Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected by Trojan (win32.agent.adb) [Solved]


  • This topic is locked This topic is locked

#31
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Did you save the Kaspersky log? If so, could you please post it? Also, how is your computer running now?
  • 0

Advertisements


#32
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi blmadara

My computer is running smoothly now. The part of the Kaspersky log that you referred to, doesn't exist. What do you want me to post?
  • 0

#33
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi Meso99,

All I'd like to see is the names and locations of the files that were infected and fixed/removed.
  • 0

#34
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Deleted: Trojan-Downloader.WMA.Wimad.ag G:\English\Ting Tings - We Started Nothing [Full Album] (2008)\08 The Ting Tings - We Walk.mp3
Deleted: Trojan-Downloader.WMA.Wimad.ag G:\English\Rihanna - Good Girl Gone Bad\05 - Shut Up & Drive.mp3
Deleted: Trojan-Downloader.WMA.Wimad.ag G:\English\Lenny Kravitz It Is Time For A Love Revolution 2008 oothe\08-lenny_kravitz-i_love_the_rain.mp3
Deleted: Trojan-Downloader.WMA.Wimad.ag G:\English\Madonna - Hard Candy (2008)\Madonna -10- Spanish Lesson.mp3
Detected: not-a-virus:Client-IRC.Win32.mIRC.ct C:\Documents and Settings\acer\Downloads\mirc719.exe/data0002/data0015 Information
Detected: not-a-virus:Client-IRC.Win32.mIRC.ct C:\Documents and Settings\acer\Downloads\mirc719.exe/data0002/data0015 Information
Detected: not-a-virus:Client-IRC.Win32.mIRC.ct C:\Users\acer\Downloads\mirc719.exe/data0002/data0015 Information
Detected: not-a-virus:Client-IRC.Win32.mIRC.ct C:\Users\acer\Downloads\mirc719.exe/data0002/data0015 Information
Detected: not-a-virus:RiskTool.Win32.FWDisabler.a F:\$RECYCLE.BIN\S-1-5-21-3428929090-3413326335-2922480130-1000\$RQOMP1J.exe/Torpark 2.0.0.3a/App/Tconfig.exe/data0004 Information
Detected: Trojan-Downloader.WMA.GetCodec.j G:\English\Rihanna - Disturbia (Remixes)\06. Disturbia (Craig C & Nique's Tribal Mayhem Mix).mp3
Detected: Trojan-Downloader.WMA.Wimad.ag G:\English\Rihanna - Good Girl Gone Bad\05 - Shut Up & Drive.mp3
Detected: Trojan-Downloader.WMA.Wimad.ag G:\English\Ting Tings - We Started Nothing [Full Album] (2008)\08 The Ting Tings - We Walk.mp3
Detected: Trojan-Downloader.WMA.Wimad.ag G:\English\Madonna - Hard Candy (2008)\Madonna -10- Spanish Lesson.mp3
Detected: Trojan-Downloader.WMA.Wimad.ag G:\English\Lenny Kravitz It Is Time For A Love Revolution 2008 oothe\08-lenny_kravitz-i_love_the_rain.mp3
Detected: Worm.VBS.Autorun.ak H:\information.vbs
  • 0

#35
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi Meso99, your logs are looking good. We have one more thing to fix

StepOne: OTL Fix

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Congratulations, your logs appear clean again! Now we have some cleanup to do.

Clean up with ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall


Clean up with OTL

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands 
    [CLEARALLRESTOREPOINTS]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Note: If any logs/tools remain on your desktop > right click and delete them.

Update Adobe Reader

It's very important that you keep your computer updated with the latest Adobe updates.
  • Open Adobe Reader.
  • Click Help on the menu at the top.
  • Click Check for Updates.
  • Allow any updates to be downloaded and installed.





Preventative Programs

Anti Spyware

I recommend updating and scanning with MalwareBytes Anti-Malware once a week to rid your system of spyware.


Personal Firewalls

It is very important that you use a firewall on your computer in addition to an anti-virus program. For a tutorial on using and understanding firewalls, please go here. Please download and install one of the following free firewalls if you do not already have one installed.

Anti Virus Programs

One antivirus is a must have! Never install more than one antivirus program because these programs will conflict with one another, slow your computer down and lower your overall protection. I recommend Microsoft Security Essentials.

Temp File Cleaner

Finally, it is a good idea to clear out all your temp files every now and then. This will help keep your computer from slowing down and it can also assist in getting rid of files that may contain malicious code that could re-infect your computer.
  • TFC is a great tool to clean temporary files.


Update Windows

It is important to keep your operating system updated. To enable Automatic Updates so that updates are downloaded and installed automatically, click on your version of Windows below:



Finally, to learn more about how to protect yourself while on the internet read How did I get infected in the first place?



I will keep this thread open for a few days, so if you have any further problems post another reply here.




What I need in your next post:
1. The OTL log that was produced when you ran the fix.
  • 0

#36
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hello blmadara

Everything went well, except when combofix was uninstalled, a malware was detected by avg: tr/crypt.xpack.gen at C:\32788R22FWJFW\Handle.3xe

The OTL log is below:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: acer
->Temp folder emptied: 20325808 bytes
->Temporary Internet Files folder emptied: 6166546 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68111396 bytes
->Flash cache emptied: 1772 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21641645 bytes
RecycleBin emptied: 315691288 bytes

Total Files Cleaned = 412.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12062011_234506

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#37
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi Meso99, everything looks good. That file is used by ComboFix and is most likely a false positive.

I'll keep this post open for a few days. If you have any more problems please post here.
  • 0

#38
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hello blmadara

I performed a full system scan with malwarebytes and detected an infection. I quarantined it and the computer restart by itself. I am not sure what to make of it
  • 0

#39
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi Meso99, let's see if we can get this sorted out.


Step One: Post Malewarebytes log

Please post the latest Malewarebytes log. Open MBAM and click on the Logs tab. Find the log with the correct date and post it in your next reply.



Step Two: Custom OTL Scan

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    C:\Windows\assembly\tmp\U\*.* /s 
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    conserv.dll
    consrv.dll
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 90 days.
  • Under Extra Registry heading, select Use Safelist.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the logs it produces in your next reply.

What I need in your next post:
1. The latest Malewarebytes log.
2. Both logs from the OTL custom scan, OTL.txt and Extras.txt.
  • 0

#40
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hello blmadara

This is the malewarebyte log that detected the infection. The lastest log says that my computer is clean

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8186

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

18/11/2011 10:20:58 PM
mbam-log-2011-11-18 (22-20-58).txt

Scan type: Quick scan
Objects scanned: 163418
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Live (Backdoor.Agent.Gen) -> Value: Windows Live -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#41
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL logfile created on: 12/12/2011 4:53:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\acer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 61.40% Memory free
6.06 Gb Paging File | 4.62 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227.88 Gb Total Space | 178.28 Gb Free Space | 78.24% Space Free | Partition Type: NTFS
Drive D: | 224.03 Gb Total Space | 182.35 Gb Free Space | 81.40% Space Free | Partition Type: NTFS

Computer Name: ALEXIS | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/12/07 00:20:47 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/12/03 19:06:24 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/03 19:06:23 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/11/22 23:58:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/01/15 15:51:04 | 000,025,600 | ---- | M] (pdfconverter.com) -- C:\Program Files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/11 16:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/18 11:43:20 | 000,173,352 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/16 18:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 17:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/02 03:21:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/25 09:24:10 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/07/20 20:15:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 20:15:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/19 09:34:36 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/06/04 22:33:36 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/06/03 02:55:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/31 05:54:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/05/15 10:35:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 10:35:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/05/07 18:49:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/06 05:26:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2008/01/17 12:05:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/01/11 10:33:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2007/12/07 09:45:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/10/24 04:26:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/03/28 05:30:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/03 19:06:23 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/10/13 18:05:19 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/13 18:03:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/13 18:03:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 17:59:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 17:59:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 17:59:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 17:59:05 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011/10/13 17:58:11 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 17:57:57 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/30 15:12:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/03/26 06:55:17 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009/03/26 06:55:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009/03/26 06:55:16 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2009/03/18 11:43:22 | 000,841,000 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/03/18 11:43:18 | 000,013,096 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008/06/12 03:51:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/05/15 10:35:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/04/29 03:19:18 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2007/10/24 04:26:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007/09/12 04:42:08 | 000,475,136 | ---- | M] () -- C:\Program Files\Acer\Acer VCM\AcerControl.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/03 19:06:24 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/30 12:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/16 18:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 17:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/20 20:15:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/06/03 02:55:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/05/15 10:35:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 12:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 12:05:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/01/11 10:33:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/07 09:45:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/08/05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/11/17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/07/19 09:35:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/06/04 20:24:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/06/03 02:50:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/19 22:12:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/17 12:05:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/10/19 09:06:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/29 01:21:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...9&m=aspire_6930


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/acer/Documents/Homepage.htm"
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://isearch.avg.c...6:16&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 09:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/22 18:15:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/03 19:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 18:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 16:28:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/22 18:15:10 | 000,000,000 | ---D | M]

[2009/10/07 17:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions
[2009/10/07 17:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/10 21:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\hgz8kyb4.default\extensions
[2009/04/18 17:41:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\hgz8kyb4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(134)
[2011/12/10 16:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 16:10:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/10 16:41:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/11/22 09:40:52 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/12/03 19:06:29 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.18
[2011/11/13 13:54:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/10 16:41:14 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/27 05:19:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/03 01:17:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/03 19:06:22 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/03 01:17:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 01:17:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/03 01:17:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/03 01:17:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/22 13:07:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Free PDF Print Dispatcher] C:\Program Files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe (pdfconverter.com)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.231.203.132 192.231.203.3 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{453DDBCE-D33E-4D5E-9C17-02BAFDCF6545}: DhcpNameServer = 192.231.203.132 192.231.203.3 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E217774-280A-4865-A300-161A71014367}: DhcpNameServer = 202.171.191.10 202.171.190.10
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2011/12/12 16:52:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2011/12/10 16:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/12/10 16:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/10 16:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/12/06 23:51:15 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/03 19:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/11/28 16:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/11/24 12:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/24 10:12:24 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/11/24 10:12:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/11/24 10:12:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/24 10:12:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/11/24 10:12:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/11/24 10:12:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/24 10:12:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/11/24 10:12:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/11/24 10:12:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/24 10:12:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/11/24 10:12:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/24 10:12:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/24 10:12:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/24 10:12:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/11/24 10:12:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/11/24 10:12:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/11/24 10:12:22 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/24 10:12:22 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/24 10:12:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/24 10:12:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/24 10:12:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/24 10:12:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/11/24 10:12:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/11/24 10:12:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/24 10:12:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/24 10:12:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/24 10:12:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/11/24 10:12:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/11/24 10:12:20 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/11/24 10:12:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/11/24 10:12:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/11/24 10:12:20 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/11/24 10:12:20 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/24 10:12:20 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/11/24 10:12:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/24 10:12:20 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/11/24 10:12:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/22 13:13:37 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\temp
[2011/11/22 13:12:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/20 21:20:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/18 22:23:25 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Yahoo!
[2011/11/18 17:41:05 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Malwarebytes
[2011/11/18 17:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/18 17:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/18 17:40:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/18 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/16 18:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/11/16 18:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/11/16 18:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/11/13 01:48:49 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\Repair
[2011/11/11 18:54:25 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\New Folder
[2011/10/29 19:50:25 | 000,000,000 | R--D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games - Shortcut
[2011/10/29 19:47:25 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\HpUpdate
[2011/10/29 19:47:22 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/10/27 16:10:09 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/27 16:10:09 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/27 16:10:09 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/22 18:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/10/22 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\HP
[2011/10/22 18:20:32 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\HP
[2011/10/22 18:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/10/22 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/22 18:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/10/22 18:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/10/22 18:08:35 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510g-m
[2011/10/22 18:07:06 | 000,966,656 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop5.dll
[2011/10/22 18:07:05 | 000,749,568 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax6.dll
[2011/10/22 18:07:05 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwvst01.dll
[2011/10/22 18:05:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/22 18:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/10/22 18:00:46 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/10/22 18:00:41 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l70w.dll
[2011/10/22 17:58:46 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/10/22 17:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/10/14 21:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/14 21:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/10/14 21:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/10/14 21:04:54 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\AVG2012
[2011/10/14 21:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/13 16:50:42 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/13 16:50:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 16:50:42 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 16:50:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/13 16:50:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/13 16:50:30 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/13 16:50:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/07 06:23:48 | 000,230,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011/10/04 06:21:16 | 000,016,720 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSShim.sys
[2011/10/03 19:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2011/10/03 18:48:57 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/10/03 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/10/03 18:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/10/03 18:38:00 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Grisoft
[2011/10/03 18:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2011/10/03 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2011/10/03 16:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Downloads
[2011/09/22 13:41:32 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{998D8519-A0F6-4902-8178-82F11ED21F29}
[2011/09/22 13:41:29 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{F3F17717-EE1B-43A8-9179-8B1B377B80A6}
[2011/09/22 13:41:29 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{CBC83BA3-A16D-49FE-A02D-2CD8965EEE90}
[2011/09/22 00:50:22 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{27118ADA-728C-4601-A50B-930ED9BFC1C3}
[2011/09/22 00:50:19 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{7603CEAD-FE67-4A26-975C-7577859CC2E9}
[2011/09/21 01:51:48 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{A6DA6899-3F2A-4FCB-9E23-E86B5B4D56BD}
[2011/09/21 01:51:43 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{BC1F1D61-8936-4999-A584-E43998B55766}
[2011/09/20 03:28:31 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{2F3FEB76-6B2C-4AE5-960E-9B0137A7F98A}
[2011/09/20 03:19:42 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{1D0FBF10-7C82-461A-A38B-A079073FC11C}
[2011/09/20 03:19:38 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\{E9EF6813-E9C6-4019-8A93-8F9E25E38EE0}
[2011/09/19 13:18:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/13 23:21:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\mIRC
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008/07/22 18:31:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[3 C:\Users\acer\Desktop\*.tmp files -> C:\Users\acer\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/12/12 16:46:30 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/12 16:46:30 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/12 16:45:52 | 111,915,926 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/12 16:40:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/12/12 16:40:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 16:40:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 16:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/12 16:40:00 | 3146,637,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 16:48:31 | 000,000,980 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/10 16:41:13 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/12/10 16:41:13 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/12/10 16:41:13 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/12/10 16:41:13 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/12/10 01:23:52 | 000,000,133 | ---- | M] () -- C:\Windows\funpok.ini
[2011/12/08 11:38:07 | 000,001,356 | ---- | M] () -- C:\Users\acer\AppData\Local\d3d9caps.dat
[2011/12/07 00:14:39 | 000,349,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/03 17:59:12 | 000,320,794 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/03 10:47:44 | 000,086,016 | ---- | M] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 14:23:54 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/24 10:12:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/11/24 10:12:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/11/24 10:12:24 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/11/24 10:12:24 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/11/24 10:12:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/24 10:12:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/11/24 10:12:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/11/24 10:12:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/24 10:12:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/11/24 10:12:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/11/24 10:12:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/24 10:12:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/11/24 10:12:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/24 10:12:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/24 10:12:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/24 10:12:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/11/24 10:12:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/11/24 10:12:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/11/24 10:12:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/11/24 10:12:22 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/24 10:12:22 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/24 10:12:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/24 10:12:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/24 10:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/24 10:12:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/11/24 10:12:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/11/24 10:12:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/24 10:12:21 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/24 10:12:21 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/24 10:12:21 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/11/24 10:12:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/11/24 10:12:20 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/11/24 10:12:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/11/24 10:12:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/11/24 10:12:20 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/11/24 10:12:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/24 10:12:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/11/24 10:12:20 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/24 10:12:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/11/24 10:12:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/22 23:58:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2011/11/22 13:07:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/18 17:40:59 | 000,000,934 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/16 20:14:56 | 000,000,544 | ---- | M] () -- C:\Windows\wininit.ini
[2011/10/28 22:49:43 | 000,205,144 | ---- | M] () -- C:\Windows\hpwins26.dat
[2011/10/22 18:10:42 | 000,001,976 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSShim.sys
[2011/10/03 17:16:46 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011/10/03 16:41:29 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/10/02 19:18:52 | 000,001,059 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/29 19:24:24 | 000,000,000 | ---- | M] () -- C:\Users\acer\Documents\Foto0127.jpg
[2011/09/22 13:40:51 | 000,002,299 | ---- | M] () -- C:\Users\acer\AppData\Roaming\acervcmtmp.ini
[2011/09/13 23:25:27 | 000,152,308 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[3 C:\Users\acer\Desktop\*.tmp files -> C:\Users\acer\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 16:48:31 | 000,000,980 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/10 16:28:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/10 16:13:01 | 000,001,788 | ---- | C] () -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/12/10 01:23:49 | 000,000,133 | ---- | C] () -- C:\Windows\funpok.ini
[2011/11/27 10:59:48 | 3146,637,312 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/24 10:12:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/18 17:40:59 | 000,000,934 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/28 20:12:44 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011/10/22 18:12:37 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/22 18:10:42 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/22 18:02:01 | 000,205,144 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011/10/03 17:16:46 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011/10/03 16:41:29 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/10/02 19:18:52 | 000,001,059 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/29 19:24:05 | 000,000,000 | ---- | C] () -- C:\Users\acer\Documents\Foto0127.jpg
[2011/09/20 12:30:56 | 000,002,299 | ---- | C] () -- C:\Users\acer\AppData\Roaming\acervcmtmp.ini
[2011/09/13 23:25:27 | 000,152,308 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/29 11:33:58 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2010/04/21 19:08:14 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/04/21 19:08:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/04/21 19:08:14 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/04/21 18:29:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/02/20 18:47:21 | 000,031,007 | ---- | C] () -- C:\Users\acer\AppData\Roaming\UserTile.png
[2010/02/20 15:48:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 18:31:55 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Local\prvlcl.dat
[2009/10/02 22:32:55 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/21 00:32:33 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/21 00:32:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/21 00:17:23 | 000,000,544 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/18 17:01:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2009/06/16 17:25:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/16 17:25:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/27 19:55:49 | 000,001,356 | ---- | C] () -- C:\Users\acer\AppData\Local\d3d9caps.dat
[2009/04/02 10:14:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/28 10:52:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/03/28 10:52:03 | 000,107,132 | ---- | C] () -- C:\Windows\UninstallFirefox.exe
[2009/03/28 10:51:55 | 000,002,806 | ---- | C] () -- C:\Windows\mozver.dat
[2009/03/28 10:21:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/28 06:07:26 | 000,086,016 | ---- | C] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 06:47:24 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/03/26 06:47:24 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/03/26 06:47:24 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/11/07 03:07:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 06:24:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/07/23 06:24:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/07/23 05:58:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/23 05:56:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/23 05:56:10 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/07/23 05:56:10 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/07/23 05:56:09 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/07/23 05:54:31 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/07/23 05:43:06 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/07/23 05:43:06 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/23 05:43:06 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/23 05:43:06 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2006/11/02 23:27:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 23:17:37 | 000,349,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 23:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:03:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 21:03:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 21:03:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 21:03:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:55:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\brmsi06f.bin
[2006/11/02 20:53:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 19:28:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:49:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 18:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:55:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/27 09:42:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 17:16:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 10:03:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 15:34:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< C:\Windows\assembly\tmp\U\*.* /s >

< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/10/29 16:50:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 14:29:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 16:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 16:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:45:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 12:54:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 12:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 12:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 12:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 12:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 12:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 12:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/11/02 20:55:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\inf\volsnap.inf
[2006/11/02 17:05:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2006/11/02 23:11:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 23:11:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2008/07/23 05:05:32 | 000,004,940 | ---- | M] () MD5=8BB59B2576993A142AF85BAC5D9995F7 -- C:\Windows\inf\volsnap.PNF
[2008/07/23 05:05:32 | 000,004,940 | ---- | M] () MD5=F86E905420A12D5AAE107DBBC25E6A18 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2006/11/02 20:21:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 17:02:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 17:02:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 17:02:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/21 12:53:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 12:53:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2008/01/21 12:55:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2008/01/21 12:55:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2006/11/02 23:11:23 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2009/04/11 16:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 16:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 16:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 12:54:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/13 13:54:10 | 000,713,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/13 13:54:10 | 000,713,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/13 13:54:10 | 000,713,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/13 13:54:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/13 13:54:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/13 13:54:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/24 10:12:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/24 10:12:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/24 10:12:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/24 10:12:23 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/11/24 10:12:23 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/13 13:54:10 | 000,713,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/13 13:54:10 | 000,713,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/13 13:54:10 | 000,713,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/13 13:54:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/13 13:54:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/13 13:54:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/24 10:12:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/24 10:12:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/24 10:12:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/24 10:12:23 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/11/24 10:12:23 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
  • 0

#42
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL Extras logfile created on: 12/12/2011 4:53:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\acer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 61.40% Memory free
6.06 Gb Paging File | 4.62 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227.88 Gb Total Space | 178.28 Gb Free Space | 78.24% Space Free | Partition Type: NTFS
Drive D: | 224.03 Gb Total Space | 182.35 Gb Free Space | 81.40% Space Free | Partition Type: NTFS

Computer Name: ALEXIS | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] --

[HKEY_USERS\S-1-5-21-3428929090-3413326335-2922480130-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C171AD-7EDA-483F-8C6F-D86DB8082383}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{0ABA1FE4-037B-4B53-993A-AF93DF3DDA4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{102AC62C-2A35-4A9D-A19B-ECF639895F16}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1647C1E8-FD91-4405-A242-0138592E6142}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{16C7A0A3-B326-4D80-9E00-A738F0A06B93}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{244D9B47-FF31-4008-9F5E-13D2245775C8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{2710BC2A-5B8A-4DB5-9899-448083C18BA8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{2B941D64-1A4E-439A-BE28-8F425AAF6DFB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2B9E976A-CB4D-4689-9BF7-5A12EA690327}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{2D149403-91D1-4F69-A1B2-645BC9386154}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{313EDED5-F612-420B-82A8-BAB523DF6D05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{31FC18EA-11E9-4961-BF0D-95BF69515EC1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{369F4590-50FC-4CA5-A284-116092BC948C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{36DB36B6-432D-4699-AFD8-587A1D12D1DE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{3C4692AE-4058-42FD-A781-DF2DE10F356A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3C4EA35A-D7F7-466E-9F3E-61D0CD201C34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{3E8026FD-58B1-4DA8-AB32-7671B43EAC59}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3F7A9C02-F09F-4660-A31A-B21D7B6254B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41E30A05-362E-4067-A70C-DBDE8E54DCEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{46E16782-E680-4A81-9734-180089B377A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{4CC691E5-BDDE-4E67-A785-85ECAA6FA4BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{501EEF46-CEF8-43FF-ABB1-350A4739DDFD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{521E84EA-1B50-4088-8A03-F56C4A49F861}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{5916031D-51FA-4536-B863-D66D0C3E3ADF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5E5C6576-0E40-4C73-A16C-D8969F898106}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6B2DE518-1EAE-4B7B-BC8D-277AC63F33F6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6CCCFDE7-43C4-4166-94FF-748A21AE8607}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{6CE13BAB-0044-4A1B-A172-D527C162E66C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{76E52165-A228-4554-A6D1-625CA6E18AD3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{82A2761F-EB86-4B94-8A08-F3620CEAB911}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{88AB04C2-4FF9-411B-ABEF-83B22C356335}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8C169B6A-C80A-495F-B935-764E385CF399}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8E9A05F9-73E9-4F09-83E7-57C1AFF70A8E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{8F4B0D61-90DE-446F-A969-2B6B78E74D1B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9032BC65-DE2B-49B2-8A53-B8B878C3338A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{921B87C6-405A-4FD1-94DF-A3C2DE8A93C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{92B5A179-22FB-4586-B10C-7E3E46449A06}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{968B0FF2-E7A7-4CB1-A305-28D237CB1AE9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A0022E03-7D72-4B9D-82BB-67F0E89BA70F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A4372B12-4DB1-4BBC-87D4-DC97E33051F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{A4E09777-EB46-4C6B-BDC2-8D5435B07ADF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{A5203E6D-5F1C-4A5D-8BED-1F88F2C865F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{AC2FA639-C6BE-410A-9A07-660683F4190F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AE06F4D7-C143-4A6A-B902-10E03D793330}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B4B110AD-2B66-40E0-A1A9-BCEDBB34936E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{B7CA6A87-952A-4872-B52E-4878BBC9322F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{BDE52685-3FDE-46B3-A490-DDF286A38CD4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C3AB9234-761A-4D9B-902A-9C83FFEF1741}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C84586B1-3C2A-49B4-A032-A0127A1EC5B4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CE134972-80FE-4EB6-A6F4-88D708D290AC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{D75637C7-94B7-4FCA-A456-4618815D8DE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D7BCF9DE-0B80-40CC-90C6-3A2D9D52DDBC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D9BB5EAB-F091-4604-804C-09D150909543}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{DA5051CF-D474-4874-91E0-6AF89A6E709C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E2CD2DE7-07D5-4020-AE80-EE86AEAFEADD}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{E9DDAD10-DA64-41AB-84AF-9BA7F303ECA1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F85AD71B-62AD-46EC-9AF4-547F366D125F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{FB1DF7E4-63DB-4A58-8D50-B8C0E2755B50}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{FCF6B34D-BD65-4894-900B-CA0F9A45F03E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{0CA97144-42B7-4F6C-A14D-E4C9C7499E87}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{1A85F2E4-A5AC-4EE5-9999-0C67DDC0E4A6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{5016DD1E-9AEB-4780-B9CA-832AF7AE54CD}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{7497DB47-AD15-4AFA-8CAF-351929DECB89}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{94A366A7-B987-4D88-A0F7-5A6B73A77F1F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AFB08ED7-0860-41AE-B05D-A37CACBD2F78}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B64F3B66-6395-4873-9B07-700EEBAEC562}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{DBEB0832-9D52-46F6-BB0C-0DE2437A138D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1A9C6146-B72F-4455-9AC7-79E60BF48D33}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{361134BB-36C7-400C-BACB-F9E995C4BD9C}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3623348A-4437-49FE-A8A5-2EE17C4691A5}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{37893A8A-0766-4C07-9D89-D1401AB9A074}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{45CCB316-BEA6-468D-9F78-C8BB5CF3A366}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C49C0121-7E30-44C5-B98C-2A3EBEDCE5BD}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{CC176478-9A0F-40A3-B293-D4C1F59EFA74}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D1D2292E-A640-464B-9B40-2BCC5057BB40}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AA0475E-1CC0-47F0-A1E0-28F2DBDB00D1}_is1" = FreePDF Creator
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ffdshow_is1" = ffdshow [rev 3092] [2009-09-27]
"FileHippo.com" = FileHippo.com Update Checker
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 7.1u
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.85
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3428929090-3413326335-2922480130-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2011 1:38:31 AM | Computer Name = Alexis | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2011 5:57:10 AM | Computer Name = Alexis | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 11.5.0.152, time
stamp 0x4ecdebce, faulting module ieframe.dll, version 9.0.8112.16437, time stamp
0x4e5eeecc, exception code 0xc0000005, fault offset 0x000d5f79, process id 0xd20,
application start time 0x01ccb7038d1ce534.

Error - 10/12/2011 10:12:22 AM | Computer Name = Alexis | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2011 5:38:34 PM | Computer Name = Alexis | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2011 7:04:09 PM | Computer Name = Alexis | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2011 8:32:09 PM | Computer Name = Alexis | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 11.5.0.152, time
stamp 0x4ecdebce, faulting module ieframe.dll, version 9.0.8112.16437, time stamp
0x4e5eeecc, exception code 0xc0000005, fault offset 0x000d5f79, process id 0x15d4,
application start time 0x01ccb790f2d87149.

Error - 11/12/2011 12:12:18 AM | Computer Name = Alexis | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2011 3:59:19 AM | Computer Name = Alexis | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2011 6:01:04 AM | Computer Name = Alexis | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2011 2:10:19 AM | Computer Name = Alexis | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 17/04/2010 2:53:13 AM | Computer Name = Alexis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2652
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 17/04/2010 10:03:29 AM | Computer Name = Alexis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25809
seconds with 3300 seconds of active time. This session ended with a crash.

Error - 31/10/2010 5:34:23 AM | Computer Name = Alexis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24181
seconds with 3900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/12/2011 9:47:29 AM | Computer Name = Alexis | Source = DCOM | ID = 10010
Description =

Error - 9/12/2011 11:12:45 AM | Computer Name = Alexis | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 00215D65E464 has been denied by the DHCP server 10.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/12/2011 1:58:21 AM | Computer Name = Alexis | Source = DCOM | ID = 10005
Description =

Error - 10/12/2011 1:58:22 AM | Computer Name = Alexis | Source = Service Control Manager | ID = 7009
Description =

Error - 10/12/2011 1:58:22 AM | Computer Name = Alexis | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:58:48 AM | Computer Name = Alexis | Source = Service Control Manager | ID = 7009
Description =

Error - 10/12/2011 1:58:48 AM | Computer Name = Alexis | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 10:14:05 AM | Computer Name = Alexis | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.65 for the Network Card with network
address 00215D65E464 has been denied by the DHCP server 10.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/12/2011 12:12:19 AM | Computer Name = Alexis | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.13 for the Network Card with network address
00215D65E464 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 11/12/2011 6:01:06 AM | Computer Name = Alexis | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.13 for the Network Card with network address
00215D65E464 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent
a DHCPNACK message).


< End of report >
  • 0

#43
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi Meso99,


Step One: OTL Fix

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-3428929090-3413326335-2922480130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - Startup: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two: Run ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Step Three: Run MBRCheck

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


What I need in your next post:
1. The OTL logs.
2. The ComboFix Log
3. The report from MBRCheck.
  • 0

#44
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
combofix ran its course but didn't produce a report after at least an hour so i stopped it. The report of MBRCheck is below

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 6930
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 163):
0x82016000 \SystemRoot\system32\ntkrnlpa.exe
0x823D0000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80479000 \SystemRoot\system32\PSHED.dll
0x8048A000 \SystemRoot\system32\BOOTVID.dll
0x80492000 \SystemRoot\system32\CLFS.SYS
0x804D3000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\System32\drivers\partmgr.sys
0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8078C000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8260D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x826E6000 \SystemRoot\system32\drivers\atapi.sys
0x826EE000 \SystemRoot\system32\drivers\ataport.SYS
0x8270C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8273E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8274E000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x82757000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A00B000 \SystemRoot\system32\drivers\ndis.sys
0x8A116000 \SystemRoot\system32\drivers\msrpc.sys
0x8A141000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A202000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A404000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A514000 \SystemRoot\system32\drivers\volsnap.sys
0x8A54D000 \SystemRoot\System32\Drivers\spldr.sys
0x8A555000 \SystemRoot\System32\Drivers\mup.sys
0x8A564000 \SystemRoot\System32\drivers\ecache.sys
0x8A58B000 \SystemRoot\system32\drivers\disk.sys
0x8A59C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5BD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5C6000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8A5CD000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8A5DE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A5F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A5F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E20C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EB2C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EBCC000 \SystemRoot\System32\drivers\watchdog.sys
0x8EBD8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A17C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBE3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EE0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F00F000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F398000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8F3A9000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F3BE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F3D1000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F3DB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EE98000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F3E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F3E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EEC8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F3F3000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F000000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EEE0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EF0F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EF50000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EF5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EF72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EF7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EFA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EFAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EFC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EFD8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F3FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A1BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EFE8000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8EFF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EBF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x827C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A3E3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F409000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F611000 \SystemRoot\system32\drivers\portcls.sys
0x8F63E000 \SystemRoot\system32\drivers\drmk.sys
0x8F663000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F6A0000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F804000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F8B9000 \SystemRoot\system32\drivers\modem.sys
0x8F8C6000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8F8E7000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8F8F2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F902000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F909000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F912000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F91A000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F92E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F945000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F966000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8F973000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F97C000 \SystemRoot\System32\Drivers\Null.SYS
0x8F983000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F98A000 \SystemRoot\System32\drivers\vga.sys
0x8F996000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F9B7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F9BF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F9C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F9D2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F9E0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F9E9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F7A2000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x80794000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F7E9000 \SystemRoot\system32\DRIVERS\smb.sys
0x805B3000 \SystemRoot\system32\drivers\afd.sys
0x90E0B000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x90E95000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90EAB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90EB9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90ECC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90F08000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90F12000 \SystemRoot\System32\Drivers\dfsc.sys
0x90F29000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x90F60000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A30A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x99E00000 \SystemRoot\System32\win32k.sys
0x90F6D000 \SystemRoot\System32\drivers\Dxapi.sys
0x90F77000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A020000 \SystemRoot\System32\TSDDD.dll
0x9A040000 \SystemRoot\System32\cdd.dll
0x90F86000 \SystemRoot\system32\drivers\luafv.sys
0x90FA1000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x90FB3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90FC3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90FED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8A1E4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB080B000 \SystemRoot\system32\drivers\spsys.sys
0xB08BB000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB08C3000 \SystemRoot\system32\drivers\HTTP.sys
0xB0930000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB094D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB0966000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB097B000 \SystemRoot\system32\drivers\mrxdav.sys
0xB099C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB09BB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x807C6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB1402000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB142A000 \SystemRoot\System32\DRIVERS\srv.sys
0xB1479000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xB147C000 \??\C:\Windows\system32\drivers\int15.sys
0xB1483000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB1487000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xB14A5000 \SystemRoot\system32\drivers\peauth.sys
0xB1583000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xB158C000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xB159E000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB15A8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB15B4000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB15BC000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0xB15DD000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x807DE000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB15E2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76FD0000 \Windows\System32\ntdll.dll

Processes (total 115):
0 System Idle Process
4 System
500 C:\Windows\System32\smss.exe
528 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
560 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
984 csrss.exe
1048 C:\Windows\System32\wininit.exe
1060 csrss.exe
1096 C:\Windows\System32\services.exe
1112 C:\Windows\System32\lsass.exe
1120 C:\Windows\System32\lsm.exe
1388 C:\Windows\System32\winlogon.exe
1532 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\svchost.exe
1724 C:\Windows\System32\svchost.exe
1748 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\svchost.exe
1840 C:\Windows\System32\audiodg.exe
1860 C:\Windows\System32\svchost.exe
1880 C:\Windows\System32\SLsvc.exe
2012 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\svchost.exe
840 C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
928 C:\Windows\System32\wlanext.exe
1236 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1468 C:\Windows\System32\spoolsv.exe
1440 C:\Windows\System32\svchost.exe
1212 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1932 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
2072 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
2144 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2248 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2264 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2392 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2516 C:\Program Files\AVG\AVG2012\avgnsx.exe
2540 C:\Windows\System32\svchost.exe
2612 C:\Program Files\AVG\AVG2012\avgemcx.exe
2620 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2732 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2836 C:\ACER\Mobility Center\MobilityService.exe
2908 C:\Windows\System32\svchost.exe
2956 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
3008 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
3068 C:\Windows\System32\svchost.exe
3080 C:\Windows\System32\svchost.exe
3180 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3224 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
3244 C:\Program Files\Acer\Acer VCM\RS_Service.exe
3272 C:\Windows\System32\svchost.exe
3344 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
3360 C:\Windows\System32\svchost.exe
3380 C:\Windows\System32\SearchIndexer.exe
3488 C:\Windows\System32\drivers\XAudio.exe
3508 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3672 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
3844 C:\Windows\System32\svchost.exe
1188 WmiPrvSE.exe
3620 WmiPrvSE.exe
3592 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
2868 C:\Windows\System32\taskeng.exe
156 C:\Windows\System32\taskeng.exe
1960 C:\Windows\System32\dwm.exe
4312 C:\Windows\explorer.exe
4472 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4500 C:\Windows\RtHDVCpl.exe
4508 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4516 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
4564 C:\Program Files\Panda USB Vaccine\USBVaccine.exe
4572 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
4584 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
4620 C:\Windows\PLFSetI.exe
4636 C:\Windows\System32\igfxsrvc.exe
4780 C:\Program Files\Windows Media Player\wmpnscfg.exe
4840 C:\Program Files\Windows Media Player\wmpnetwk.exe
4872 C:\Windows\System32\wbem\unsecapp.exe
5140 C:\Program Files\Launch Manager\QtZgAcer.EXE
5148 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
5156 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
5168 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
5176 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
5184 C:\Program Files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe
5200 C:\Program Files\AVG\AVG2012\avgtray.exe
5208 C:\Windows\System32\igfxtray.exe
5220 C:\Windows\System32\hkcmd.exe
5228 C:\Windows\System32\igfxext.exe
5236 C:\Windows\System32\igfxpers.exe
5244 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
5256 C:\Program Files\AVG Secure Search\vprot.exe
5276 C:\Windows\System32\igfxsrvc.exe
5312 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5340 C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
5348 C:\Windows\ehome\ehtray.exe
5356 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
5372 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
5380 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
5472 C:\Windows\ehome\ehmsas.exe
5604 C:\Program Files\Mozilla Firefox\firefox.exe
5912 C:\Windows\System32\svchost.exe
6032 C:\Users\acer\AppData\Local\temp\RtkBtMnt.exe
3964 C:\Program Files\Mozilla Firefox\plugin-container.exe
5116 C:\Program Files\Mozilla Firefox\plugin-container.exe
4524 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
5112 C:\Program Files\Acer\Acer VCM\acp2HID.exe
5044 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2292 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4336 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5632 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
5884 C:\Windows\System32\wuauclt.exe
5104 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
5488 C:\Windows\System32\conime.exe
3960 C:\Windows\System32\SearchProtocolHost.exe
5412 C:\Windows\System32\SearchFilterHost.exe
4496 dllhost.exe
3936 dllhost.exe
4888 C:\Users\acer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`97e00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`90200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-22ZAT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#45
Meso99

Meso99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
All processes killed
========== OTL ==========
HKU\S-1-5-21-3428929090-3413326335-2922480130-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: acer
->Temp folder emptied: 13921530 bytes
->Temporary Internet Files folder emptied: 27652591 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60814403 bytes
->Flash cache emptied: 1213 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2011296 bytes
RecycleBin emptied: 55857968 bytes

Total Files Cleaned = 153.00 mb


[EMPTYFLASH]

User: acer
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12152011_185912

Files\Folders moved on Reboot...
C:\Users\acer\AppData\Local\Temp\~DFDB76.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT032c1.TMP not found!

Registry entries deleted on Reboot...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP