Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

The Open With box for everything I try [Closed]


  • This topic is locked This topic is locked

#16
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I have run the program before saving it to my desktop. I somehow missed the big red very important. Things like internet browsers arent working.
Im posting from another computer. Save me from myself
  • 0

Advertisements


#17
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok, not to worry. Lets see what's happening...

Please reboot the PC again

Now try your internet browsers again. If you are still having trouble, please answer the following...

  • Does the PC boot into Normal Mode ok, or are you running in Safe Mode?
  • How far did ComboFix get, did you see any Stage numbers appear, e.g Stage 20?
  • Is the ComboFix log C:\ComboFix.txt present. If so, could you post the contents of this please?
  • What happens when you try and open an Internet Browser, do any error messages appear?
  • Do you have access to a USB Memory Stick and another PC/Laptop, as we could transfer programs from that to this one that's having trouble?

  • 0

#18
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
yeah it worked when I rebooted. It finished all the stages. heres the report

ComboFix 11-11-17.03 - James 11/17/2011 15:52:57.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.2137 [GMT -5:00]
Running from: c:\users\James\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 20:57 . 2011-11-17 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 20:48 . 2011-11-17 20:48 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7233839F-E1E5-4144-A979-32CBF9278B32}\MpKslbd83c9f9.sys
2011-11-17 20:48 . 2011-11-17 20:48 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7233839F-E1E5-4144-A979-32CBF9278B32}\offreg.dll
2011-11-16 06:53 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7233839F-E1E5-4144-A979-32CBF9278B32}\mpengine.dll
2011-11-14 22:44 . 2011-11-14 22:44 -------- d-----w- C:\_OTL
2011-11-13 19:54 . 2011-11-13 20:03 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:43 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 20:48 . 2011-06-15 19:44 0 ----a-w- c:\users\James\AppData\Local\WavXMapDrive.bat
2011-10-11 09:29 . 2011-10-11 09:29 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{047A870A-6137-4A79-84A7-116F83E0324F}\gapaengine.dll
2011-10-07 03:48 . 2011-07-29 22:16 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-01 02:42 . 2011-10-13 23:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 02:28 . 2011-10-13 23:14 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-08-27 04:26 . 2011-10-13 23:14 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 23:14 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-20 04:31 . 2011-10-13 23:14 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-09 20:09 . 2011-06-15 19:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-11-17 261888]
"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2010-06-03 451912]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]
"Acer SmartBoot"="c:\program files\Acer\Acer SmartBoot\ASLTray.exe" [2009-05-13 376832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 8092192]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-04-19 147328]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2010-04-19 95616]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"Installation Diagnostics"="c:\program files\Brother\Brmfl06a\Brinstck.exe" [2006-02-04 131072]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl7502ff03;MpKsl7502ff03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0EC42F7-1E00-4FC2-990A-F71DC30BDE02}\MpKsl7502ff03.sys [x]
R1 MpKsl8004bb83;MpKsl8004bb83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25BCFAA6-8254-47A4-837C-5E879F376C89}\MpKsl8004bb83.sys [x]
R1 MpKsl8a271472;MpKsl8a271472;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9A876D6-BC95-4570-9120-FD10A9C069DD}\MpKsl8a271472.sys [x]
R1 MpKslc72a2349;MpKslc72a2349;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0EC42F7-1E00-4FC2-990A-F71DC30BDE02}\MpKslc72a2349.sys [x]
R1 MpKslcb42fa8e;MpKslcb42fa8e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AAB37EB-690A-42E5-B180-F6FD3A60B216}\MpKslcb42fa8e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-11-13 111872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-21 1343400]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [2008-03-11 22560]
S1 MpKslbd83c9f9;MpKslbd83c9f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7233839F-E1E5-4144-A979-32CBF9278B32}\MpKslbd83c9f9.sys [2011-11-17 28752]
S2 ASLSvc;Acer SmartBoot Service;c:\program files\Acer\Acer SmartBoot\ASLSvc.exe [2009-05-13 417792]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-16 1803512]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [2008-03-11 87072]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-02-18 24576]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-11-17 255744]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBD83C9F9
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 19:48]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 19:48]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 22:15]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_m275&r=17050611r306p0445u235z47m4r49s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(3864)
c:\program files\Acer\Acer PowerSaver\SysHook.dll
.
Completion time: 2011-11-17 15:59:01
ComboFix-quarantined-files.txt 2011-11-17 20:59
.
Pre-Run: 27,562,590,208 bytes free
Post-Run: 27,492,962,304 bytes free
.
- - End Of File - - 2EA92F9EA83C9AEB55B6F4CC57569820
  • 0

#19
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent :)

Looking much better now. Lets just do a scan with MBAM to see if it finds any other items lurking.

How is the PC behaving overall now, are any of the original problems still there?



Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply

  • 0

#20
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
The problems appear to be gone. Its scanning now. I still see things on the right side of the bottom tab that I don't recognize but that doesn't mean much: Windows Defender, Realtek HD audio manager, and Microsoft security essentials.
  • 0

#21
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

The problems appear to be gone

:)


I still see things on the right side of the bottom tab that I don't recognize but that doesn't mean much: Windows Defender, Realtek HD audio manager, and Microsoft security essentials.

Those three are fine :yes:


Its scanning now

Jsut let me know if it finds any infections. If it does, please copy and paste the log here.
  • 0

#22
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
A new virus has taken over the computer. Privacy Protection. It wont let me do much of anything
  • 0

#23
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Time for RogueKiller again ;)

You will need to delete the RogueKiller file that you used previously, as it has been updated. Please make sure this step has been carried out first.


Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and press Enter on the keyboard
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Once this has been done, run RogueKiller again and do the following...
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and press Enter on the keyboard
  • The RKreport.txt shall be generated next to the executable.

Please post the contents of the RKreport.txt file(s) in your next Reply.


If you cannot do the above due to the malware interfering, try following the instructions as above again, but this time with your computer booted into Safe Mode with Networking

To get into Safe Mode with Networking:
  • Switch on your PC and immediately start tapping the F8 key on the keyboard
  • Keep tapping it until a menu comes on the screen whereby you have several options to choose from, one of which is Safe Mode with Networking
  • Make sure Safe Mode with Networking is highlighted and then press Enter
  • Your PC will now boot into Safe Mode.




2)
Can you now try and run a Quick Scan with MBAM again please.


Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply



3)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log



In your next reply
Please post the contents of...
RogueKiller logs
MBAM log
OTL log

  • 0

#24
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
heres 2

RogueKiller V6.1.10 [11/18/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: James [Admin rights]
Mode: Remove -- Date : 11/23/2011 15:32:07

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Privacy Protection (C:\Users\James\AppData\Roaming\privacy.exe) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-SP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿ₫1

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#25
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
and heres 6


RogueKiller V6.1.10 [11/18/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: James [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/23/2011 15:36:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 20 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 8 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  • 0

Advertisements


#26
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8184

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

11/23/2011 3:41:21 PM
mbam-log-2011-11-23 (15-41-21).txt

Scan type: Quick scan
Objects scanned: 161839
Time elapsed: 1 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\James\AppData\Local\Temp\0.4304034958248777.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\James\AppData\Roaming\privacy.exe (Rogue.PrvacyProtect) -> Quarantined and deleted successfully.

and heres OTL

OTL logfile created on: 11/23/2011 3:42:21 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 76.79% Memory free
5.93 Gb Paging File | 5.32 Gb Available in Paging File | 89.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 25.64 Gb Free Space | 38.59% Space Free | Partition Type: NTFS
Drive D: | 66.50 Gb Total Space | 66.41 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 17:53:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL(1).com
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 00:39:54 | 000,420,920 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 00:39:53 | 003,702,840 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 00:38:16 | 000,122,952 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 00:38:15 | 000,222,280 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 00:38:14 | 001,746,504 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/20 21:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/03 16:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 18:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 21:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 19:01:04 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2011/11/23 15:38:15 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/23 15:35:40 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 07:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 22:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 18:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 17:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 15:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 14:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2011/11/09 23:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 15:09:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 17:16:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 15:09:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2011/11/14 17:44:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\Windows\System32\wxvault.dll) -C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/24 23:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 01:39:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/17 15:58:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/17 15:57:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/17 15:50:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/17 15:50:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/17 15:50:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/17 15:50:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/17 15:50:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/14 17:44:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/13 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\RK_Quarantine
[2011/11/04 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/11/23 15:41:55 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\efhv.sys
[2011/11/23 15:35:40 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/11/23 15:30:54 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/23 15:30:54 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/23 15:29:56 | 000,766,976 | ---- | M] () -- C:\Users\James\Desktop\RogueKiller(1).exe
[2011/11/23 15:26:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 15:26:23 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 15:25:27 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 15:25:27 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 15:20:00 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2011/11/23 15:19:41 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/11/23 15:19:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 01:53:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/18 18:20:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2011/11/18 16:20:51 | 000,002,367 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk
[2011/11/17 18:31:09 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 17:44:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

========== Files Created - No Company Name ==========

[2011/11/23 15:41:55 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\efhv.sys
[2011/11/23 15:29:51 | 000,766,976 | ---- | C] () -- C:\Users\James\Desktop\RogueKiller(1).exe
[2011/11/17 15:50:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/17 15:50:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/17 15:50:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/17 15:50:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/17 15:50:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/13 15:00:39 | 000,002,656 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/11/13 15:00:39 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Acer Registration.lnk
[2011/11/13 15:00:39 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Veriton ControlCenter.lnk
[2011/11/13 15:00:39 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/13 15:00:39 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/13 15:00:39 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 15:00:39 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/11/13 15:00:39 | 000,000,042 | ---- | C] () -- C:\Users\Public\Desktop\Network PhotoCapture Centre.url
[2011/11/13 15:00:38 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 15:00:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 15:00:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 15:00:37 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 15:00:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 15:00:33 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/11/13 15:00:33 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/13 15:00:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 15:00:33 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 15:00:33 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 15:00:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/13 14:54:23 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/11/04 17:17:01 | 000,002,367 | ---- | C] () -- C:\Users\James\Desktop\Google Chrome.lnk
[2011/11/04 17:15:36 | 000,000,908 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2011/11/04 17:15:35 | 000,000,856 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2011/07/28 14:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 14:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 14:08:49 | 000,000,226 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 14:08:49 | 000,000,094 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 14:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 14:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 14:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/06/20 14:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 14:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 14:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/14 12:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 12:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 12:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 12:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 12:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 12:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/06 05:46:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/04/19 01:00:28 | 000,010,752 | -H-- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 22:33:16 | 000,249,856 | -H-- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 12:21:16 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 12:21:16 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 12:21:14 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 12:21:12 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 12:21:12 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 12:21:06 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 12:21:04 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 12:21:04 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 12:21:02 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 12:21:00 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 12:21:00 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 12:20:58 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 12:20:58 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 12:20:56 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 12:20:54 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 12:20:54 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 12:20:52 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 12:20:52 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 12:20:50 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 12:20:48 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 12:20:48 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 12:20:46 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 12:20:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 12:20:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 12:20:42 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 12:20:40 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 12:20:40 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 12:20:38 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 12:20:36 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 17:27:22 | 000,839,680 | -H-- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 18:25:08 | 000,917,504 | -H-- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,424,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/08 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\COW
[2011/09/09 00:16:13 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2011/09/08 04:52:51 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#27
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Looks like that killed Privacy Protect. Are you having any problems with rogue popups or redirects whilst on the internet?


Could you check out the following file for me please:

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Windows\System32\drivers\efhv.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#28
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I cant seem to follow that filepath. As in, I dont see that file anymore.


What would you suggest if I had windows XP, malwarebytes can't open, and I cant start in safemode?
  • 0

#29
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

I cant seem to follow that filepath. As in, I dont see that file anymore.

Could well be the case that it is just no longer there. Could you do a fresh scan with OTL for me using the steps below.

OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

    C:\Windows\System32\drivers\efhv.sys /md5
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log


Are you experiencing any problems with this PC now, with rogue popups etc, or does everything seem back to normal?



With the XP one, we can give that a go after this one if you want. Best not to confuse two PC's at once :)
  • 0

#30
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I don't seem to have any problems anymore. You are good. I have to put my start menu back together but thats nothing.

OTL logfile created on: 11/29/2011 9:03:12 PM - Run 8
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\James\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.31% Memory free
5.93 Gb Paging File | 4.33 Gb Available in Paging File | 73.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 24.38 Gb Free Space | 36.69% Space Free | Partition Type: NTFS
Drive D: | 66.50 Gb Total Space | 66.41 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 13:21:52 | 006,856,528 | ---- | M] (Spotify Ltd) -- C:\Users\James\AppData\Roaming\Spotify\spotify.exe
PRC - [2011/11/09 15:09:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 15:57:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/03 16:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/04/19 02:30:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/11/17 17:18:10 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/05/12 21:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009/04/17 16:17:30 | 000,434,176 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
PRC - [2009/02/17 19:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 15:57:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/20 21:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/03 16:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 18:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 19:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 21:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 19:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2011/11/29 20:59:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80F7F906-140B-4AAF-8574-0FC0E8CE5A80}\MpKsl7493f222.sys -- (MpKsl7493f222)
DRV - [2011/11/23 15:35:40 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 07:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 22:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 18:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 17:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 15:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 14:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2011/11/09 23:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/11/09 15:09:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 17:16:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 15:09:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/14 17:44:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Spotify] C:\Users\James\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\Windows\System32\wxvault.dll) - C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/24 23:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 11:35:47 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Spotify
[2011/11/28 11:35:14 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Spotify
[2011/11/17 15:58:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/17 15:57:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/17 15:50:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/17 15:50:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/17 15:50:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/17 15:50:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/17 15:50:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/14 17:44:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/13 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\RK_Quarantine
[2011/11/04 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/11/29 20:55:54 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 20:55:54 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 20:53:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/29 20:52:42 | 000,627,632 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/29 20:52:42 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/29 20:48:30 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/11/29 20:48:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/29 20:48:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/29 20:48:16 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/11/29 20:48:12 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/29 00:20:00 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2011/11/28 18:20:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2011/11/28 11:35:46 | 000,000,881 | ---- | M] () -- C:\Users\James\Desktop\Spotify.lnk
[2011/11/23 15:35:40 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/11/23 15:29:56 | 000,766,976 | ---- | M] () -- C:\Users\James\Desktop\RogueKiller(1).exe
[2011/11/18 16:20:51 | 000,002,367 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk
[2011/11/17 18:31:09 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 17:44:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

========== Files Created - No Company Name ==========

[2011/11/29 20:48:16 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/11/28 11:35:46 | 000,000,881 | ---- | C] () -- C:\Users\James\Desktop\Spotify.lnk
[2011/11/28 11:35:46 | 000,000,867 | ---- | C] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/11/23 15:29:51 | 000,766,976 | ---- | C] () -- C:\Users\James\Desktop\RogueKiller(1).exe
[2011/11/17 15:50:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/17 15:50:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/17 15:50:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/17 15:50:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/17 15:50:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/13 15:00:39 | 000,002,656 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/11/13 15:00:39 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Acer Registration.lnk
[2011/11/13 15:00:39 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Veriton ControlCenter.lnk
[2011/11/13 15:00:39 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/13 15:00:39 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/13 15:00:39 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 15:00:39 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/11/13 15:00:39 | 000,000,042 | ---- | C] () -- C:\Users\Public\Desktop\Network PhotoCapture Centre.url
[2011/11/13 15:00:38 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 15:00:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 15:00:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 15:00:37 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 15:00:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 15:00:33 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/11/13 15:00:33 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/13 15:00:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 15:00:33 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 15:00:33 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 15:00:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/13 14:54:23 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/11/04 17:17:01 | 000,002,367 | ---- | C] () -- C:\Users\James\Desktop\Google Chrome.lnk
[2011/11/04 17:15:36 | 000,000,908 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2011/11/04 17:15:35 | 000,000,856 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2011/07/28 14:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 14:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 14:08:49 | 000,000,226 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 14:08:49 | 000,000,094 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 14:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 14:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 14:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/06/20 14:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 14:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 14:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/14 12:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 12:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 12:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 12:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 12:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 12:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/06 05:46:16 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/04/19 01:00:28 | 000,010,752 | -H-- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 22:33:16 | 000,249,856 | -H-- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 12:21:16 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 12:21:16 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 12:21:14 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 12:21:12 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 12:21:12 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 12:21:06 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 12:21:04 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 12:21:04 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 12:21:02 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 12:21:00 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 12:21:00 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 12:20:58 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 12:20:58 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 12:20:56 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 12:20:54 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 12:20:54 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 12:20:52 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 12:20:52 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 12:20:50 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 12:20:48 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 12:20:48 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 12:20:46 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 12:20:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 12:20:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 12:20:42 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 12:20:40 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 12:20:40 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 12:20:38 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 12:20:36 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 17:27:22 | 000,839,680 | -H-- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 18:25:08 | 000,917,504 | -H-- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,424,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,632 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/25 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\COW
[2011/09/09 00:16:13 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2011/11/29 20:53:34 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Spotify
[2011/09/08 04:52:51 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\Windows\System32\drivers\efhv.sys /md5 >

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP