/21 03:00:27 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/08/21 03:00:27 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/08/21 03:00:27 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/08/21 03:00:27 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/08/21 03:00:26 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/08/21 03:00:24 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/08/21 03:00:21 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/08/20 20:54:40 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Acer\Desktop\Start-up Lite.exe
[2009/08/20 18:28:25 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/08/20 18:28:25 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\temp
[2009/08/20 18:24:35 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/20 18:09:51 | 00,228,864 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/20 18:09:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/20 18:09:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/20 18:09:51 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/20 18:09:51 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/20 18:09:51 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/20 18:09:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/20 18:09:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/20 18:09:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/20 18:06:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/20 18:05:29 | 03,180,706 | R--- | C] () -- C:\Users\Acer\Desktop\Combo-Fix.exe
[2009/08/20 17:56:19 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/08/20 13:00:42 | 00,000,000 | ---D | C] -- C:\Users\Acer\Desktop\SysProt
[2009/08/20 09:28:42 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2009/08/20 07:24:53 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\TFC.exe
[2009/08/20 03:18:07 | 00,000,004 | ---- | C] () -- C:\Windows\System32\ESQULzxspectrum
[2009/08/20 01:52:34 | 00,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2009/08/16 23:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/16 23:11:57 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/16 14:28:56 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/16 14:28:56 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/16 14:28:56 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/16 14:28:56 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/16 14:28:56 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/16 14:28:55 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/16 14:28:55 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/16 14:28:55 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/15 18:08:31 | 00,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2009/08/15 18:08:30 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/08/13 05:23:18 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/13 05:23:16 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/13 05:23:14 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/13 05:23:12 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/13 05:23:08 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/13 05:23:07 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/13 05:23:06 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/13 05:23:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/13 05:23:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/13 05:22:56 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/13 05:22:55 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/13 05:22:55 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/12 12:11:40 | 00,000,000 | ---D | C] -- C:\ipod_video
[2009/08/12 12:06:07 | 00,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\Windows\System32\GplMpgDec.ax
[2009/08/12 12:06:07 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/08/12 12:06:07 | 00,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/08/12 12:06:06 | 00,000,000 | ---D | C] -- C:\Program Files\Ultra iPod Movie Converter
[2009/07/30 16:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2009/07/30 15:46:17 | 00,000,972 | ---- | C] () -- C:\net_save.dna
[2009/07/30 15:45:58 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\SupportSoft
[2009/07/30 15:45:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2009/07/29 05:46:34 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/29 05:46:33 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/29 05:46:32 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/29 05:46:31 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/29 05:46:30 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/29 05:46:28 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/29 05:46:26 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/29 05:46:26 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/29 05:46:24 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/29 05:46:23 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/29 05:46:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/29 05:46:22 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/29 05:46:21 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/29 05:46:20 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/29 05:46:20 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/24 18:20:07 | 02,680,440 | ---- | C] () -- C:\Users\Acer\Documents\psp users guide.PDF
[2009/07/22 19:48:16 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Roxio
[2009/07/22 19:41:14 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/07/22 19:41:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2009/07/22 19:39:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/07/22 19:38:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2009/07/22 19:38:42 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2009/07/22 19:38:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009/07/22 19:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/07/22 19:36:53 | 00,026,496 | ---- | C] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys
[2009/07/22 19:36:03 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2008/11/03 19:31:41 | 00,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/11/03 19:26:26 | 00,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008/11/03 19:26:11 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/11/03 16:56:20 | 00,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2008/11/03 16:56:19 | 01,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/11/03 16:56:19 | 00,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/11/03 16:56:19 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/12/18 02:28:41 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/12/18 02:07:12 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/12/18 02:06:31 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/12/18 01:59:44 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/12/18 01:59:39 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/12/17 23:11:14 | 00,000,128 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/12/17 23:10:59 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/17 23:10:59 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/17 23:10:59 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/12/17 23:10:59 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/17 23:08:02 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/25 17:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 17:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 17:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 17:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 17:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 17:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[2009/08/21 09:29:01 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/21 09:29:01 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/21 09:29:01 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/21 09:23:24 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/21 09:23:24 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/21 09:23:21 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/21 09:23:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/21 09:22:39 | 21,374,48448 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/21 07:32:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/08/21 07:16:32 | 00,000,913 | ---- | M] () -- C:\Users\Acer\Desktop\Internet Explorer.lnk
[2009/08/21 07:15:03 | 00,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/21 03:11:53 | 02,897,084 | -H-- | M] () -- C:\Users\Acer\AppData\Local\IconCache.db
[2009/08/20 22:17:15 | 00,228,864 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/20 20:54:52 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Acer\Desktop\Start-up Lite.exe
[2009/08/20 18:24:46 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/20 18:24:31 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/20 18:06:00 | 03,180,706 | R--- | M] () -- C:\Users\Acer\Desktop\Combo-Fix.exe
[2009/08/20 07:25:06 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\TFC.exe
[2009/08/20 04:03:32 | 00,067,836 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/20 04:03:31 | 40,014,703 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/20 03:31:28 | 00,000,004 | ---- | M] () -- C:\Windows\System32\ESQULzxspectrum
[2009/08/20 02:34:06 | 00,123,392 | ---- | M] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 11:06:37 | 00,000,671 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\vso_ts_preview.xml
[2009/08/12 09:51:58 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/30 15:46:17 | 00,000,972 | ---- | M] () -- C:\net_save.dna
[2009/07/29 17:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/25 20:46:55 | 00,002,876 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\wklnhst.dat
[2009/07/24 18:20:18 | 02,680,440 | ---- | M] () -- C:\Users\Acer\Documents\psp users guide.PDF
[2009/07/22 19:44:46 | 00,141,360 | ---- | M] () -- C:\Users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/22 19:43:57 | 00,448,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Sony Voice Recorder.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\psp users guide.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\LDS_org - Liahona Article - The Healing Power of Forgiveness.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Ebay comcast account info.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Blackberry8100 SmartPhone Tips.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Blackberry Zen 8100.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Acer\Documents\Blackberry users guide 8100.pdf:Roxio EMC Stream
< End of report >


ALSO these 3 notes or logs ended up on my computer after reboot: The first 2 are on my desktop and the third is in my documents. I dont know if they are important or if they should be there, but I thought you might want a look. Thank you I know this is a big headache and I am thankful for your help.


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799


.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Internet Explorer.lnk=@%windir%\System32\ie4uinit.exe,-731

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21770
IconResource=%SystemRoot%\system32\imageres.dll,-112
IconFile=%SystemRoot%\system32\shell32.dll
IconIndex=-235
  • 0

#12
Essexboy
Posted 21 August 2009 - 11:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

C:\Qoobox\Quarantine\C\Windows\System32\drivers\ESQULttrukrosnxxmbdvpwqndbqcefnwtjwfc.sys.vir";"Trojan horse Rootkit-Pakes.L";"Moved to Virus Vault"

Oh well better late than never :) These are files we quarantined earlier and are harmless. The desktop files are normally hidden I will reset them at the end

Hmm OTS did not work first time lets try again

I will tidy up and give a spring clean on completion

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2009/08/20 03:31:28 | 00,000,004 | ---- | M] () -- C:\Windows\System32\ESQULzxspectrum
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

If you could post the result log and let me know how it is going
  • 0

#13
nanabentley
Posted 21 August 2009 - 01:27 PM

nanabentley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
That was wierd............ I ran it again with the new code and it ran for about 1 second so I thought I did something wrong. I redid it and it did the same thing. Here is the log

Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <[2009/08/20 03:31:28 | 00,000,004 | ---- | M] () -- C:\Windows\System32\ESQULzxspectrum> in the current context!

OTL by OldTimer - Version 3.0.10.7 log created on 08212009_122432
  • 0

#14
Essexboy
Posted 21 August 2009 - 04:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah me just had a thought did you use OTL or OTS ?

My fault as I appear to have confused you (me)

Could you run the code in OTL :)
  • 0

#15
nanabentley
Posted 21 August 2009 - 05:10 PM

nanabentley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
okay here you go. Thanks CB

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\System32\ESQULzxspectrum moved successfully.

OTL by OldTimer - Version 3.0.10.7 log created on 08212009_160911
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP