Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

The Open With box for everything I try [Closed]

Started by panicpeace , Aug 11 2011 05:07 PM

  • This topic is locked This topic is locked

#1
panicpeace
Posted 11 August 2011 - 05:07 PM

panicpeace

    Member

  • Member
  • PipPip
  • 69 posts
Im using an Acer Veriton M275 with Windows 7.
I just got this computer and have only put a few games on it. I went browsing some new sites and probably got a virus from them. I looked in my task manager and found a new program with a Russian name so I tried deleting it. I think I did so, however all of my exe things open with the "open with box". Some programs would not work at all. I read your site and found exehelper and used it. Then I got malwarebytes and am running it now. I am extremely appreciative of any help I may receive. OTL just gave me this from its quick scan...

OTL logfile created on: 8/11/2011 6:40:44 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\James\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.24 Mb Total Physical Memory | 129.56 Mb Available Physical Memory | 13.10% Memory free
1.97 Gb Paging File | 0.75 Gb Available in Paging File | 38.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 32.47 Gb Free Space | 48.86% Space Free | Partition Type: NTFS
Drive D: | 66.50 Gb Total Space | 66.41 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 18:09:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.com
PRC - [2011/08/11 16:57:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/06/28 16:42:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 16:57:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
MOD - [2011/07/22 00:35:15 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011/07/22 00:35:12 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/20 22:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/20 08:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 19:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/11 15:26:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0EC42F7-1E00-4FC2-990A-F71DC30BDE02}\MpKsl7502ff03.sys -- (MpKsl7502ff03)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 23:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/03/11 19:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 18:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...45u235z47m4r49s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...45u235z47m4r49s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 16:42:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 15:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2011/06/26 20:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/26 20:25:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/28 16:42:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [3804294689] File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (wxvault.dll) - wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5a79af5e-c024-11df-827a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5a79af5e-c024-11df-827a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010/05/25 00:56:52 | 002,505,256 | ---- | M] ()
O33 - MountPoints2\{c9d4465f-a414-11e0-a769-d0278806d2f8}\Shell - "" = AutoRun
O33 - MountPoints2\{c9d4465f-a414-11e0-a769-d0278806d2f8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 18:13:51 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Malwarebytes
[2011/08/11 18:13:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/11 18:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 18:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/11 18:13:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/11 18:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\StarCraft II
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/07/28 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/28 15:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2011/07/28 15:07:05 | 000,052,736 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\brinsstr.dll
[2011/07/28 15:07:00 | 000,188,416 | ---- | C] (brother) -- C:\Windows\System32\PDRVINST.DLL
[2011/07/28 15:07:00 | 000,086,016 | ---- | C] (brother) -- C:\Windows\System32\BrWebIns.dll
[2011/07/28 15:07:00 | 000,069,632 | ---- | C] (brother) -- C:\Windows\System32\BRWEBUP.EXE
[2011/07/28 15:06:58 | 000,054,784 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2011/07/28 15:06:58 | 000,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2011/07/28 15:06:58 | 000,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2011/07/28 15:06:54 | 000,000,000 | ---D | C] -- C:\Brother
[2011/07/28 15:06:50 | 000,126,976 | ---- | C] (Brother Industries,LTD) -- C:\Windows\System32\BrfxD05a.dll
[2011/07/28 15:06:49 | 000,163,840 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2011/07/28 15:06:49 | 000,147,456 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\brunin03.dll
[2011/07/28 15:06:49 | 000,053,248 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll
[2011/07/28 15:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011/07/28 15:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011/07/27 15:22:42 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catan GmbH
[2011/07/27 15:14:08 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\COW
[2011/07/27 01:43:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/22 00:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/22 00:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/08/11 18:43:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/11 18:43:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/11 18:30:17 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011/08/11 18:13:37 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 17:09:50 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 17:09:50 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 15:44:29 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/11 15:12:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/11 15:12:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/08/11 15:12:19 | 777,969,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 22:16:47 | 000,627,632 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/10 22:16:47 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/28 15:46:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/28 15:09:37 | 000,000,042 | ---- | M] () -- C:\Users\Public\Desktop\Network PhotoCapture Centre.url
[2011/07/28 15:09:15 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,226 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,094 | ---- | M] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf06a.dat
[2011/07/27 15:22:42 | 000,001,144 | ---- | M] () -- C:\Users\James\Desktop\Catan Online World.lnk
[2011/07/27 02:09:45 | 000,009,518 | -HS- | M] () -- C:\Users\James\AppData\Local\v48517mejip
[2011/07/27 01:49:35 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/07/27 01:44:59 | 000,001,366 | -HS- | M] () -- C:\ProgramData\v48517mejip
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\txpt.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\tjda.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\qnty.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\oyvj.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\nqcx.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\keyp.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\dqxi.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\butx.exe
[2011/07/22 07:02:21 | 000,424,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/08/11 18:13:37 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 15:20:47 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/11 15:12:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/07/28 15:46:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/28 15:46:04 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/28 15:09:37 | 000,000,042 | ---- | C] () -- C:\Users\Public\Desktop\Network PhotoCapture Centre.url
[2011/07/28 15:09:15 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 15:06:52 | 000,006,224 | ---- | C] () -- C:\Windows\CVRPAGE.BMP
[2011/07/28 15:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 15:06:49 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/07/27 15:22:42 | 000,001,144 | ---- | C] () -- C:\Users\James\Desktop\Catan Online World.lnk
[2011/07/27 01:44:25 | 000,009,518 | -HS- | C] () -- C:\Users\James\AppData\Local\v48517mejip
[2011/07/27 01:44:25 | 000,001,366 | -HS- | C] () -- C:\ProgramData\v48517mejip
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\txpt.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\tjda.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\qnty.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\oyvj.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\nqcx.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\keyp.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\dqxi.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\butx.exe
[2011/06/20 15:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 15:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 15:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/14 13:40:39 | 000,031,232 | ---- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 13:40:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 13:40:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 13:40:07 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 13:40:07 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 13:32:36 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/06 06:46:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/04/19 02:00:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 23:33:16 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 13:21:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 13:21:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 13:21:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 13:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 13:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 13:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 13:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 13:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 13:21:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 13:21:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 13:21:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 13:20:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 13:20:58 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 13:20:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 13:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 13:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 13:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 13:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 13:20:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 13:20:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 13:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 13:20:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 13:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 13:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 13:20:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 13:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 13:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 13:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 13:20:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 18:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 19:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,424,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,627,632 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/08/10 11:57:12 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\COW
[2011/08/11 18:30:17 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2009/07/14 00:53:46 | 000,023,078 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 12 August 2011 - 12:18 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, panicpeace! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Could you do the following two scans for me please, then get back to me with the logs :yes:



1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image





In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
BlackOxide
Posted 24 August 2011 - 01:40 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
BlackOxide
Posted 01 September 2011 - 12:48 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Topic reopened. Just post the logs from my first post, whenever you have them :)
  • 0

#5
BlackOxide
Posted 27 September 2011 - 01:49 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
BlackOxide
Posted 10 November 2011 - 02:10 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Topic reopened.

Could you ignore the previous steps please, as we'll need to use some updated versions. Just follow the steps below...



1)
Are you still experiencing the same problems as before, with .exe files prompting an Open With box? Are there any new problems that have developed in the meantime?




2)
Delete your current copy of OTL

OTL Quick Scan
Download OTL to your Desktop
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



In your next reply
Please post the contents of...
OTL log
  • 0

#7
panicpeace
Posted 10 November 2011 - 05:04 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I'm having different problems than before. My shortcuts are all gone. Malwarebytes says its empty. A window called System Restore is always on my screen. It wont close. It says I have many problems and I need to fix them. A small tab says my hard drive clusters are damaged. It seems my hard drive space is full. Something in system32\\00003961 trys to open 30 times and fails every 5 minutes.
This is the result of my OTL quick scan:

OTL logfile created on: 8/11/2011 6:40:44 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\James\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.24 Mb Total Physical Memory | 129.56 Mb Available Physical Memory | 13.10% Memory free
1.97 Gb Paging File | 0.75 Gb Available in Paging File | 38.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 32.47 Gb Free Space | 48.86% Space Free | Partition Type: NTFS
Drive D: | 66.50 Gb Total Space | 66.41 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 18:09:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.com
PRC - [2011/08/11 16:57:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/06/28 16:42:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 16:57:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
MOD - [2011/07/22 00:35:15 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011/07/22 00:35:12 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/20 22:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/20 08:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 19:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/11 15:26:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0EC42F7-1E00-4FC2-990A-F71DC30BDE02}\MpKsl7502ff03.sys -- (MpKsl7502ff03)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 23:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/03/11 19:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 18:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...45u235z47m4r49s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...45u235z47m4r49s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 16:42:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 15:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2011/06/26 20:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/26 20:25:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/28 16:42:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [3804294689] File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (wxvault.dll) - wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5a79af5e-c024-11df-827a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5a79af5e-c024-11df-827a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010/05/25 00:56:52 | 002,505,256 | ---- | M] ()
O33 - MountPoints2\{c9d4465f-a414-11e0-a769-d0278806d2f8}\Shell - "" = AutoRun
O33 - MountPoints2\{c9d4465f-a414-11e0-a769-d0278806d2f8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 18:13:51 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Malwarebytes
[2011/08/11 18:13:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/11 18:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 18:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/11 18:13:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/11 18:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\StarCraft II
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/08/11 15:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/07/28 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/28 15:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2011/07/28 15:07:05 | 000,052,736 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\brinsstr.dll
[2011/07/28 15:07:00 | 000,188,416 | ---- | C] (brother) -- C:\Windows\System32\PDRVINST.DLL
[2011/07/28 15:07:00 | 000,086,016 | ---- | C] (brother) -- C:\Windows\System32\BrWebIns.dll
[2011/07/28 15:07:00 | 000,069,632 | ---- | C] (brother) -- C:\Windows\System32\BRWEBUP.EXE
[2011/07/28 15:06:58 | 000,054,784 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2011/07/28 15:06:58 | 000,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2011/07/28 15:06:58 | 000,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2011/07/28 15:06:54 | 000,000,000 | ---D | C] -- C:\Brother
[2011/07/28 15:06:50 | 000,126,976 | ---- | C] (Brother Industries,LTD) -- C:\Windows\System32\BrfxD05a.dll
[2011/07/28 15:06:49 | 000,163,840 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2011/07/28 15:06:49 | 000,147,456 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\brunin03.dll
[2011/07/28 15:06:49 | 000,053,248 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll
[2011/07/28 15:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011/07/28 15:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011/07/27 15:22:42 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catan GmbH
[2011/07/27 15:14:08 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\COW
[2011/07/27 01:43:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/22 00:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/22 00:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/08/11 18:43:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/11 18:43:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/11 18:30:17 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011/08/11 18:13:37 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 17:09:50 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 17:09:50 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 15:44:29 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/11 15:12:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/11 15:12:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/08/11 15:12:19 | 777,969,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 22:16:47 | 000,627,632 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/10 22:16:47 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/28 15:46:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/28 15:09:37 | 000,000,042 | ---- | M] () -- C:\Users\Public\Desktop\Network PhotoCapture Centre.url
[2011/07/28 15:09:15 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,226 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,094 | ---- | M] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf06a.dat
[2011/07/27 15:22:42 | 000,001,144 | ---- | M] () -- C:\Users\James\Desktop\Catan Online World.lnk
[2011/07/27 02:09:45 | 000,009,518 | -HS- | M] () -- C:\Users\James\AppData\Local\v48517mejip
[2011/07/27 01:49:35 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/07/27 01:44:59 | 000,001,366 | -HS- | M] () -- C:\ProgramData\v48517mejip
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\txpt.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\tjda.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\qnty.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\oyvj.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\nqcx.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\keyp.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\dqxi.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\butx.exe
[2011/07/22 07:02:21 | 000,424,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/08/11 18:13:37 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 15:20:47 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/11 15:12:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/07/28 15:46:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/28 15:46:04 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/28 15:09:37 | 000,000,042 | ---- | C] () -- C:\Users\Public\Desktop\Network PhotoCapture Centre.url
[2011/07/28 15:09:15 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 15:06:52 | 000,006,224 | ---- | C] () -- C:\Windows\CVRPAGE.BMP
[2011/07/28 15:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 15:06:49 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/07/27 15:22:42 | 000,001,144 | ---- | C] () -- C:\Users\James\Desktop\Catan Online World.lnk
[2011/07/27 01:44:25 | 000,009,518 | -HS- | C] () -- C:\Users\James\AppData\Local\v48517mejip
[2011/07/27 01:44:25 | 000,001,366 | -HS- | C] () -- C:\ProgramData\v48517mejip
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\txpt.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\tjda.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\qnty.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\oyvj.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\nqcx.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\keyp.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\dqxi.exe
[2011/07/27 01:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\butx.exe
[2011/06/20 15:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 15:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 15:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/14 13:40:39 | 000,031,232 | ---- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 13:40:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 13:40:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 13:40:07 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 13:40:07 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 13:32:36 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/06 06:46:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/04/19 02:00:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 23:33:16 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 13:21:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 13:21:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 13:21:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 13:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 13:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 13:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 13:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 13:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 13:21:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 13:21:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 13:21:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 13:20:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 13:20:58 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 13:20:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 13:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 13:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 13:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 13:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 13:20:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 13:20:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 13:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 13:20:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 13:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 13:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 13:20:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 13:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 13:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 13:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 13:20:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 18:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 19:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,424,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,627,632 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/08/10 11:57:12 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\COW
[2011/08/11 18:30:17 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2009/07/14 00:53:46 | 000,023,078 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#8
BlackOxide
Posted 11 November 2011 - 01:34 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

The Hard Drive warning messages are false and are being generated by the malware. Could you follow the steps below please, then get back to me with the logs.



1)
Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and press Enter on the keyboard
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Once this has been done, run RogueKiller again and do the following...
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and press Enter on the keyboard
  • The RKreport.txt shall be generated next to the executable.

Please post the contents of the RKreport.txt file(s) in your next Reply.




2)
After you have ran RogueKiller using the steps above, please reboot your PC.





3)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




In your next reply
Please post the contents of...
RogueKiller logs
OTL log
  • 0

#9
panicpeace
Posted 13 November 2011 - 01:59 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
This is what I got from hitting 2

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: James [Admin rights]
Mode: Remove -- Date : 11/13/2011 14:56:51

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] NgTUiSAcmhn.exe -- C:\ProgramData\NgTUiSAcmhn.exe -> KILLED [TermProc]
[SUSP PATH] 4Tc41glWZ64BOV.exe -- C:\ProgramData\4Tc41glWZ64BOV.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : NgTUiSAcmhn.exe (C:\ProgramData\NgTUiSAcmhn.exe) -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#10
panicpeace
Posted 13 November 2011 - 02:02 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
And this is from 6. My shortcuts have returned

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: James [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/13/2011 15:01:16

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 17 / Fail 0
Quick launch: Success 13 / Fail 0
Programs: Success 253 / Fail 0
Start menu: Success 44 / Fail 0
User folder: Success 8785 / Fail 0
My documents: Success 307 / Fail 0
My favorites: Success 27 / Fail 0
My pictures: Success 26 / Fail 0
My music: Success 1 / Fail 0
My videos: Success 1 / Fail 0
Local drives: Success 10526 / Fail 0
Backup: [FOUND] Success 171 / Fail 0

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : Fake HDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

Advertisements

#11
panicpeace
Posted 13 November 2011 - 02:09 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
There are a couple new shortcuts that worry me.

OTL logfile created on: 11/13/2011 3:05:33 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 61.18% Memory free
5.93 Gb Paging File | 4.82 Gb Available in Paging File | 81.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 26.13 Gb Free Space | 39.32% Space Free | Partition Type: NTFS
Drive D: | 66.50 Gb Total Space | 66.41 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 15:04:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL(2).com
PRC - [2011/11/09 15:09:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/03 16:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/04/19 02:30:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/11/17 17:18:10 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/11/02 19:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/05/12 21:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009/04/17 16:17:30 | 000,434,176 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
PRC - [2009/02/17 19:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 15:09:22 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/04/15 22:33:16 | 000,249,856 | -H-- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/17 17:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/20 21:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/03 16:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 18:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 21:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 19:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2011/11/13 15:03:22 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/13 15:01:05 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D72AEF43-75EB-4E2C-9EC2-A77A2E7F27C5}\MpKsl4c456d4b.sys -- (MpKsl4c456d4b)
DRV - [2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 07:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 22:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 18:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 17:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...45u235z47m4r49s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...45u235z47m4r49s
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 15:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 14:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2011/11/09 23:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 15:09:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 17:16:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 15:09:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (wxvault.dll) -C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/24 23:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5a79af5e-c024-11df-827a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5a79af5e-c024-11df-827a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010/05/24 23:56:52 | 002,505,256 | ---- | M] ()
O33 - MountPoints2\{c9d4465f-a414-11e0-a769-d0278806d2f8}\Shell - "" = AutoRun
O33 - MountPoints2\{c9d4465f-a414-11e0-a769-d0278806d2f8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\RK_Quarantine
[2011/11/09 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/04 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/11/13 15:04:29 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 15:04:29 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 15:03:22 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/11/13 14:56:03 | 000,627,632 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/13 14:56:03 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/13 14:53:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/13 14:49:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 14:49:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/13 14:49:27 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/11/13 14:49:23 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/09 23:20:01 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2011/11/09 23:11:47 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~4Tc41glWZ64BOV
[2011/11/09 23:11:47 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~4Tc41glWZ64BOVr
[2011/11/09 15:14:54 | 000,000,685 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/09 15:14:54 | 000,000,661 | ---- | M] () -- C:\Users\James\Desktop\System Restore.lnk
[2011/11/09 15:14:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\4Tc41glWZ64BOV
[2011/11/09 15:14:45 | 000,337,760 | ---- | M] () -- C:\ProgramData\4Tc41glWZ64BOV.exe
[2011/11/09 15:06:13 | 000,423,768 | ---- | M] () -- C:\ProgramData\NgTUiSAcmhn.exe
[2011/11/09 14:57:57 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/11/08 18:20:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2011/11/04 17:17:01 | 000,002,282 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/11/13 15:00:39 | 000,002,656 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/11/13 15:00:39 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Acer Registration.lnk
[2011/11/13 15:00:39 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Veriton ControlCenter.lnk
[2011/11/13 15:00:39 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/13 15:00:39 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/13 15:00:39 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 15:00:39 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/11/13 15:00:39 | 000,000,042 | ---- | C] () -- C:\Users\Public\Desktop\Network PhotoCapture Centre.url
[2011/11/13 15:00:38 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 15:00:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 15:00:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 15:00:37 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 15:00:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 15:00:33 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/11/13 15:00:33 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/13 15:00:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 15:00:33 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 15:00:33 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 15:00:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/13 14:54:23 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/11/13 14:49:27 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/11/09 15:15:04 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~4Tc41glWZ64BOV
[2011/11/09 15:15:04 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~4Tc41glWZ64BOVr
[2011/11/09 15:14:54 | 000,000,685 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/09 15:14:54 | 000,000,661 | ---- | C] () -- C:\Users\James\Desktop\System Restore.lnk
[2011/11/09 15:14:51 | 000,000,336 | ---- | C] () -- C:\ProgramData\4Tc41glWZ64BOV
[2011/11/09 15:14:45 | 000,337,760 | ---- | C] () -- C:\ProgramData\4Tc41glWZ64BOV.exe
[2011/11/09 15:09:13 | 000,423,768 | ---- | C] () -- C:\ProgramData\NgTUiSAcmhn.exe
[2011/11/04 17:17:01 | 000,002,282 | ---- | C] () -- C:\Users\James\Desktop\Google Chrome.lnk
[2011/11/04 17:15:36 | 000,000,908 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2011/11/04 17:15:35 | 000,000,856 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2011/07/28 14:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 14:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 14:08:49 | 000,000,226 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 14:08:49 | 000,000,094 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 14:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 14:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 14:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/07/27 00:44:25 | 000,009,518 | --S- | C] () -- C:\Users\James\AppData\Local\v48517mejip
[2011/07/27 00:44:25 | 000,001,366 | --S- | C] () -- C:\ProgramData\v48517mejip
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\txpt.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\tjda.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\qnty.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\oyvj.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\nqcx.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\keyp.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\dqxi.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\butx.exe
[2011/06/20 14:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 14:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 14:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/14 12:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 12:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 12:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 12:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 12:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 12:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/06 05:46:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/04/19 01:00:28 | 000,010,752 | -H-- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 22:33:16 | 000,249,856 | -H-- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 12:21:16 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 12:21:16 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 12:21:14 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 12:21:12 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 12:21:12 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 12:21:06 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 12:21:04 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 12:21:04 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 12:21:02 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 12:21:00 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 12:21:00 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 12:20:58 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 12:20:58 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 12:20:56 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 12:20:54 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 12:20:54 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 12:20:52 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 12:20:52 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 12:20:50 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 12:20:48 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 12:20:48 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 12:20:46 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 12:20:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 12:20:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 12:20:42 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 12:20:40 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 12:20:40 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 12:20:38 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 12:20:36 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 17:27:22 | 000,839,680 | -H-- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 18:25:08 | 000,917,504 | -H-- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,424,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,632 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/08 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\COW
[2011/09/09 00:16:13 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2011/09/08 04:52:51 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#12
BlackOxide
Posted 13 November 2011 - 05:24 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Thanks for the logs. Good to hear the icons have been restored.

There are a couple new shortcuts that worry me.

Which shortcuts are you concerned about?



What we'll do now, is remove some malware items which are present in the OTL log, then we'll get a scan done with TDSSKiller.



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/11/09 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/09 23:11:47 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~4Tc41glWZ64BOV
[2011/11/09 23:11:47 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~4Tc41glWZ64BOVr
[2011/11/09 15:14:54 | 000,000,685 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/09 15:14:54 | 000,000,661 | ---- | M] () -- C:\Users\James\Desktop\System Restore.lnk
[2011/11/09 15:14:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\4Tc41glWZ64BOV
[2011/11/09 15:14:45 | 000,337,760 | ---- | M] () -- C:\ProgramData\4Tc41glWZ64BOV.exe
[2011/11/09 15:06:13 | 000,423,768 | ---- | M] () -- C:\ProgramData\NgTUiSAcmhn.exe
[2011/07/27 00:44:25 | 000,009,518 | --S- | C] () -- C:\Users\James\AppData\Local\v48517mejip
[2011/07/27 00:44:25 | 000,001,366 | --S- | C] () -- C:\ProgramData\v48517mejip
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\txpt.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\tjda.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\qnty.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\oyvj.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\nqcx.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\keyp.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\dqxi.exe
[2011/07/27 00:44:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\butx.exe

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.




In your next reply
Please post the contents of...
OTL log
TDSSKiller log
  • 0

#13
panicpeace
Posted 14 November 2011 - 04:51 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
The weird shortcuts disapeared when I restarted.
heres the OTL

OTL logfile created on: 11/14/2011 5:47:12 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.89% Memory free
5.93 Gb Paging File | 5.00 Gb Available in Paging File | 84.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 26.09 Gb Free Space | 39.27% Space Free | Partition Type: NTFS
Drive D: | 66.50 Gb Total Space | 66.41 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 17:46:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL(4).com
PRC - [2011/11/09 15:09:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/03 16:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/04/19 02:30:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/11/17 17:18:10 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/05/12 21:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009/04/17 16:17:30 | 000,434,176 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
PRC - [2009/02/17 19:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 15:09:22 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/04/15 22:33:16 | 000,249,856 | -H-- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/17 17:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/20 21:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/06/03 16:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 18:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 21:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 19:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2011/11/14 17:45:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D72AEF43-75EB-4E2C-9EC2-A77A2E7F27C5}\MpKsl1bd76d90.sys -- (MpKsl1bd76d90)
DRV - [2011/11/13 15:03:22 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 07:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 22:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 18:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 17:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...45u235z47m4r49s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...45u235z47m4r49s
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 15:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 14:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2011/11/09 23:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 15:09:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 17:16:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 15:09:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2011/11/14 17:44:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (wxvault.dll) -wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/24 23:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5a79af5e-c024-11df-827a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5a79af5e-c024-11df-827a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010/05/24 23:56:52 | 002,505,256 | ---- | M] ()
O33 - MountPoints2\{c9d4465f-a414-11e0-a769-d0278806d2f8}\Shell - "" = AutoRun
O33 - MountPoints2\{c9d4465f-a414-11e0-a769-d0278806d2f8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 17:44:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/13 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\RK_Quarantine
[2011/11/04 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/11/14 17:45:32 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/11/14 17:45:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 17:45:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/14 17:45:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/11/14 17:45:14 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 17:44:45 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 17:44:45 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 17:44:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/13 22:40:33 | 000,627,632 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/13 22:40:33 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/13 15:20:05 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2011/11/13 15:03:22 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/11/13 14:53:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 18:20:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2011/11/04 17:17:01 | 000,002,282 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/11/14 17:45:19 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/11/13 15:00:39 | 000,002,656 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/11/13 15:00:39 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Acer Registration.lnk
[2011/11/13 15:00:39 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Veriton ControlCenter.lnk
[2011/11/13 15:00:39 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/13 15:00:39 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/13 15:00:39 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 15:00:39 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/11/13 15:00:39 | 000,000,042 | ---- | C] () -- C:\Users\Public\Desktop\Network PhotoCapture Centre.url
[2011/11/13 15:00:38 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 15:00:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 15:00:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 15:00:37 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 15:00:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 15:00:33 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/11/13 15:00:33 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/13 15:00:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 15:00:33 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 15:00:33 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 15:00:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/13 14:54:23 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/11/04 17:17:01 | 000,002,282 | ---- | C] () -- C:\Users\James\Desktop\Google Chrome.lnk
[2011/11/04 17:15:36 | 000,000,908 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2011/11/04 17:15:35 | 000,000,856 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2011/07/28 14:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 14:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 14:08:49 | 000,000,226 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 14:08:49 | 000,000,094 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 14:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 14:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 14:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/06/20 14:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 14:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 14:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/14 12:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 12:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 12:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 12:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 12:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 12:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/06 05:46:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/04/19 01:00:28 | 000,010,752 | -H-- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 22:33:16 | 000,249,856 | -H-- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 12:21:16 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 12:21:16 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 12:21:14 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 12:21:12 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 12:21:12 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 12:21:06 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 12:21:04 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 12:21:04 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 12:21:02 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 12:21:00 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 12:21:00 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 12:20:58 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 12:20:58 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 12:20:56 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 12:20:54 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 12:20:54 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 12:20:52 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 12:20:52 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 12:20:50 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 12:20:48 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 12:20:48 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 12:20:46 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 12:20:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 12:20:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 12:20:42 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 12:20:40 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 12:20:40 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 12:20:38 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 12:20:36 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 17:27:22 | 000,839,680 | -H-- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 18:25:08 | 000,917,504 | -H-- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,424,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,632 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/08 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\COW
[2011/09/09 00:16:13 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2011/09/08 04:52:51 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#14
panicpeace
Posted 14 November 2011 - 05:06 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
It found 1 thing and I had to skip it


18:00:26.0633 3540 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
18:00:26.0735 3540 ============================================================
18:00:26.0735 3540 Current date / time: 2011/11/14 18:00:26.0735
18:00:26.0735 3540 SystemInfo:
18:00:26.0735 3540
18:00:26.0735 3540 OS Version: 6.1.7601 ServicePack: 1.0
18:00:26.0735 3540 Product type: Workstation
18:00:26.0736 3540 ComputerName: JAMES-PC
18:00:26.0736 3540 UserName: James
18:00:26.0736 3540 Windows directory: C:\Windows
18:00:26.0736 3540 System windows directory: C:\Windows
18:00:26.0736 3540 Processor architecture: Intel x86
18:00:26.0736 3540 Number of processors: 2
18:00:26.0736 3540 Page size: 0x1000
18:00:26.0736 3540 Boot type: Normal boot
18:00:26.0736 3540 ============================================================
18:00:27.0758 3540 Initialize success
18:01:22.0239 3292 ============================================================
18:01:22.0239 3292 Scan started
18:01:22.0239 3292 Mode: Manual; SigCheck; TDLFS;
18:01:22.0239 3292 ============================================================
18:01:22.0589 3292 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:01:22.0646 3292 1394ohci - ok
18:01:22.0739 3292 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:01:22.0781 3292 ACPI - ok
18:01:22.0866 3292 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:01:22.0900 3292 AcpiPmi - ok
18:01:23.0006 3292 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:01:23.0029 3292 adp94xx - ok
18:01:23.0085 3292 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:01:23.0106 3292 adpahci - ok
18:01:23.0116 3292 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:01:23.0137 3292 adpu320 - ok
18:01:23.0246 3292 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:01:23.0293 3292 AFD - ok
18:01:23.0326 3292 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:01:23.0347 3292 agp440 - ok
18:01:23.0433 3292 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:01:23.0455 3292 aic78xx - ok
18:01:23.0500 3292 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:01:23.0514 3292 aliide - ok
18:01:23.0548 3292 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:01:23.0589 3292 amdagp - ok
18:01:23.0623 3292 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:01:23.0637 3292 amdide - ok
18:01:23.0689 3292 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:01:23.0725 3292 AmdK8 - ok
18:01:23.0781 3292 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:01:23.0813 3292 AmdPPM - ok
18:01:23.0896 3292 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:01:23.0914 3292 amdsata - ok
18:01:23.0986 3292 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:01:24.0008 3292 amdsbs - ok
18:01:24.0043 3292 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:01:24.0059 3292 amdxata - ok
18:01:24.0146 3292 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:01:24.0189 3292 AppID - ok
18:01:24.0305 3292 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:01:24.0322 3292 arc - ok
18:01:24.0332 3292 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:01:24.0351 3292 arcsas - ok
18:01:24.0385 3292 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:24.0421 3292 AsyncMac - ok
18:01:24.0474 3292 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:01:24.0489 3292 atapi - ok
18:01:24.0622 3292 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:01:24.0655 3292 b06bdrv - ok
18:01:24.0762 3292 b57nd60x (43d0b19cf9ad22f9c14516f66dcc2d9f) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:01:24.0795 3292 b57nd60x - ok
18:01:24.0895 3292 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:01:24.0944 3292 Beep - ok
18:01:25.0043 3292 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:01:25.0083 3292 blbdrive - ok
18:01:25.0174 3292 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:01:25.0195 3292 bowser - ok
18:01:25.0235 3292 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:01:25.0281 3292 BrFiltLo - ok
18:01:25.0369 3292 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:01:25.0416 3292 BrFiltUp - ok
18:01:25.0518 3292 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:01:25.0563 3292 Brserid - ok
18:01:25.0647 3292 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:01:25.0694 3292 BrSerWdm - ok
18:01:25.0768 3292 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:01:25.0798 3292 BrUsbMdm - ok
18:01:25.0852 3292 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:01:25.0876 3292 BrUsbSer - ok
18:01:25.0920 3292 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:01:25.0955 3292 BTHMODEM - ok
18:01:26.0037 3292 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:01:26.0091 3292 cdfs - ok
18:01:26.0200 3292 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:01:26.0252 3292 cdrom - ok
18:01:26.0349 3292 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:01:26.0380 3292 circlass - ok
18:01:26.0410 3292 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:01:26.0437 3292 CLFS - ok
18:01:26.0533 3292 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:01:26.0579 3292 CmBatt - ok
18:01:26.0640 3292 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:01:26.0655 3292 cmdide - ok
18:01:26.0690 3292 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:01:26.0726 3292 CNG - ok
18:01:26.0799 3292 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:01:26.0814 3292 Compbatt - ok
18:01:26.0848 3292 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:01:26.0888 3292 CompositeBus - ok
18:01:26.0984 3292 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:01:27.0000 3292 crcdisk - ok
18:01:27.0132 3292 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:01:27.0177 3292 CSC - ok
18:01:27.0292 3292 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:01:27.0343 3292 DfsC - ok
18:01:27.0433 3292 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:01:27.0495 3292 discache - ok
18:01:27.0592 3292 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:01:27.0609 3292 Disk - ok
18:01:27.0704 3292 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:01:27.0722 3292 drmkaud - ok
18:01:27.0761 3292 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:01:27.0793 3292 DXGKrnl - ok
18:01:27.0911 3292 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:01:28.0045 3292 ebdrv - ok
18:01:28.0141 3292 eLock2BurnerLockDriver (1815153e6ac1edd08e4f2f367345ae5d) C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys
18:01:28.0162 3292 eLock2BurnerLockDriver - ok
18:01:28.0171 3292 eLock2FSCTLDriver (c93b7caa8c8734baf34682a4df24f945) C:\Windows\system32\DRIVERS\eLock2FSCTLDriver.sys
18:01:28.0216 3292 eLock2FSCTLDriver - ok
18:01:28.0300 3292 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:01:28.0326 3292 elxstor - ok
18:01:28.0370 3292 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:01:28.0408 3292 ErrDev - ok
18:01:28.0558 3292 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:01:28.0592 3292 exfat - ok
18:01:28.0602 3292 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:01:28.0650 3292 fastfat - ok
18:01:28.0753 3292 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:01:28.0781 3292 fdc - ok
18:01:28.0818 3292 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:01:28.0853 3292 FileInfo - ok
18:01:28.0904 3292 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:01:28.0958 3292 Filetrace - ok
18:01:29.0021 3292 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:29.0047 3292 flpydisk - ok
18:01:29.0094 3292 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:01:29.0121 3292 FltMgr - ok
18:01:29.0158 3292 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:01:29.0178 3292 FsDepends - ok
18:01:29.0234 3292 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:01:29.0248 3292 Fs_Rec - ok
18:01:29.0311 3292 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:01:29.0351 3292 fvevol - ok
18:01:29.0417 3292 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:01:29.0441 3292 gagp30kx - ok
18:01:29.0541 3292 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:01:29.0573 3292 hcw85cir - ok
18:01:29.0667 3292 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:01:29.0706 3292 HdAudAddService - ok
18:01:29.0802 3292 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:01:29.0846 3292 HDAudBus - ok
18:01:29.0932 3292 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:01:29.0969 3292 HidBatt - ok
18:01:30.0062 3292 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:01:30.0094 3292 HidBth - ok
18:01:30.0123 3292 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:01:30.0169 3292 HidIr - ok
18:01:30.0289 3292 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:01:30.0326 3292 HidUsb - ok
18:01:30.0435 3292 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:01:30.0455 3292 HpSAMD - ok
18:01:30.0496 3292 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:01:30.0558 3292 HTTP - ok
18:01:30.0611 3292 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:01:30.0626 3292 hwpolicy - ok
18:01:30.0730 3292 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:01:30.0775 3292 i8042prt - ok
18:01:30.0886 3292 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:01:30.0919 3292 iaStorV - ok
18:01:31.0142 3292 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:01:31.0387 3292 igfx - ok
18:01:31.0490 3292 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:01:31.0508 3292 iirsp - ok
18:01:31.0623 3292 IntcAzAudAddService (7cb41a5e5c24f9f50e6533693e2bb74d) C:\Windows\system32\drivers\RTKVHDA.sys
18:01:31.0677 3292 IntcAzAudAddService - ok
18:01:31.0742 3292 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:01:31.0775 3292 intelide - ok
18:01:32.0033 3292 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:01:32.0073 3292 intelppm - ok
18:01:32.0158 3292 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:32.0189 3292 IpFilterDriver - ok
18:01:32.0249 3292 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:01:32.0291 3292 IPMIDRV - ok
18:01:32.0359 3292 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:01:32.0410 3292 IPNAT - ok
18:01:32.0443 3292 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:01:32.0478 3292 IRENUM - ok
18:01:32.0509 3292 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:01:32.0527 3292 isapnp - ok
18:01:32.0561 3292 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:01:32.0584 3292 iScsiPrt - ok
18:01:32.0632 3292 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:01:32.0652 3292 kbdclass - ok
18:01:32.0748 3292 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:01:32.0784 3292 kbdhid - ok
18:01:32.0841 3292 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:01:32.0862 3292 KSecDD - ok
18:01:32.0899 3292 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:01:32.0919 3292 KSecPkg - ok
18:01:32.0960 3292 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:01:32.0991 3292 lltdio - ok
18:01:33.0030 3292 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:01:33.0048 3292 LSI_FC - ok
18:01:33.0074 3292 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:01:33.0101 3292 LSI_SAS - ok
18:01:33.0111 3292 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:01:33.0127 3292 LSI_SAS2 - ok
18:01:33.0137 3292 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:01:33.0158 3292 LSI_SCSI - ok
18:01:33.0185 3292 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:01:33.0231 3292 luafv - ok
18:01:33.0345 3292 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
18:01:33.0366 3292 MBAMSwissArmy - ok
18:01:33.0412 3292 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:01:33.0428 3292 megasas - ok
18:01:33.0468 3292 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:01:33.0490 3292 MegaSR - ok
18:01:33.0592 3292 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:01:33.0635 3292 Modem - ok
18:01:33.0668 3292 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:01:33.0698 3292 monitor - ok
18:01:33.0765 3292 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:01:33.0785 3292 mouclass - ok
18:01:33.0885 3292 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:01:33.0910 3292 mouhid - ok
18:01:33.0939 3292 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:01:33.0959 3292 mountmgr - ok
18:01:34.0025 3292 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:01:34.0078 3292 MpFilter - ok
18:01:34.0137 3292 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:01:34.0172 3292 mpio - ok
18:01:34.0273 3292 MpKsl7502ff03 - ok
18:01:34.0375 3292 MpKsl8004bb83 - ok
18:01:34.0481 3292 MpKsl8a271472 - ok
18:01:34.0595 3292 MpKsladac9c6a (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B276BFA7-5CE7-452F-B20E-F7EF56E5E3E7}\MpKsladac9c6a.sys
18:01:34.0635 3292 MpKsladac9c6a - ok
18:01:34.0748 3292 MpKslc72a2349 - ok
18:01:34.0809 3292 MpKslcb42fa8e - ok
18:01:34.0869 3292 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:01:34.0892 3292 MpNWMon - ok
18:01:34.0927 3292 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:01:34.0964 3292 mpsdrv - ok
18:01:35.0027 3292 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:01:35.0050 3292 MRxDAV - ok
18:01:35.0093 3292 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:35.0135 3292 mrxsmb - ok
18:01:35.0214 3292 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:35.0258 3292 mrxsmb10 - ok
18:01:35.0291 3292 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:35.0337 3292 mrxsmb20 - ok
18:01:35.0429 3292 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:01:35.0448 3292 msahci - ok
18:01:35.0481 3292 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:01:35.0506 3292 msdsm - ok
18:01:35.0540 3292 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:01:35.0571 3292 Msfs - ok
18:01:35.0598 3292 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:01:35.0641 3292 mshidkmdf - ok
18:01:35.0701 3292 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:01:35.0715 3292 msisadrv - ok
18:01:35.0811 3292 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:01:35.0865 3292 MSKSSRV - ok
18:01:35.0978 3292 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:36.0014 3292 MSPCLOCK - ok
18:01:36.0076 3292 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:01:36.0105 3292 MSPQM - ok
18:01:36.0141 3292 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:01:36.0160 3292 MsRPC - ok
18:01:36.0205 3292 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:01:36.0225 3292 mssmbios - ok
18:01:36.0281 3292 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:01:36.0313 3292 MSTEE - ok
18:01:36.0381 3292 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:01:36.0405 3292 MTConfig - ok
18:01:36.0474 3292 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:01:36.0493 3292 Mup - ok
18:01:36.0602 3292 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:01:36.0643 3292 NativeWifiP - ok
18:01:36.0757 3292 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:01:36.0803 3292 NDIS - ok
18:01:36.0896 3292 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:01:36.0942 3292 NdisCap - ok
18:01:37.0047 3292 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:37.0095 3292 NdisTapi - ok
18:01:37.0163 3292 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:37.0212 3292 Ndisuio - ok
18:01:37.0225 3292 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:37.0257 3292 NdisWan - ok
18:01:37.0322 3292 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:01:37.0353 3292 NDProxy - ok
18:01:37.0449 3292 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:01:37.0507 3292 NetBIOS - ok
18:01:37.0593 3292 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:01:37.0653 3292 NetBT - ok
18:01:37.0766 3292 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:01:37.0786 3292 nfrd960 - ok
18:01:37.0821 3292 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:01:37.0848 3292 NisDrv - ok
18:01:37.0919 3292 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:01:37.0959 3292 Npfs - ok
18:01:37.0971 3292 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:01:38.0008 3292 nsiproxy - ok
18:01:38.0090 3292 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:01:38.0202 3292 Ntfs - ok
18:01:38.0287 3292 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
18:01:38.0301 3292 NTIDrvr - ok
18:01:38.0315 3292 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:01:38.0362 3292 Null - ok
18:01:38.0467 3292 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:01:38.0486 3292 nvraid - ok
18:01:38.0508 3292 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:01:38.0527 3292 nvstor - ok
18:01:38.0620 3292 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:01:38.0643 3292 nv_agp - ok
18:01:38.0676 3292 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:01:38.0720 3292 ohci1394 - ok
18:01:38.0840 3292 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:01:38.0864 3292 Parport - ok
18:01:38.0892 3292 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:01:38.0911 3292 partmgr - ok
18:01:38.0940 3292 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:01:38.0976 3292 Parvdm - ok
18:01:39.0044 3292 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:01:39.0065 3292 pci - ok
18:01:39.0101 3292 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:01:39.0115 3292 pciide - ok
18:01:39.0154 3292 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:01:39.0177 3292 pcmcia - ok
18:01:39.0200 3292 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:01:39.0216 3292 pcw - ok
18:01:39.0308 3292 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:01:39.0380 3292 PEAUTH - ok
18:01:39.0509 3292 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:01:39.0552 3292 PptpMiniport - ok
18:01:39.0605 3292 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:01:39.0641 3292 Processor - ok
18:01:39.0730 3292 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:01:39.0773 3292 Psched - ok
18:01:39.0837 3292 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:01:39.0895 3292 ql2300 - ok
18:01:39.0967 3292 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:01:39.0990 3292 ql40xx - ok
18:01:40.0013 3292 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:01:40.0036 3292 QWAVEdrv - ok
18:01:40.0045 3292 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:01:40.0096 3292 RasAcd - ok
18:01:40.0150 3292 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:01:40.0202 3292 RasAgileVpn - ok
18:01:40.0282 3292 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:01:40.0329 3292 Rasl2tp - ok
18:01:40.0432 3292 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:01:40.0477 3292 RasPppoe - ok
18:01:40.0559 3292 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:01:40.0604 3292 RasSstp - ok
18:01:40.0690 3292 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:01:40.0737 3292 rdbss - ok
18:01:40.0819 3292 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:01:40.0841 3292 rdpbus - ok
18:01:40.0868 3292 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:01:40.0906 3292 RDPCDD - ok
18:01:40.0967 3292 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:01:40.0995 3292 RDPDR - ok
18:01:41.0067 3292 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:01:41.0104 3292 RDPENCDD - ok
18:01:41.0147 3292 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:01:41.0189 3292 RDPREFMP - ok
18:01:41.0258 3292 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:01:41.0299 3292 RDPWD - ok
18:01:41.0385 3292 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:01:41.0411 3292 rdyboost - ok
18:01:41.0520 3292 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:01:41.0566 3292 rspndr - ok
18:01:41.0620 3292 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:01:41.0670 3292 s3cap - ok
18:01:41.0752 3292 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:01:41.0779 3292 sbp2port - ok
18:01:41.0820 3292 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:01:41.0864 3292 scfilter - ok
18:01:41.0954 3292 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:01:42.0006 3292 secdrv - ok
18:01:42.0112 3292 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:01:42.0147 3292 Serenum - ok
18:01:42.0171 3292 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:01:42.0215 3292 Serial - ok
18:01:42.0275 3292 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:01:42.0294 3292 sermouse - ok
18:01:42.0332 3292 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:01:42.0354 3292 sffdisk - ok
18:01:42.0370 3292 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:01:42.0408 3292 sffp_mmc - ok
18:01:42.0432 3292 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:01:42.0468 3292 sffp_sd - ok
18:01:42.0541 3292 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:01:42.0574 3292 sfloppy - ok
18:01:42.0628 3292 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:01:42.0647 3292 sisagp - ok
18:01:42.0726 3292 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:01:42.0742 3292 SiSRaid2 - ok
18:01:42.0754 3292 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:01:42.0774 3292 SiSRaid4 - ok
18:01:42.0830 3292 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:01:42.0868 3292 Smb - ok
18:01:42.0946 3292 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:01:42.0961 3292 spldr - ok
18:01:43.0069 3292 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:01:43.0113 3292 srv - ok
18:01:43.0156 3292 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:01:43.0199 3292 srv2 - ok
18:01:43.0272 3292 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:01:43.0312 3292 srvnet - ok
18:01:43.0387 3292 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:01:43.0403 3292 stexstor - ok
18:01:43.0486 3292 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:01:43.0511 3292 storflt - ok
18:01:43.0575 3292 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:01:43.0592 3292 storvsc - ok
18:01:43.0621 3292 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:01:43.0637 3292 swenum - ok
18:01:43.0754 3292 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
18:01:43.0809 3292 Tcpip - ok
18:01:43.0904 3292 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
18:01:43.0942 3292 TCPIP6 - ok
18:01:43.0988 3292 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:01:44.0028 3292 tcpipreg - ok
18:01:44.0072 3292 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:01:44.0112 3292 TDPIPE - ok
18:01:44.0163 3292 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:01:44.0200 3292 TDTCP - ok
18:01:44.0278 3292 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:01:44.0323 3292 tdx - ok
18:01:44.0361 3292 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:01:44.0382 3292 TermDD - ok
18:01:44.0505 3292 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
18:01:44.0591 3292 TrueSight ( UnsignedFile.Multi.Generic ) - warning
18:01:44.0591 3292 TrueSight - detected UnsignedFile.Multi.Generic (1)
18:01:44.0650 3292 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:01:44.0692 3292 tssecsrv - ok
18:01:44.0767 3292 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:01:44.0798 3292 TsUsbFlt - ok
18:01:44.0881 3292 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:01:44.0932 3292 tunnel - ok
18:01:45.0002 3292 tvicport - ok
18:01:45.0037 3292 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:01:45.0057 3292 uagp35 - ok
18:01:45.0091 3292 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
18:01:45.0103 3292 UBHelper - ok
18:01:45.0159 3292 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:01:45.0207 3292 udfs - ok
18:01:45.0294 3292 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:01:45.0314 3292 uliagpkx - ok
18:01:45.0347 3292 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:01:45.0384 3292 umbus - ok
18:01:45.0443 3292 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:01:45.0474 3292 UmPass - ok
18:01:45.0518 3292 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:01:45.0557 3292 usbccgp - ok
18:01:45.0618 3292 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:01:45.0641 3292 usbcir - ok
18:01:45.0678 3292 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
18:01:45.0717 3292 usbehci - ok
18:01:45.0803 3292 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:01:45.0842 3292 usbhub - ok
18:01:45.0909 3292 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:01:45.0934 3292 usbohci - ok
18:01:45.0967 3292 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:01:45.0997 3292 usbprint - ok
18:01:46.0033 3292 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:01:46.0054 3292 USBSTOR - ok
18:01:46.0079 3292 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:01:46.0096 3292 usbuhci - ok
18:01:46.0133 3292 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:01:46.0151 3292 vdrvroot - ok
18:01:46.0186 3292 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:01:46.0215 3292 vga - ok
18:01:46.0240 3292 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:01:46.0268 3292 VgaSave - ok
18:01:46.0302 3292 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:01:46.0322 3292 vhdmp - ok
18:01:46.0360 3292 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:01:46.0385 3292 viaagp - ok
18:01:46.0417 3292 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:01:46.0443 3292 ViaC7 - ok
18:01:46.0472 3292 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:01:46.0504 3292 viaide - ok
18:01:46.0542 3292 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:01:46.0573 3292 vmbus - ok
18:01:46.0600 3292 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:01:46.0640 3292 VMBusHID - ok
18:01:46.0680 3292 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:01:46.0698 3292 volmgr - ok
18:01:46.0729 3292 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:01:46.0754 3292 volmgrx - ok
18:01:46.0786 3292 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:01:46.0819 3292 volsnap - ok
18:01:46.0891 3292 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
18:01:46.0913 3292 vpcbus - ok
18:01:46.0948 3292 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:01:46.0968 3292 vpcnfltr - ok
18:01:47.0015 3292 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
18:01:47.0046 3292 vpcusb - ok
18:01:47.0142 3292 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
18:01:47.0165 3292 vpcvmm - ok
18:01:47.0223 3292 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:01:47.0243 3292 vsmraid - ok
18:01:47.0258 3292 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:01:47.0287 3292 vwifibus - ok
18:01:47.0344 3292 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:01:47.0387 3292 WacomPen - ok
18:01:47.0457 3292 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:01:47.0510 3292 WANARP - ok
18:01:47.0514 3292 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:01:47.0545 3292 Wanarpv6 - ok
18:01:47.0653 3292 WavxDMgr (e5d696b25acc9aa66dc8e6555b21c962) C:\Windows\system32\DRIVERS\WavxDMgr.sys
18:01:47.0714 3292 WavxDMgr - ok
18:01:47.0751 3292 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:01:47.0766 3292 Wd - ok
18:01:47.0792 3292 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:01:47.0818 3292 Wdf01000 - ok
18:01:47.0957 3292 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:01:47.0990 3292 WfpLwf - ok
18:01:48.0013 3292 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:01:48.0029 3292 WIMMount - ok
18:01:48.0118 3292 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:01:48.0151 3292 WmiAcpi - ok
18:01:48.0265 3292 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:01:48.0300 3292 ws2ifsl - ok
18:01:48.0361 3292 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:01:48.0411 3292 WudfPf - ok
18:01:48.0528 3292 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:01:48.0559 3292 WUDFRd - ok
18:01:48.0640 3292 zntport - ok
18:01:48.0658 3292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:01:48.0849 3292 \Device\Harddisk0\DR0 - ok
18:01:48.0856 3292 Boot (0x1200) (b44e4d667fc9fca384ad3782d34a6f8a) \Device\Harddisk0\DR0\Partition0
18:01:48.0856 3292 \Device\Harddisk0\DR0\Partition0 - ok
18:01:48.0883 3292 Boot (0x1200) (de484ab20249b9c2c8f08232b854fd0d) \Device\Harddisk0\DR0\Partition1
18:01:48.0884 3292 \Device\Harddisk0\DR0\Partition1 - ok
18:01:48.0914 3292 Boot (0x1200) (f4336d082204f9ffafa4a88651247c23) \Device\Harddisk0\DR0\Partition2
18:01:48.0916 3292 \Device\Harddisk0\DR0\Partition2 - ok
18:01:48.0916 3292 ============================================================
18:01:48.0916 3292 Scan finished
18:01:48.0916 3292 ============================================================
18:01:48.0927 0332 Detected object count: 1
18:01:48.0927 0332 Actual detected object count: 1
18:04:20.0127 0332 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:20.0127 0332 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#15
BlackOxide
Posted 15 November 2011 - 01:19 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Could you now run the following program, then get back to me with the log please.



Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP