Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirects


  • This topic is locked This topic is locked

#1
chrysalis

chrysalis

    Member

  • Member
  • PipPip
  • 22 posts
Hello, I have recently been experiencing some Google redirects ever since I clicked Yes to Adobe_Flash_Player.exe with an Unknown publisher pop-up showed up to install something. I haven't been noticing any other symptoms other than the google redirects. I have tried the "How to fix Google Redirects" guide, but the TDSSKiller came up with nothing. I've tried Malwarebytes, but it's not doing much. I've also tried ComboFix but once the prompt opens, scans, it closes and nothing else shows up. How else am I supposed to resolve this issue? It's quite annoying and angers me easily..





OTL logfile created on: 7/8/2011 10:46:38 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 50.22% Memory free
7.35 Gb Paging File | 5.12 Gb Available in Paging File | 69.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 228.32 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANDYSCOMPUTER | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 22:46:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
PRC - [2011/02/14 18:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/11 13:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 13:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 11:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/11/20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/12 20:29:08 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/11/11 11:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/11/01 16:40:52 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/10/29 04:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/10/01 08:45:56 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2009/10/01 08:45:55 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 16:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/24 16:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/10 22:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/04 14:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 16:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/06/20 14:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 22:46:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 21:45:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2010/04/14 21:45:32 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2010/01/25 10:03:04 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/11/11 12:08:00 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/07/02 19:52:56 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/21 12:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/11 13:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/11/11 11:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/24 16:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/10 22:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/29 07:47:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeacoms.exe -- (lxea_device)
SRV - [2009/07/10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/11 12:14:38 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/11/11 12:14:38 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/11/11 12:14:38 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/11 12:08:06 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/30 07:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/21 12:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/13 12:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/08/06 05:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/22 15:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 19:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/09 15:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...18z145t4961c635
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...18z145t4961c635
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...18z145t4961c635
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...18z145t4961c635

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...18z145t4961c635
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Andy\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Andy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/25 16:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/25 16:09:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/26 20:51:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Andy\AppData\Roaming\Move Networks [2010/07/08 21:20:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/08 22:20:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 19:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 15:22:16 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{ab1d500e-edfc-11de-9167-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ab1d500e-edfc-11de-9167-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 19:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{e3cde046-257d-11df-9113-00262d706dcb}\Shell - "" = AutoRun
O33 - MountPoints2\{e3cde046-257d-11df-9113-00262d706dcb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 22:46:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2011/07/08 22:38:10 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andy\Desktop\TDSSKiller.exe
[2011/07/08 22:38:02 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\GooredFix Backups
[2011/07/08 22:37:40 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Andy\Desktop\GooredFix.exe
[2011/07/08 22:19:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/07 22:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/07/04 15:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/07/04 14:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/07/03 01:23:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/02 19:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011/07/02 19:09:15 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Immunet
[2011/07/02 19:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/07/02 19:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet Protect
[2011/07/02 19:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/07/02 18:52:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/02 18:51:16 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/02 15:35:19 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2011/07/02 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/02 15:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/17 11:15:02 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/06/16 18:35:31 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Gogii
[2011/06/16 03:54:38 | 000,000,000 | ---D | C] -- C:\acccore
[2011/06/14 21:47:35 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011/06/14 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Deployment
[2011/06/14 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Apps
[2011/06/13 21:02:49 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Stand O'Food 3
[2011/06/13 16:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/06/13 10:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/06/13 10:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011/06/13 10:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/06/13 10:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/05/17 18:50:44 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2010/05/17 18:50:43 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2010/05/17 18:50:43 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2010/05/17 18:50:42 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2010/05/17 18:50:42 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2010/05/17 18:50:42 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2010/05/17 18:50:41 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2010/05/17 18:50:41 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2010/05/17 18:50:41 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2010/05/17 18:50:41 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2010/05/17 18:50:41 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2010/05/17 18:50:40 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 22:46:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2011/07/08 22:38:10 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andy\Desktop\TDSSKiller.exe
[2011/07/08 22:37:52 | 001,327,397 | ---- | M] () -- C:\Users\Andy\Desktop\tdsskiller.zip
[2011/07/08 22:37:41 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Andy\Desktop\GooredFix.exe
[2011/07/08 22:35:12 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 22:35:12 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 22:29:23 | 000,017,125 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/07/08 22:27:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 22:26:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 22:26:44 | 2960,506,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 22:20:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/08 22:17:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 22:16:46 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/06 13:48:44 | 000,005,634 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\F062.815
[2011/07/03 11:26:49 | 000,731,186 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/03 11:26:49 | 000,627,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/03 11:26:49 | 000,107,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/03 11:12:53 | 000,001,445 | ---- | M] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/03 02:10:51 | 000,920,384 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/07/02 20:20:45 | 003,398,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/02 02:46:10 | 000,000,232 | ---- | M] () -- C:\ProgramData\~37412600
[2011/07/02 02:46:10 | 000,000,168 | ---- | M] () -- C:\ProgramData\~37412600r
[2011/07/02 02:46:05 | 000,000,336 | ---- | M] () -- C:\ProgramData\37412600
[2011/07/01 15:22:02 | 026,228,094 | ---- | M] () -- C:\Users\Andy\Desktop\Calypso- SYTYCD8 Eric Luna & Georgia Ambarian‏.mp4
[2011/06/18 22:27:32 | 000,028,721 | ---- | M] () -- C:\Users\Andy\Desktop\tumblr_llnnuuc7PE1qzcv7no1_1280.png
[2011/06/16 03:55:00 | 000,000,632 | RHS- | M] () -- C:\Users\Andy\ntuser.pol
[2011/06/15 19:59:36 | 000,744,400 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/14 21:47:49 | 000,000,000 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/06/14 21:47:35 | 000,000,312 | ---- | M] () -- C:\Users\Andy\Desktop\Curse Client.appref-ms
[2011/06/13 10:29:07 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/08 22:37:45 | 001,327,397 | ---- | C] () -- C:\Users\Andy\Desktop\tdsskiller.zip
[2011/07/04 15:03:25 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/03 20:35:03 | 000,005,634 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\F062.815
[2011/07/03 00:48:15 | 000,920,384 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/07/02 02:46:10 | 000,000,232 | ---- | C] () -- C:\ProgramData\~37412600
[2011/07/02 02:46:10 | 000,000,168 | ---- | C] () -- C:\ProgramData\~37412600r
[2011/07/02 02:46:05 | 000,000,336 | ---- | C] () -- C:\ProgramData\37412600
[2011/07/01 15:21:16 | 026,228,094 | ---- | C] () -- C:\Users\Andy\Desktop\Calypso- SYTYCD8 Eric Luna & Georgia Ambarian‏.mp4
[2011/06/18 22:27:38 | 000,028,721 | ---- | C] () -- C:\Users\Andy\Desktop\tumblr_llnnuuc7PE1qzcv7no1_1280.png
[2011/06/14 21:47:49 | 000,000,000 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/06/14 21:47:35 | 000,000,312 | ---- | C] () -- C:\Users\Andy\Desktop\Curse Client.appref-ms
[2011/06/13 10:27:57 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/11 14:34:08 | 000,131,355 | ---- | C] () -- C:\Users\Andy\Documents\table lamp enzo.sims3pack
[2011/04/19 20:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/25 20:26:31 | 000,001,362 | -HS- | C] () -- C:\Users\Andy\AppData\Local\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/25 20:26:31 | 000,001,362 | -HS- | C] () -- C:\ProgramData\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/18 20:32:52 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/12/28 19:34:51 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/28 19:34:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/19 16:39:07 | 000,374,060 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/20 17:25:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/30 19:58:41 | 000,744,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 20:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/06/13 00:08:34 | 000,000,017 | ---- | C] () -- C:\Users\Andy\AppData\Local\resmon.resmoncfg
[2010/05/21 15:46:33 | 000,024,497 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\UserTile.png
[2010/05/17 18:50:44 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2010/05/17 18:50:44 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2010/05/17 18:50:43 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2010/05/17 18:50:43 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2010/05/17 18:50:43 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2010/05/17 18:50:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2010/05/17 18:50:43 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2010/05/17 18:50:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2010/05/17 18:50:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2010/05/17 18:49:48 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2010/05/17 18:49:47 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2010/03/02 15:18:08 | 000,000,106 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\wklnhst.dat
[2010/03/01 15:21:53 | 000,005,120 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 00:08:26 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/12/20 23:52:24 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/20 23:52:24 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/12/20 23:52:24 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/12/20 23:52:24 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/12/20 23:41:52 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/20 23:41:52 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/20 23:41:29 | 000,001,542 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/11/04 17:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/11/04 17:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/11/04 17:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/03/21 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\acccore
[2010/02/28 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Acer
[2010/07/13 15:01:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\AnvSoft
[2011/02/21 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Audacity
[2010/05/08 20:51:57 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Big Fish Games
[2010/09/29 05:15:19 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoft
[2011/03/24 19:30:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/19 19:15:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GamesCafe
[2010/08/03 23:43:07 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetRightToGo
[2011/06/16 18:35:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Gogii
[2010/06/19 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Hotdog Hotshot
[2010/02/28 18:17:49 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010/06/03 10:58:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\LolClient
[2010/07/08 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\My Games
[2010/05/08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MysteryStudio
[2010/03/13 21:31:46 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\NeopleLauncherDFO
[2010/06/07 22:43:12 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Nexon
[2010/06/28 12:34:22 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PlayFirst
[2010/06/20 13:07:48 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PowerCinema
[2010/03/13 16:39:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Publish Providers
[2010/06/20 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SoftDMA
[2011/07/08 22:20:02 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SoftGrid Client
[2010/12/28 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sony
[2010/04/19 15:28:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sony Creative Software
[2011/06/13 21:02:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Stand O'Food 3
[2010/06/18 22:49:53 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SulusGames
[2010/04/03 22:46:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SYSTEMAX Software Development
[2010/06/01 12:12:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Template
[2011/04/02 08:44:24 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TP
[2011/05/15 01:36:30 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/06/16 03:52:46 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:701FCC18
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A59DD4AD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9D6EAEC3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:163B8B93
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:10CFA7D4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:04BB186B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:96AFAB10
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:68B61847
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D576A536
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:0406003C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:D9987109
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:E1D818F7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:00811B66

< End of report >

Edited by chrysalis, 09 July 2011 - 05:26 PM.

  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

do NOT run any tool i have not instructed you to do so.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O33 - MountPoints2\{ab1d500e-edfc-11de-9167-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{ab1d500e-edfc-11de-9167-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 19:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
    O33 - MountPoints2\{e3cde046-257d-11df-9113-00262d706dcb}\Shell - "" = AutoRun
    O33 - MountPoints2\{e3cde046-257d-11df-9113-00262d706dcb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    [2011/07/02 02:46:10 | 000,000,232 | ---- | C] () -- C:\ProgramData\~37412600
    [2011/07/02 02:46:10 | 000,000,168 | ---- | C] () -- C:\ProgramData\~37412600r
    [2011/07/02 02:46:05 | 000,000,336 | ---- | C] () -- C:\ProgramData\37412600
    [2011/03/25 20:26:31 | 000,001,362 | -HS- | C] () -- C:\Users\Andy\AppData\Local\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
    [2011/03/25 20:26:31 | 000,001,362 | -HS- | C] () -- C:\ProgramData\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces


Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello. Thanks for helping me. (:




OTL logfile created on: 7/10/2011 8:04:49 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 59.24% Memory free
7.35 Gb Paging File | 5.74 Gb Available in Paging File | 78.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 225.72 Gb Free Space | 49.72% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANDYSCOMPUTER | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 19:57:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
PRC - [2011/02/14 18:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/11 13:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 13:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 11:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/11/20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/12 20:29:08 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/11/11 11:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/11/01 16:40:52 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/10/29 04:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/10/01 08:45:56 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2009/10/01 08:45:55 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 16:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/24 16:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/10 22:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/04 14:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 16:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/06/20 14:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2011/07/10 19:57:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 21:45:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2010/04/14 21:45:32 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2010/01/25 10:03:04 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/11/11 12:08:00 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/07/02 19:52:56 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/21 12:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/11 13:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/11/11 11:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/24 16:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/10 22:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/29 07:47:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeacoms.exe -- (lxea_device)
SRV - [2009/07/10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/11 12:14:38 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/11/11 12:14:38 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/11/11 12:14:38 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/11 12:08:06 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/30 07:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/21 12:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/13 12:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/08/06 05:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/22 15:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 19:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/09 15:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...18z145t4961c635
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...18z145t4961c635
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...18z145t4961c635
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...18z145t4961c635

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...18z145t4961c635
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Andy\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Andy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/25 16:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/25 16:09:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/26 20:51:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Andy\AppData\Roaming\Move Networks [2010/07/08 21:20:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 19:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 15:22:16 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 19:58:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/10 19:57:32 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2011/07/09 15:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/07/08 22:19:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/07 22:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/07/04 15:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/07/04 14:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/07/03 01:23:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/02 23:58:00 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/02 19:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011/07/02 19:09:15 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Immunet
[2011/07/02 19:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/07/02 19:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet Protect
[2011/07/02 19:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/07/02 18:52:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/02 18:51:16 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/02 15:35:19 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2011/07/02 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/02 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/02 15:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/17 11:15:02 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/06/16 18:35:31 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Gogii
[2011/06/16 03:54:38 | 000,000,000 | ---D | C] -- C:\acccore
[2011/06/14 21:47:35 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011/06/14 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Deployment
[2011/06/14 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Apps
[2011/06/13 21:02:49 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Stand O'Food 3
[2011/06/13 16:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/06/13 10:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/06/13 10:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011/06/13 10:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/06/13 10:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/05/17 18:50:44 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2010/05/17 18:50:43 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2010/05/17 18:50:43 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2010/05/17 18:50:42 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2010/05/17 18:50:42 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2010/05/17 18:50:42 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2010/05/17 18:50:41 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2010/05/17 18:50:41 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2010/05/17 18:50:41 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2010/05/17 18:50:41 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2010/05/17 18:50:41 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2010/05/17 18:50:40 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/10 20:09:24 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 20:09:24 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 20:02:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/10 20:02:20 | 000,016,791 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/07/10 20:01:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/10 20:01:26 | 2960,506,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/10 19:57:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2011/07/10 19:17:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 22:16:46 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/06 13:48:44 | 000,005,634 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\F062.815
[2011/07/06 13:32:52 | 000,178,688 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\dwm.exe
[2011/07/03 11:26:49 | 000,731,186 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/03 11:26:49 | 000,627,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/03 11:26:49 | 000,107,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/03 11:12:53 | 000,001,445 | ---- | M] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/03 02:10:51 | 000,920,384 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/07/02 23:58:01 | 000,001,141 | ---- | M] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/02 23:58:01 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/02 20:20:45 | 003,398,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/01 15:22:02 | 026,228,094 | ---- | M] () -- C:\Users\Andy\Desktop\Calypso- SYTYCD8 Eric Luna & Georgia Ambarian&rlm;.mp4
[2011/06/18 22:27:32 | 000,028,721 | ---- | M] () -- C:\Users\Andy\Desktop\tumblr_llnnuuc7PE1qzcv7no1_1280.png
[2011/06/16 03:55:00 | 000,000,632 | RHS- | M] () -- C:\Users\Andy\ntuser.pol
[2011/06/15 19:59:36 | 000,744,400 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/14 21:47:49 | 000,000,000 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/06/14 21:47:35 | 000,000,312 | ---- | M] () -- C:\Users\Andy\Desktop\Curse Client.appref-ms
[2011/06/13 10:29:07 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/04 15:03:25 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/03 20:56:36 | 000,178,688 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\dwm.exe
[2011/07/03 20:35:03 | 000,005,634 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\F062.815
[2011/07/03 00:48:15 | 000,920,384 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/07/02 23:58:01 | 000,001,141 | ---- | C] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/02 23:58:01 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 15:21:16 | 026,228,094 | ---- | C] () -- C:\Users\Andy\Desktop\Calypso- SYTYCD8 Eric Luna & Georgia Ambarian&rlm;.mp4
[2011/06/18 22:27:38 | 000,028,721 | ---- | C] () -- C:\Users\Andy\Desktop\tumblr_llnnuuc7PE1qzcv7no1_1280.png
[2011/06/14 21:47:49 | 000,000,000 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/06/14 21:47:35 | 000,000,312 | ---- | C] () -- C:\Users\Andy\Desktop\Curse Client.appref-ms
[2011/06/13 10:27:57 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/11 14:34:08 | 000,131,355 | ---- | C] () -- C:\Users\Andy\Documents\table lamp enzo.sims3pack
[2011/04/19 20:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/18 20:32:52 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/12/28 19:34:51 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/28 19:34:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/19 16:39:07 | 000,374,060 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/20 17:25:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/30 19:58:41 | 000,744,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 20:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/06/13 00:08:34 | 000,000,017 | ---- | C] () -- C:\Users\Andy\AppData\Local\resmon.resmoncfg
[2010/05/21 15:46:33 | 000,024,497 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\UserTile.png
[2010/05/17 18:50:44 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2010/05/17 18:50:44 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2010/05/17 18:50:43 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2010/05/17 18:50:43 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2010/05/17 18:50:43 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2010/05/17 18:50:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2010/05/17 18:50:43 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2010/05/17 18:50:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2010/05/17 18:50:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2010/05/17 18:49:48 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2010/05/17 18:49:47 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2010/03/02 15:18:08 | 000,000,106 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\wklnhst.dat
[2010/03/01 15:21:53 | 000,005,120 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 00:08:26 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/12/20 23:52:24 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/20 23:52:24 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/12/20 23:52:24 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/12/20 23:52:24 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/12/20 23:41:52 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/20 23:41:52 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/20 23:41:29 | 000,001,542 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/11/04 17:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/11/04 17:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/11/04 17:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/03/21 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\acccore
[2010/02/28 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Acer
[2010/07/13 15:01:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\AnvSoft
[2011/02/21 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Audacity
[2010/05/08 20:51:57 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Big Fish Games
[2010/09/29 05:15:19 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoft
[2011/03/24 19:30:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/19 19:15:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GamesCafe
[2010/08/03 23:43:07 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetRightToGo
[2011/06/16 18:35:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Gogii
[2010/06/19 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Hotdog Hotshot
[2010/02/28 18:17:49 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010/06/03 10:58:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\LolClient
[2010/07/08 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\My Games
[2010/05/08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MysteryStudio
[2010/03/13 21:31:46 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\NeopleLauncherDFO
[2010/06/07 22:43:12 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Nexon
[2010/06/28 12:34:22 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PlayFirst
[2010/06/20 13:07:48 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PowerCinema
[2010/03/13 16:39:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Publish Providers
[2010/06/20 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SoftDMA
[2011/07/10 03:32:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SoftGrid Client
[2010/12/28 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sony
[2010/04/19 15:28:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sony Creative Software
[2011/06/13 21:02:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Stand O'Food 3
[2010/06/18 22:49:53 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SulusGames
[2010/04/03 22:46:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SYSTEMAX Software Development
[2010/06/01 12:12:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Template
[2011/04/02 08:44:24 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TP
[2011/05/15 01:36:30 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/06/16 03:52:46 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:701FCC18
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A59DD4AD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9D6EAEC3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:163B8B93
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:10CFA7D4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:04BB186B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:96AFAB10
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:68B61847
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D576A536
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:0406003C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:D9987109
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:E1D818F7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:00811B66

< End of report >
















OTL Extras logfile created on: 7/10/2011 8:04:49 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 59.24% Memory free
7.35 Gb Paging File | 5.74 Gb Available in Paging File | 78.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 225.72 Gb Free Space | 49.72% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANDYSCOMPUTER | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053B3DA8-91B5-4682-A130-715412A1A253}" = Paint.NET v3.5.4
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CC084EC0-5F74-4A17-8635-3ED61D501643}_is1" = Flyff
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F94CFF0E-600E-4E1C-A0A5-5053C1816A9F}" = League of Legends
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BFG-Diner Dash 5 - Boom" = Diner Dash 5: Boom
"CamStudio" = CamStudio
"Canon MX340 series User Registration" = Canon MX340 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Setup.divx.com" = DivX Setup
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"EADM" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSC" = McAfee SecurityCenter
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RocketDock_is1" = RocketDock 1.3.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speed Dial Utility" = Canon Speed Dial Utility
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"xvid" = Xvid MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Loverland" = Loverland
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



















Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7068

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/10/2011 8:18:46 PM
mbam-log-2011-07-10 (20-18-41).txt

Scan type: Quick scan
Objects scanned: 190435
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Andy\AppData\Roaming\dwm.exe (Backdoor.Bot) -> No action taken.
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Next

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7075

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/11/2011 12:49:48 PM
mbam-log-2011-07-11 (12-49-44).txt

Scan type: Quick scan
Objects scanned: 191330
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Andy\AppData\Roaming\dwm.exe (Backdoor.Bot) -> No action taken.















aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 12:51:44
-----------------------------
12:51:44.075 OS Version: Windows x64 6.1.7600
12:51:44.075 Number of processors: 4 586 0x2502
12:51:44.075 ComputerName: ANDYSCOMPUTER UserName: Andy
12:51:47.086 Initialize success
12:51:58.356 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:51:58.356 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
12:51:58.372 Disk 0 MBR read successfully
12:51:58.387 Disk 0 MBR scan
12:51:58.387 Disk 0 unknown MBR code
12:51:58.387 Disk 0 MBR hidden
12:51:58.387 Service scanning
12:51:59.417 Disk 0 trace - called modules:
12:51:59.464 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004a6c254]<<
12:51:59.479 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a50060]
12:51:59.479 3 CLASSPNP.SYS[fffff880015ab43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004930050]
12:51:59.479 \Driver\iaStor[0xfffffa800490be70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a6c254
12:51:59.495 Scan finished successfully
12:52:59.633 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
12:52:59.649 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"
  • 0

#6
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts

Files Infected:
c:\Users\Andy\AppData\Roaming\dwm.exe (Backdoor.Bot) -> No action taken.


Why are you not removing the infection ? when the scan is done click on "Show Results" then click on "Remove selected"

Post the new log of Malwarebytes.

Step 1

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:
  • Malwarebytes log
  • TDSSKiller log
  • Combofix log

  • 0

#7
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7075

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/11/2011 3:33:03 PM
mbam-log-2011-07-11 (15-33-03).txt

Scan type: Quick scan
Objects scanned: 192302
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Andy\AppData\Roaming\dwm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.















2011/07/11 15:38:12.0719 6580 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/11 15:38:13.0437 6580 ================================================================================
2011/07/11 15:38:13.0437 6580 SystemInfo:
2011/07/11 15:38:13.0437 6580
2011/07/11 15:38:13.0437 6580 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/11 15:38:13.0437 6580 Product type: Workstation
2011/07/11 15:38:13.0437 6580 ComputerName: ANDYSCOMPUTER
2011/07/11 15:38:13.0437 6580 UserName: Andy
2011/07/11 15:38:13.0437 6580 Windows directory: C:\Windows
2011/07/11 15:38:13.0437 6580 System windows directory: C:\Windows
2011/07/11 15:38:13.0437 6580 Running under WOW64
2011/07/11 15:38:13.0437 6580 Processor architecture: Intel x64
2011/07/11 15:38:13.0437 6580 Number of processors: 4
2011/07/11 15:38:13.0437 6580 Page size: 0x1000
2011/07/11 15:38:13.0437 6580 Boot type: Normal boot
2011/07/11 15:38:13.0437 6580 ================================================================================
2011/07/11 15:38:15.0169 6580 Initialize success
2011/07/11 15:38:21.0549 5472 ================================================================================
2011/07/11 15:38:21.0549 5472 Scan started
2011/07/11 15:38:21.0549 5472 Mode: Manual;
2011/07/11 15:38:21.0549 5472 ================================================================================
2011/07/11 15:38:25.0246 5472 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/11 15:38:25.0387 5472 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/11 15:38:25.0590 5472 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/11 15:38:25.0777 5472 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/07/11 15:38:25.0964 5472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/11 15:38:26.0104 5472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/11 15:38:26.0245 5472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/11 15:38:26.0448 5472 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/11 15:38:26.0760 5472 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/07/11 15:38:27.0009 5472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/11 15:38:27.0181 5472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/11 15:38:27.0321 5472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/11 15:38:27.0493 5472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/11 15:38:27.0805 5472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/11 15:38:27.0945 5472 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/11 15:38:28.0195 5472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/11 15:38:28.0444 5472 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/11 15:38:28.0632 5472 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
2011/07/11 15:38:28.0850 5472 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/11 15:38:29.0068 5472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/11 15:38:29.0224 5472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/11 15:38:29.0380 5472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/11 15:38:29.0521 5472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/11 15:38:29.0817 5472 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/11 15:38:30.0020 5472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/11 15:38:30.0207 5472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/11 15:38:30.0472 5472 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/11 15:38:30.0644 5472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/11 15:38:30.0816 5472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/11 15:38:31.0034 5472 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/11 15:38:31.0252 5472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/11 15:38:31.0362 5472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/11 15:38:31.0502 5472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/11 15:38:31.0642 5472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/11 15:38:31.0783 5472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/11 15:38:31.0923 5472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/11 15:38:32.0064 5472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/11 15:38:32.0235 5472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/11 15:38:32.0407 5472 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/11 15:38:32.0625 5472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/11 15:38:32.0734 5472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/11 15:38:32.0906 5472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/11 15:38:33.0015 5472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/11 15:38:33.0156 5472 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/11 15:38:33.0327 5472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/11 15:38:33.0468 5472 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/11 15:38:33.0608 5472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/11 15:38:34.0045 5472 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/11 15:38:34.0279 5472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/11 15:38:34.0482 5472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/11 15:38:34.0684 5472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/11 15:38:35.0090 5472 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/11 15:38:35.0714 5472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/11 15:38:36.0073 5472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/11 15:38:36.0291 5472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/11 15:38:36.0447 5472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/11 15:38:36.0572 5472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/11 15:38:36.0681 5472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/11 15:38:36.0915 5472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/11 15:38:37.0056 5472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/11 15:38:37.0274 5472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/11 15:38:37.0492 5472 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/11 15:38:37.0695 5472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/11 15:38:37.0882 5472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/11 15:38:38.0054 5472 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/11 15:38:38.0226 5472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/11 15:38:38.0382 5472 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/11 15:38:38.0584 5472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/11 15:38:38.0694 5472 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/11 15:38:38.0834 5472 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/11 15:38:38.0974 5472 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/07/11 15:38:39.0177 5472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/11 15:38:39.0286 5472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/11 15:38:39.0442 5472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/11 15:38:39.0598 5472 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/11 15:38:39.0676 5472 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/11 15:38:39.0910 5472 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/11 15:38:40.0020 5472 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/11 15:38:40.0191 5472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/11 15:38:40.0472 5472 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/11 15:38:40.0753 5472 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/11 15:38:41.0689 5472 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/11 15:38:42.0126 5472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/11 15:38:42.0282 5472 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2011/07/11 15:38:42.0609 5472 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/11 15:38:42.0765 5472 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/07/11 15:38:42.0952 5472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/11 15:38:43.0093 5472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/11 15:38:43.0124 5472 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/11 15:38:43.0233 5472 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/11 15:38:43.0374 5472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/11 15:38:43.0608 5472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/11 15:38:43.0732 5472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/11 15:38:43.0873 5472 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/11 15:38:43.0998 5472 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/07/11 15:38:44.0138 5472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/11 15:38:44.0278 5472 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/11 15:38:44.0434 5472 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/11 15:38:44.0528 5472 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/11 15:38:44.0700 5472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/11 15:38:44.0856 5472 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/07/11 15:38:45.0027 5472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/11 15:38:45.0214 5472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/11 15:38:45.0339 5472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/11 15:38:45.0370 5472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/11 15:38:45.0542 5472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/11 15:38:45.0620 5472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/11 15:38:46.0197 5472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/11 15:38:46.0400 5472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/11 15:38:46.0665 5472 mfeavfk (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/11 15:38:47.0211 5472 mfehidk (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys
2011/07/11 15:38:47.0430 5472 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/07/11 15:38:47.0679 5472 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/07/11 15:38:47.0929 5472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/11 15:38:48.0163 5472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/11 15:38:48.0334 5472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/11 15:38:48.0584 5472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/11 15:38:48.0834 5472 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/11 15:38:48.0974 5472 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
2011/07/11 15:38:49.0224 5472 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/11 15:38:49.0380 5472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/11 15:38:49.0598 5472 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/11 15:38:49.0785 5472 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/11 15:38:50.0004 5472 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/11 15:38:50.0300 5472 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/11 15:38:50.0565 5472 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/11 15:38:50.0799 5472 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/11 15:38:51.0127 5472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/11 15:38:51.0345 5472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/11 15:38:51.0517 5472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/11 15:38:52.0219 5472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/11 15:38:52.0453 5472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/11 15:38:52.0656 5472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/11 15:38:52.0858 5472 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/11 15:38:53.0030 5472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/11 15:38:53.0233 5472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/11 15:38:53.0451 5472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/11 15:38:53.0654 5472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/11 15:38:53.0826 5472 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/07/11 15:38:54.0044 5472 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/07/11 15:38:54.0325 5472 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/07/11 15:38:54.0590 5472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/11 15:38:54.0840 5472 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/11 15:38:55.0011 5472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/11 15:38:55.0198 5472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/11 15:38:55.0479 5472 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/11 15:38:55.0776 5472 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/11 15:38:55.0994 5472 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/11 15:38:56.0244 5472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/11 15:38:56.0431 5472 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/11 15:38:56.0665 5472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/11 15:38:56.0852 5472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/11 15:38:57.0148 5472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/11 15:38:57.0414 5472 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/11 15:38:58.0365 5472 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/07/11 15:38:58.0646 5472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/11 15:38:58.0849 5472 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/11 15:38:59.0098 5472 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/11 15:38:59.0348 5472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/11 15:38:59.0535 5472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/11 15:38:59.0863 5472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/11 15:39:00.0066 5472 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/11 15:39:00.0315 5472 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/11 15:39:00.0799 5472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/11 15:39:01.0329 5472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/11 15:39:01.0704 5472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/11 15:39:01.0922 5472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/11 15:39:02.0234 5472 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/11 15:39:02.0452 5472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/11 15:39:02.0686 5472 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/11 15:39:03.0014 5472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/11 15:39:03.0264 5472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/11 15:39:03.0310 5472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/11 15:39:03.0529 5472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/11 15:39:03.0997 5472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/11 15:39:04.0278 5472 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/11 15:39:04.0512 5472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/11 15:39:04.0808 5472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/11 15:39:05.0073 5472 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/11 15:39:05.0292 5472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/11 15:39:05.0463 5472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/11 15:39:05.0806 5472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/11 15:39:06.0009 5472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/11 15:39:06.0150 5472 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/11 15:39:06.0274 5472 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/11 15:39:06.0462 5472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/11 15:39:06.0914 5472 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/11 15:39:07.0054 5472 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/11 15:39:07.0444 5472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/11 15:39:07.0756 5472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/11 15:39:07.0897 5472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/11 15:39:08.0724 5472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/11 15:39:08.0817 5472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/11 15:39:09.0270 5472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/11 15:39:09.0472 5472 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/11 15:39:09.0597 5472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/11 15:39:09.0831 5472 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/07/11 15:39:10.0081 5472 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/07/11 15:39:10.0284 5472 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/07/11 15:39:10.0471 5472 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/07/11 15:39:10.0705 5472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/11 15:39:10.0798 5472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/11 15:39:11.0173 5472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/11 15:39:11.0360 5472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/11 15:39:11.0516 5472 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/11 15:39:11.0703 5472 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/11 15:39:11.0937 5472 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/11 15:39:12.0124 5472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/11 15:39:12.0280 5472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/11 15:39:12.0452 5472 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/11 15:39:12.0780 5472 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/11 15:39:13.0232 5472 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/11 15:39:13.0404 5472 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/11 15:39:13.0606 5472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/11 15:39:13.0762 5472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/11 15:39:13.0887 5472 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/11 15:39:14.0028 5472 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/11 15:39:14.0215 5472 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/11 15:39:14.0402 5472 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/11 15:39:14.0558 5472 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
2011/07/11 15:39:14.0776 5472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/11 15:39:15.0010 5472 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/07/11 15:39:15.0213 5472 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/11 15:39:15.0369 5472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/11 15:39:15.0494 5472 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/11 15:39:15.0634 5472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/11 15:39:15.0790 5472 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/11 15:39:16.0056 5472 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/11 15:39:16.0336 5472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/11 15:39:16.0477 5472 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
2011/07/11 15:39:16.0648 5472 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/11 15:39:16.0867 5472 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/11 15:39:17.0007 5472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/11 15:39:17.0132 5472 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/11 15:39:17.0257 5472 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/11 15:39:17.0428 5472 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/07/11 15:39:17.0600 5472 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/11 15:39:17.0787 5472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/11 15:39:17.0928 5472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/11 15:39:18.0084 5472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/11 15:39:18.0130 5472 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/11 15:39:18.0240 5472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/11 15:39:18.0364 5472 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/11 15:39:18.0536 5472 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/11 15:39:18.0661 5472 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/11 15:39:19.0004 5472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/11 15:39:19.0129 5472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/11 15:39:19.0254 5472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/11 15:39:19.0394 5472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/11 15:39:19.0519 5472 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 15:39:19.0550 5472 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 15:39:19.0722 5472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/11 15:39:19.0862 5472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/11 15:39:20.0049 5472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/11 15:39:20.0096 5472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/11 15:39:20.0283 5472 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/11 15:39:20.0439 5472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/11 15:39:20.0611 5472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/11 15:39:20.0782 5472 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/11 15:39:20.0938 5472 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/11 15:39:21.0157 5472 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/11 15:39:21.0172 5472 Boot (0x1200) (e987154104ec137dc178249858b1141c) \Device\Harddisk0\DR0\Partition0
2011/07/11 15:39:21.0188 5472 Boot (0x1200) (5f949e74b899461fb7bef8555b412e91) \Device\Harddisk0\DR0\Partition1
2011/07/11 15:39:21.0188 5472 ================================================================================
2011/07/11 15:39:21.0188 5472 Scan finished
2011/07/11 15:39:21.0188 5472 ================================================================================
2011/07/11 15:39:21.0204 6588 Detected object count: 0
2011/07/11 15:39:21.0204 6588 Actual detected object count: 0


















ComboFix 11-07-11.02 - Andy 07/11/2011 16:00:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2281 [GMT -7:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 23:32 . 2011-07-11 23:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 23:32 . 2011-07-11 23:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-11 02:58 . 2011-07-11 02:58 -------- d-----w- C:\_OTL
2011-07-09 23:02 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9011DAF-19A1-4169-A4B7-9868DBAAD8D3}\mpengine.dll
2011-07-09 22:40 . 2011-07-09 22:46 -------- d-----w- c:\programdata\NOS
2011-07-09 05:19 . 2011-07-09 05:19 -------- d-----w- C:\_OTM
2011-07-04 22:03 . 2011-07-04 22:03 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-04 22:03 . 2011-07-09 22:56 -------- d-----w- c:\programdata\McAfee Security Scan
2011-07-04 21:51 . 2011-07-04 21:51 -------- d-----w- c:\windows\system32\Macromed
2011-07-03 07:45 . 2011-07-03 07:45 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-07-03 06:58 . 2011-05-29 16:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-03 02:26 . 2011-07-08 05:16 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2011-07-03 02:09 . 2011-07-03 02:21 -------- d-----w- c:\programdata\Immunet
2011-07-03 02:09 . 2011-07-03 02:09 -------- d-----w- c:\users\Andy\AppData\Local\Immunet
2011-07-03 02:08 . 2011-07-03 02:22 -------- d-----w- c:\program files\Immunet Protect
2011-07-03 02:08 . 2011-07-03 02:51 -------- d-----w- c:\programdata\Google Updater
2011-07-03 01:51 . 2011-07-11 22:49 -------- d-----w- C:\32788R22FWJFW
2011-07-02 22:35 . 2011-07-02 22:35 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2011-07-02 22:35 . 2011-07-09 22:53 -------- d-----w- c:\programdata\Malwarebytes
2011-07-02 22:35 . 2011-07-11 03:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-17 18:15 . 2011-06-17 18:15 -------- d-----w- C:\found.000
2011-06-17 01:35 . 2011-06-17 01:35 -------- d-----w- c:\users\Andy\AppData\Roaming\Gogii
2011-06-16 10:54 . 2011-06-16 10:54 -------- d-----w- C:\acccore
2011-06-16 05:12 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 05:12 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 05:12 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 05:12 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 05:12 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 05:12 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 05:12 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 05:12 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 05:12 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 05:10 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-16 05:10 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-16 05:10 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 05:10 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 05:10 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 05:10 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 05:10 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 05:10 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 05:10 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 04:46 . 2011-07-11 22:36 -------- d-----w- c:\users\Andy\AppData\Local\Deployment
2011-06-15 04:46 . 2011-06-15 04:46 -------- d-----w- c:\users\Andy\AppData\Local\Apps
2011-06-14 04:02 . 2011-06-14 04:02 -------- d-----w- c:\users\Andy\AppData\Roaming\Stand O'Food 3
2011-06-13 23:53 . 2011-07-03 18:02 -------- d-----w- c:\programdata\Big Fish Games
2011-06-13 17:27 . 2011-06-18 00:01 -------- d-----w- c:\program files (x86)\World of Warcraft
2011-06-13 17:27 . 2011-06-13 17:28 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-06-13 17:27 . 2011-06-13 19:10 -------- d-----w- c:\programdata\Blizzard Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 02:14 . 2010-03-01 01:33 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 01:32 . 2011-05-24 01:32 42209674 ----a-w- c:\programdata\SPL2F7A.tmp
2011-05-01 04:38 . 2010-04-26 01:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-01 04:37 . 2010-06-02 18:49 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-01 04:37 . 2010-04-26 01:44 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-22 20:18 . 2011-05-24 17:54 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-03-08 3972440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-6-14 0]
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-20 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-12-20 708608]
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2010-10-7 2845552]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-15 45736]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vproiah;vproiah;c:\windows\system32\DRIVERS\vproiah.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Andy\AppData\Local\Temp\00571F0.tmp [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-15 1052328]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 01:53]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 01:53]
.
2011-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-03-01 20:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2009-10-01 766632]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2009-10-01 139944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-23 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7740&r=27360210e906l0318z145t4961c635
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1 - c:\stranded ii\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Andy\AppData\Local\Temp\00571F0.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2011-07-11 17:00:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-12 00:00
.
Pre-Run: 241,807,593,472 bytes free
Post-Run: 241,138,057,216 bytes free
.
- - End Of File - - 57E3245C87F1C2FDB3A741D92070C878
  • 0

#8
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
vproiah
X6va005

File::
c:\windows\system32\DRIVERS\vproiah.sys
c:\users\Andy\AppData\Local\Temp\00571F0.tmp


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#9
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 11-07-12.09 - Andy 07/12/2011 16:02:05.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2029 [GMT -7:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
Command switches used :: c:\users\Andy\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Andy\AppData\Local\Temp\00571F0.tmp"
"c:\windows\system32\DRIVERS\vproiah.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VPROIAH
-------\Legacy_X6VA005
-------\Service_vproiah
-------\Service_X6va005
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 23:35 . 2011-07-12 23:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-12 23:35 . 2011-07-12 23:35 -------- d-----w- c:\users\flymama46\AppData\Local\temp
2011-07-12 23:35 . 2011-07-12 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 19:47 . 2011-06-02 06:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-12 19:47 . 2011-06-02 06:44 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 19:47 . 2011-06-02 06:35 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-12 19:47 . 2011-06-02 06:45 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-12 19:47 . 2011-06-02 06:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-12 19:47 . 2011-06-02 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-12 19:47 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-12 19:47 . 2011-06-02 05:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-12 19:47 . 2011-06-02 05:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-12 19:47 . 2011-06-02 03:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-12 19:47 . 2011-06-02 03:50 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-12 19:44 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E502E3E-212E-415D-90E8-523E358528A7}\mpengine.dll
2011-07-11 02:58 . 2011-07-11 02:58 -------- d-----w- C:\_OTL
2011-07-09 22:40 . 2011-07-09 22:46 -------- d-----w- c:\programdata\NOS
2011-07-09 05:19 . 2011-07-09 05:19 -------- d-----w- C:\_OTM
2011-07-04 22:03 . 2011-07-04 22:03 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-04 22:03 . 2011-07-09 22:56 -------- d-----w- c:\programdata\McAfee Security Scan
2011-07-04 21:51 . 2011-07-04 21:51 -------- d-----w- c:\windows\system32\Macromed
2011-07-03 07:45 . 2011-07-03 07:45 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-07-03 06:58 . 2011-05-29 16:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-03 02:26 . 2011-07-08 05:16 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2011-07-03 02:09 . 2011-07-03 02:21 -------- d-----w- c:\programdata\Immunet
2011-07-03 02:09 . 2011-07-03 02:09 -------- d-----w- c:\users\Andy\AppData\Local\Immunet
2011-07-03 02:08 . 2011-07-03 02:22 -------- d-----w- c:\program files\Immunet Protect
2011-07-03 02:08 . 2011-07-03 02:51 -------- d-----w- c:\programdata\Google Updater
2011-07-02 22:35 . 2011-07-02 22:35 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2011-07-02 22:35 . 2011-07-09 22:53 -------- d-----w- c:\programdata\Malwarebytes
2011-07-02 22:35 . 2011-07-11 03:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-17 18:15 . 2011-06-17 18:15 -------- d-----w- C:\found.000
2011-06-17 01:35 . 2011-06-17 01:35 -------- d-----w- c:\users\Andy\AppData\Roaming\Gogii
2011-06-16 10:54 . 2011-06-16 10:54 -------- d-----w- C:\acccore
2011-06-16 05:12 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 05:12 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 05:12 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 05:12 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 05:12 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 05:12 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 05:12 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 05:12 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 05:10 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-16 05:10 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-16 05:10 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 05:10 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 05:10 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 05:10 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 05:10 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 05:10 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 05:10 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 04:46 . 2011-07-11 22:36 -------- d-----w- c:\users\Andy\AppData\Local\Deployment
2011-06-15 04:46 . 2011-06-15 04:46 -------- d-----w- c:\users\Andy\AppData\Local\Apps
2011-06-14 04:02 . 2011-06-14 04:02 -------- d-----w- c:\users\Andy\AppData\Roaming\Stand O'Food 3
2011-06-13 23:53 . 2011-07-03 18:02 -------- d-----w- c:\programdata\Big Fish Games
2011-06-13 17:27 . 2011-06-18 00:01 -------- d-----w- c:\program files (x86)\World of Warcraft
2011-06-13 17:27 . 2011-06-13 17:28 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-06-13 17:27 . 2011-06-13 19:10 -------- d-----w- c:\programdata\Blizzard Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 05:56 . 2011-07-12 19:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-25 02:14 . 2010-03-01 01:33 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 01:32 . 2011-05-24 01:32 42209674 ----a-w- c:\programdata\SPL2F7A.tmp
2011-05-01 04:38 . 2010-04-26 01:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-01 04:37 . 2010-06-02 18:49 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-01 04:37 . 2010-04-26 01:44 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-22 20:18 . 2011-05-24 17:54 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((( [email protected]_23.37.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-07-12 23:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-11 23:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-11 23:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-12 23:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-11 23:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-12 23:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-05 00:35 . 2011-07-12 22:47 72612 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-11 22:37 37726 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-12 23:42 37726 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-28 13:11 . 2011-07-12 23:42 18110 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3553972461-3783928594-4194098230-1001_UserData.bin
+ 2009-07-14 05:30 . 2011-07-12 22:42 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-07-03 07:48 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-12 19:48 . 2011-04-28 03:58 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthenum.sys
- 2009-12-21 06:57 . 2011-07-11 23:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-21 06:57 . 2011-07-12 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-21 06:57 . 2011-07-11 23:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-21 06:57 . 2011-07-12 23:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-11 23:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-12 23:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-01 01:18 . 2011-07-11 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 01:18 . 2011-07-12 23:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-07-12 22:48 80528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-05-31 23:23 . 2011-07-11 23:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-31 23:23 . 2011-07-12 23:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-31 23:23 . 2011-07-12 23:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-05-31 23:23 . 2011-07-11 23:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-05-31 23:23 . 2011-07-11 23:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-05-31 23:23 . 2011-07-12 23:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-03-01 01:18 . 2011-07-11 23:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-01 01:18 . 2011-07-12 23:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-01 01:18 . 2011-07-12 23:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-01 01:18 . 2011-07-11 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-28 13:13 . 2011-07-12 23:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-28 13:13 . 2011-07-11 23:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-28 13:13 . 2011-07-11 23:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-28 13:13 . 2011-07-12 23:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-21 00:25 . 2011-06-16 10:23 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-09-21 00:25 . 2011-06-16 10:23 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-09-21 00:25 . 2011-06-16 10:23 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-09-21 00:25 . 2011-06-16 10:23 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-07-11 23:34 . 2011-07-11 23:34 2428 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-07-12 23:38 . 2011-07-12 23:38 2428 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-07-12 19:48 . 2011-06-02 03:45 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 03:45 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 03:45 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 03:45 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-12 19:48 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-12 23:38 . 2011-07-12 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-11 23:35 . 2011-07-11 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-12 23:38 . 2011-07-12 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-11 23:35 . 2011-07-11 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-21 00:25 . 2011-06-16 10:23 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-07-12 19:48 . 2011-06-02 05:54 272384 c:\windows\SysWOW64\KernelBase.dll
+ 2011-07-12 19:47 . 2011-05-14 06:32 837120 c:\windows\SysWOW64\kernel32.dll
+ 2011-07-12 19:48 . 2011-06-02 06:39 422400 c:\windows\system32\KernelBase.dll
- 2009-07-14 05:30 . 2011-07-03 07:48 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-12 22:42 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-12 22:42 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-07-03 07:48 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 00:06 . 2009-07-14 01:39 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\fsquirt.exe
+ 2011-07-12 19:48 . 2011-04-28 03:58 552448 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthport.sys
+ 2009-07-14 05:31 . 2011-07-12 22:42 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-05-11 10:16 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:01 . 2011-07-11 23:34 695292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-12 23:38 695292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-09-21 00:25 . 2011-06-16 10:23 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-09-21 00:25 . 2011-06-16 10:23 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-09-21 00:25 . 2011-06-16 10:23 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-09-21 00:25 . 2011-06-16 10:23 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-09-21 00:25 . 2011-07-12 22:40 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-09-21 00:25 . 2011-06-16 10:23 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-07-12 04:55 . 2011-07-12 04:55 111232 c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.dll
+ 2011-07-12 04:55 . 2011-07-12 04:55 547968 c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack.Shell\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.Shell.dll
+ 2011-07-12 19:48 . 2011-06-11 02:56 3134464 c:\windows\system32\win32k.sys
+ 2011-07-12 19:47 . 2011-05-14 07:36 1162240 c:\windows\system32\kernel32.dll
- 2009-07-13 23:28 . 2009-07-14 01:41 1162240 c:\windows\system32\kernel32.dll
+ 2009-07-14 04:45 . 2011-07-12 22:44 3398352 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-07-03 03:20 3398352 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-07-12 22:47 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-07-03 03:24 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-23 21:15 . 2011-05-23 21:15 3617792 c:\windows\Installer\107daff.msp
- 2009-07-14 02:34 . 2011-07-11 22:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-07-12 22:59 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-03-08 3972440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-6-14 0]
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-20 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-12-20 708608]
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2010-10-7 2845552]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-15 45736]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-15 1052328]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 01:53]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 01:53]
.
2011-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-03-01 20:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF11336.cfxxe" [X]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2009-10-01 766632]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2009-10-01 139944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-23 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7740&r=27360210e906l0318z145t4961c635
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2011-07-12 17:03:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-13 00:03
ComboFix2.txt 2011-07-12 00:00
.
Pre-Run: 241,580,740,608 bytes free
Post-Run: 241,123,008,512 bytes free
.
- - End Of File - - 57E01E79AA88CCA5A07F994162FB2E2E























MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7740
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 204):
0x02E04000 \SystemRoot\system32\ntoskrnl.exe
0x033E0000 \SystemRoot\system32\hal.dll
0x00BC8000 \SystemRoot\system32\kdcom.dll
0x00C06000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C4A000 \SystemRoot\system32\PSHED.dll
0x00C5E000 \SystemRoot\system32\CLFS.SYS
0x00CBC000 \SystemRoot\system32\CI.dll
0x00ED0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F74000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F83000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7C000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x010B3000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011CF000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0102A000 \SystemRoot\system32\drivers\amdxata.sys
0x01035000 \SystemRoot\system32\drivers\fltmgr.sys
0x01081000 \SystemRoot\system32\drivers\fileinfo.sys
0x0122A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01486000 \SystemRoot\System32\Drivers\msrpc.sys
0x014E4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014FE000 \SystemRoot\System32\Drivers\cng.sys
0x01571000 \SystemRoot\System32\drivers\pcw.sys
0x01582000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01681000 \SystemRoot\system32\drivers\ndis.sys
0x01773000 \SystemRoot\system32\drivers\NETIO.SYS
0x017D3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164C000 \SystemRoot\System32\Drivers\spldr.sys
0x0158C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01654000 \SystemRoot\System32\Drivers\mup.sys
0x01666000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015C6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x01416000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02BA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02BD1000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x02BDA000 \SystemRoot\System32\Drivers\Null.SYS
0x02BE3000 \SystemRoot\System32\Drivers\Beep.SYS
0x02BEA000 \SystemRoot\System32\drivers\vga.sys
0x02A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A25000 \SystemRoot\System32\drivers\watchdog.sys
0x02A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02A3E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A47000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02A50000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02A5B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03803000 \SystemRoot\System32\drivers\tcpip.sys
0x03E0D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03E57000 \SystemRoot\System32\Drivers\Mpfp.sys
0x03E94000 \SystemRoot\System32\Drivers\TDI.SYS
0x03EA1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03EBF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03EDD000 \SystemRoot\system32\drivers\afd.sys
0x03F66000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03FAB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03FB4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03FDA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03FF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01446000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01461000 \SystemRoot\system32\DRIVERS\termdd.sys
0x040C9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0411A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04126000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x04139000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x04141000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0414C000 \SystemRoot\system32\drivers\mfehidk.sys
0x04196000 \SystemRoot\System32\drivers\discache.sys
0x041A5000 \SystemRoot\System32\Drivers\dfsc.sys
0x041C3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x041D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0469B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x050BA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x051AE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04600000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04611000 \SystemRoot\system32\drivers\usbehci.sys
0x04622000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04024000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04275000 \SystemRoot\system32\DRIVERS\athrx.sys
0x043F1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04200000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04205000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04223000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x0422F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04075000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0423E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04240000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0424F000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x04257000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x0425F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x013CC000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x04678000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0426C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x01475000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x01200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x011D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0468E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00E99000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x01095000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00DD8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0546C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05486000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05488000 \SystemRoot\system32\DRIVERS\ks.sys
0x054CB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x054DD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05537000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0580D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0554C000 \SystemRoot\system32\drivers\portcls.sys
0x05589000 \SystemRoot\system32\drivers\drmk.sys
0x059F9000 \SystemRoot\system32\drivers\ksthunk.sys
0x05A40000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x05B71000 \SystemRoot\system32\drivers\modem.sys
0x05B80000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x05BC1000 \SystemRoot\System32\drivers\Dxapi.sys
0x05BCD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05BEA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05A19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05A22000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x055AB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05A2F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x006C0000 \SystemRoot\System32\cdd.dll
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x055D9000 \SystemRoot\system32\drivers\luafv.sys
0x05800000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x05400000 \SystemRoot\system32\drivers\WudfPf.sys
0x02A6C000 \SystemRoot\system32\DRIVERS\udfs.sys
0x05421000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02AC0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05436000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05449000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05BF8000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x02B13000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02411000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0252D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x028EA000 \SystemRoot\system32\drivers\HTTP.sys
0x029B2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x029D0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0282D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0287B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0289E000 \SystemRoot\System32\Drivers\adfs.SYS
0x02540000 \SystemRoot\system32\drivers\peauth.sys
0x028B6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0605D000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x06114000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x06161000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0618E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02B21000 \SystemRoot\System32\DRIVERS\srv2.sys
0x061A0000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x0660A000 \SystemRoot\System32\DRIVERS\srv.sys
0x0669F000 \SystemRoot\system32\drivers\mfeavfk.sys
0x06728000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77440000 \Windows\System32\ntdll.dll
0x47B70000 \Windows\System32\smss.exe
0xFF760000 \Windows\System32\apisetschema.dll
0xFF2D0000 \Windows\System32\autochk.exe
0xFF700000 \Windows\System32\Wldap32.dll
0x77610000 \Windows\System32\psapi.dll
0x77600000 \Windows\System32\normaliz.dll
0xFF620000 \Windows\System32\oleaut32.dll
0xFF550000 \Windows\System32\usp10.dll
0xFF500000 \Windows\System32\ws2_32.dll
0xFF2A0000 \Windows\System32\iertutil.dll
0xFF200000 \Windows\System32\msvcrt.dll
0x77340000 \Windows\System32\user32.dll
0xFF160000 \Windows\System32\comdlg32.dll
0xFF140000 \Windows\System32\imagehlp.dll
0xFF030000 \Windows\System32\msctf.dll
0xFEF00000 \Windows\System32\rpcrt4.dll
0xFED20000 \Windows\System32\setupapi.dll
0xFDF90000 \Windows\System32\shell32.dll
0xFDE10000 \Windows\System32\urlmon.dll
0xFDD90000 \Windows\System32\shlwapi.dll
0xFDD80000 \Windows\System32\lpk.dll
0xFDD70000 \Windows\System32\nsi.dll
0xFDD40000 \Windows\System32\imm32.dll
0xFDCC0000 \Windows\System32\difxapi.dll
0xFDB90000 \Windows\System32\wininet.dll
0xFD980000 \Windows\System32\ole32.dll
0xFD960000 \Windows\System32\sechost.dll
0xFD8C0000 \Windows\System32\clbcatq.dll
0xFD7E0000 \Windows\System32\advapi32.dll
0x77220000 \Windows\System32\kernel32.dll
0xFD770000 \Windows\System32\gdi32.dll
0xFD730000 \Windows\System32\wintrust.dll
0xFD5C0000 \Windows\System32\crypt32.dll
0xFD5A0000 \Windows\System32\devobj.dll
0xFD500000 \Windows\System32\comctl32.dll
0xFD490000 \Windows\System32\KernelBase.dll
0xFD450000 \Windows\System32\cfgmgr32.dll
0xFD440000 \Windows\System32\msasn1.dll
0x75D90000 \Windows\SysWOW64\normaliz.dll

Processes (total 96):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
488 csrss.exe
552 C:\Windows\System32\wininit.exe
580 csrss.exe
612 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
500 C:\Windows\System32\audiodg.exe
696 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\spoolsv.exe
1336 C:\Windows\System32\svchost.exe
1428 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1452 C:\PROGRA~2\COMMON~1\McAfee\MNA\McNASvc.exe
1500 C:\Windows\System32\rundll32.exe
1508 C:\Windows\SysWOW64\rundll32.exe
1592 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
1624 C:\Program Files\LSI SoftModem\agr64svc.exe
1644 C:\Windows\SysWOW64\svchost.exe
1668 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1856 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1904 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1924 C:\Windows\System32\svchost.exe
1964 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
2040 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1760 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1780 C:\Windows\System32\lxeacoms.exe
1900 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
1792 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2120 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
2172 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2344 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2384 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
2648 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2720 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2784 C:\Windows\System32\svchost.exe
2812 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
3004 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3248 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3428 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
3608 C:\Windows\System32\svchost.exe
3304 C:\Windows\System32\taskhost.exe
716 C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
3476 C:\Windows\System32\dwm.exe
3624 C:\Windows\explorer.exe
3508 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3296 C:\Program Files\Windows Media Player\wmpnetwk.exe
1952 C:\Windows\System32\SearchIndexer.exe
864 WmiPrvSE.exe
4560 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4368 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1936 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
4396 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4440 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2908 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
1580 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
4528 C:\Windows\System32\igfxtray.exe
4604 C:\Windows\System32\hkcmd.exe
4624 C:\Windows\System32\igfxpers.exe
4620 C:\Windows\System32\igfxsrvc.exe
4676 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
4856 C:\Program Files\Windows Sidebar\sidebar.exe
4716 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
5148 C:\Windows\System32\igfxext.exe
5180 C:\Windows\System32\wbem\unsecapp.exe
5308 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
5508 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
5576 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
5780 C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
5888 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5924 C:\Windows\System32\svchost.exe
5980 C:\Program Files (x86)\Launch Manager\LManager.exe
6024 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
6032 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
4916 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
5604 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
5656 C:\Windows\System32\svchost.exe
5836 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2024 C:\Program Files\iPod\bin\iPodService.exe
6360 C:\Windows\System32\wuauclt.exe
2912 C:\Program Files\Internet Explorer\iexplore.exe
6184 C:\Program Files\Internet Explorer\iexplore.exe
3128 C:\Windows\System32\SearchProtocolHost.exe
5776 C:\Windows\System32\SearchFilterHost.exe
4152 dllhost.exe
5268 dllhost.exe
3816 C:\Users\Andy\Desktop\MBRCheck.exe
6884 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f4500000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001J

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#10
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Run aswMBR that you previously downloaded, run the application and click the Scan button to start the scan

On completion of the scan

Click the FIXMBR

Save the log as before and post in your next reply

Next

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

Advertisements


#11
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-13 10:14:55
-----------------------------
10:14:55.921 OS Version: Windows x64 6.1.7600
10:14:55.921 Number of processors: 4 586 0x2502
10:14:55.921 ComputerName: ANDYSCOMPUTER UserName: Andy
10:14:57.262 Initialize success
10:15:16.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:15:16.387 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
10:15:16.419 Disk 0 MBR read successfully
10:15:16.419 Disk 0 MBR scan
10:15:16.419 Disk 0 unknown MBR code
10:15:16.419 Disk 0 MBR hidden
10:15:16.434 Service scanning
10:15:19.227 Disk 0 trace - called modules:
10:15:19.273 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004a73254]<<
10:15:19.289 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a56410]
10:15:19.289 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004938050]
10:15:19.305 \Driver\iaStor[0xfffffa80048f4060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a73254
10:15:19.305 Scan finished successfully
10:15:24.673 Disk 0 Windows 601 MBR fixed successfully
10:15:37.574 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
10:15:37.605 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"


















MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7740
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 205):
0x02E15000 \SystemRoot\system32\ntoskrnl.exe
0x033F1000 \SystemRoot\system32\hal.dll
0x00BB9000 \SystemRoot\system32\kdcom.dll
0x00C11000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C55000 \SystemRoot\system32\PSHED.dll
0x00C69000 \SystemRoot\system32\CLFS.SYS
0x00CC7000 \SystemRoot\system32\CI.dll
0x00EA3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F47000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F56000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FC0000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FF3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D87000 \SystemRoot\System32\drivers\mountmgr.sys
0x01044000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01160000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01169000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01193000 \SystemRoot\system32\drivers\amdxata.sys
0x0119E000 \SystemRoot\system32\drivers\fltmgr.sys
0x011EA000 \SystemRoot\system32\drivers\fileinfo.sys
0x01232000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00DA1000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0143E000 \SystemRoot\System32\Drivers\cng.sys
0x014B1000 \SystemRoot\System32\drivers\pcw.sys
0x014C2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014CC000 \SystemRoot\system32\drivers\ndis.sys
0x01654000 \SystemRoot\system32\drivers\NETIO.SYS
0x016B4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016DF000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0172B000 \SystemRoot\System32\Drivers\spldr.sys
0x01733000 \SystemRoot\System32\drivers\rdyboost.sys
0x0176D000 \SystemRoot\System32\Drivers\mup.sys
0x0177F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01788000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017C2000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02B88000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02BB2000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x02BBB000 \SystemRoot\System32\Drivers\Null.SYS
0x02BC4000 \SystemRoot\System32\Drivers\Beep.SYS
0x02BCB000 \SystemRoot\System32\drivers\vga.sys
0x02BD9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A00000 \SystemRoot\System32\drivers\watchdog.sys
0x02A10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02A19000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A22000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02A2B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02A36000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03C02000 \SystemRoot\System32\drivers\tcpip.sys
0x03E2C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03E76000 \SystemRoot\System32\Drivers\Mpfp.sys
0x03EB3000 \SystemRoot\System32\Drivers\TDI.SYS
0x03EC0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03EDE000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03EFC000 \SystemRoot\system32\drivers\afd.sys
0x03F85000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03FCA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03FD3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03E00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03E16000 \SystemRoot\system32\DRIVERS\netbios.sys
0x017D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0163E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0402A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0407B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04087000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x0409A000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x040A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x040AD000 \SystemRoot\system32\drivers\mfehidk.sys
0x040F7000 \SystemRoot\System32\drivers\discache.sys
0x04106000 \SystemRoot\System32\Drivers\dfsc.sys
0x04124000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04135000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0466C000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0508B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0517F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x051C5000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x051D6000 \SystemRoot\system32\drivers\usbehci.sys
0x04600000 \SystemRoot\system32\drivers\USBPORT.SYS
0x0415B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0417F000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04244000 \SystemRoot\system32\DRIVERS\athrx.sys
0x043C0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x043CD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x043D2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x043F0000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x04200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0543C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05489000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0548B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0549A000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x054A2000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x054AA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x054B7000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x054DD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x054F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x054FC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0550C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05522000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05546000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05552000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05581000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0559C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x055BD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055D7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01000000 \SystemRoot\system32\DRIVERS\ks.sys
0x055D9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05849000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x058A3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A14000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x058B8000 \SystemRoot\system32\drivers\portcls.sys
0x058F5000 \SystemRoot\system32\drivers\drmk.sys
0x05A00000 \SystemRoot\system32\drivers\ksthunk.sys
0x05C9E000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x05DCF000 \SystemRoot\system32\drivers\modem.sys
0x05C00000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x05C41000 \SystemRoot\System32\drivers\Dxapi.sys
0x05C4D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05C6A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05C78000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05C91000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05DDE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05917000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05DEB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x006C0000 \SystemRoot\System32\cdd.dll
0x05945000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00900000 \SystemRoot\System32\ATMFD.DLL
0x05A06000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02A47000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05999000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x059AC000 \SystemRoot\system32\drivers\luafv.sys
0x059CF000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x059DA000 \SystemRoot\system32\drivers\WudfPf.sys
0x05800000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x024A6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x024F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0250C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02524000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x0252B000 \SystemRoot\system32\drivers\HTTP.sys
0x02400000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0241E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02436000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0285C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x028AA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x028CD000 \SystemRoot\System32\Drivers\adfs.SYS
0x028E5000 \SystemRoot\system32\drivers\peauth.sys
0x0298B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08087000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x0813E000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x0818B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x081B8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08000000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08425000 \SystemRoot\System32\DRIVERS\srv.sys
0x084BA000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x084C5000 \SystemRoot\system32\drivers\mfeavfk.sys
0x084DD000 \SystemRoot\system32\drivers\spsys.sys
0x0854E000 \??\C:\Users\Andy\AppData\Local\Temp\aswMBR.sys
0x77340000 \Windows\System32\ntdll.dll
0x47880000 \Windows\System32\smss.exe
0xFF660000 \Windows\System32\apisetschema.dll
0xFFB50000 \Windows\System32\autochk.exe
0xFE8C0000 \Windows\System32\shell32.dll
0xFE7E0000 \Windows\System32\oleaut32.dll
0xFE710000 \Windows\System32\usp10.dll
0xFE700000 \Windows\System32\lpk.dll
0x77510000 \Windows\System32\psapi.dll
0xFE6B0000 \Windows\System32\Wldap32.dll
0xFE5A0000 \Windows\System32\msctf.dll
0xFE530000 \Windows\System32\gdi32.dll
0xFE400000 \Windows\System32\wininet.dll
0xFE360000 \Windows\System32\comdlg32.dll
0xFE350000 \Windows\System32\nsi.dll
0xFE170000 \Windows\System32\setupapi.dll
0xFE040000 \Windows\System32\rpcrt4.dll
0xFDFC0000 \Windows\System32\shlwapi.dll
0x77500000 \Windows\System32\normaliz.dll
0xFDEE0000 \Windows\System32\advapi32.dll
0xFDEC0000 \Windows\System32\imagehlp.dll
0x77220000 \Windows\System32\kernel32.dll
0xFDE90000 \Windows\System32\imm32.dll
0xFDC30000 \Windows\System32\iertutil.dll
0xFDBB0000 \Windows\System32\difxapi.dll
0xFDB10000 \Windows\System32\clbcatq.dll
0xFD990000 \Windows\System32\urlmon.dll
0xFD8F0000 \Windows\System32\msvcrt.dll
0xFD8D0000 \Windows\System32\sechost.dll
0xFD880000 \Windows\System32\ws2_32.dll
0x77120000 \Windows\System32\user32.dll
0xFD670000 \Windows\System32\ole32.dll
0xFD630000 \Windows\System32\cfgmgr32.dll
0xFD590000 \Windows\System32\comctl32.dll
0xFD420000 \Windows\System32\crypt32.dll
0xFD3B0000 \Windows\System32\KernelBase.dll
0xFD370000 \Windows\System32\wintrust.dll
0xFD350000 \Windows\System32\devobj.dll
0xFD340000 \Windows\System32\msasn1.dll
0x756B0000 \Windows\SysWOW64\normaliz.dll

Processes (total 106):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
492 csrss.exe
556 C:\Windows\System32\wininit.exe
584 csrss.exe
616 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\winlogon.exe
784 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
124 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\audiodg.exe
440 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\spoolsv.exe
1344 C:\Windows\System32\svchost.exe
1448 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1472 C:\PROGRA~2\COMMON~1\McAfee\MNA\McNASvc.exe
1532 C:\Windows\System32\rundll32.exe
1544 C:\Windows\SysWOW64\rundll32.exe
1608 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
1636 C:\Program Files\LSI SoftModem\agr64svc.exe
1656 C:\Windows\SysWOW64\svchost.exe
1676 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1920 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1956 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1988 C:\Windows\System32\svchost.exe
2020 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
1392 C:\Windows\System32\taskhost.exe
1220 C:\Windows\System32\dwm.exe
1800 C:\Windows\explorer.exe
1888 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
2168 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2312 C:\Windows\System32\lxeacoms.exe
2332 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
2372 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2440 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
2716 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
2724 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2732 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
2744 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2756 C:\Windows\PLFSetI.exe
2796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2820 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2952 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2960 C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
3004 C:\Windows\System32\igfxtray.exe
3012 C:\Windows\System32\hkcmd.exe
2836 C:\Windows\System32\igfxpers.exe
2944 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3144 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3388 C:\Program Files\Windows Sidebar\sidebar.exe
3432 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3456 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
3484 C:\Program Files\Internet Explorer\iexplore.exe
3584 C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
3632 C:\Program Files\Internet Explorer\iexplore.exe
3864 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3904 C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
3956 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
1136 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
3248 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
4220 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
4356 C:\Windows\System32\svchost.exe
4432 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
4480 C:\Windows\System32\svchost.exe
4508 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
4600 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
5004 C:\Windows\System32\igfxext.exe
5032 C:\Windows\System32\igfxsrvc.exe
5076 C:\Windows\System32\wbem\unsecapp.exe
1152 WmiPrvSE.exe
4028 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
1212 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
1328 C:\Windows\System32\SearchIndexer.exe
4956 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
5172 C:\Windows\System32\svchost.exe
5652 C:\Windows\System32\svchost.exe
5752 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
5880 C:\Program Files (x86)\Launch Manager\LManager.exe
5892 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5912 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
5948 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
5972 C:\Program Files\Windows Media Player\wmpnetwk.exe
6096 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4948 C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
5256 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
5192 C:\Program Files (x86)\iTunes\iTunesHelper.exe
6348 C:\Program Files\iPod\bin\iPodService.exe
528 C:\Windows\System32\sppsvc.exe
4272 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
6552 C:\Windows\servicing\TrustedInstaller.exe
3724 C:\Windows\System32\wuauclt.exe
5516 C:\Windows\System32\SearchProtocolHost.exe
5956 C:\Windows\System32\SearchFilterHost.exe
6580 dllhost.exe
2652 C:\PROGRA~2\McAfee.com\Agent\mcupdate.exe
2280 dllhost.exe
3348 C:\Users\Andy\Desktop\MBRCheck.exe
5492 C:\Windows\System32\conhost.exe
6444 mcupdmgr.exe
4448 C:\Program Files (x86)\McAfee\MSC\mcsvrcnt.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f4500000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001J

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

could you please attach this file in your next post: C:\Users\Andy\Desktop\MBR.dat

zip it and attach it.
  • 0

#13
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here you go.

Attached Files

  • Attached File  MBR.zip   567bytes   46 downloads

Edited by chrysalis, 13 July 2011 - 12:28 PM.

  • 0

#14
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the MBRFix icon.
  • A command prompt will be presented. Type the following commands and press Enter after each line:

    X:
    cd X:\
    MbrFix /drive 1 fixmbr
    Exit

  • Reboot your system.

When you are back into normal mode do the following again:

Double click on MBRCheck.exe that you previously downloaded

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#15
chrysalis

chrysalis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
On step 3, I recieved an error:
http://imageshack.us...7/error1ty.png/

Should I still go on or re-do it again with another CD?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP