Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

A few persisting problems with svchost.exe and others [Closed]

Started by letsg0skate , Apr 13 2012 01:29 PM

  • This topic is locked This topic is locked

#1
letsg0skate
Posted 13 April 2012 - 01:29 PM

letsg0skate

    New Member

  • Member
  • Pip
  • 4 posts
Starting about a week ago my captcha does not show up. I can not register for almost any forums because of this so fixing this problem has been very difficult. When I search for things on google, and click on the results it leads me somewhere else, so I suspect this is some variation of the google redirect virus. I downloaded malware bytes to try and scan my computer and about 4 or 5 times now it has found spyware I chose to remove it and then restart my computer and it's still there. A lot of times malware bytes pops up a small window saying it has blocked svchost.exe which I believe is infected but it also has come up with other windows saying blocked firefox.exe etc, besides that my internet and computer have just been running slowly. These are all pretty annoying problems and I would like to clean my computer before it gets any worse. My OTL log will be pasted below

OTL logfile created on: 4/13/2012 12:10:12 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tyler\Videos
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 40.63% Memory free
7.71 Gb Paging File | 4.99 Gb Available in Paging File | 64.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 391.94 Gb Free Space | 86.97% Space Free | Partition Type: NTFS

Computer Name: TYLER-PC | User Name: Tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/13 12:09:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Videos\OTL.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/03/17 18:49:41 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/11 21:33:46 | 001,760,328 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2011/11/21 23:39:39 | 000,146,944 | ---- | M] () -- C:\Users\Tyler\AppData\Roaming\Agibke\qeoqaz.exe
PRC - [2011/08/14 12:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/02/23 21:54:40 | 001,078,352 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/23 21:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/23 21:54:40 | 000,332,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/02/01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/29 14:56:22 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010/12/09 22:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2010/11/11 18:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/11/11 18:21:36 | 000,296,768 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 20:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 17:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 17:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/04/26 19:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/02/27 18:10:32 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/17 18:49:40 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:42:35 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c3a30271ff59d68e8bb09a5e049de95\IAStorUtil.ni.dll
MOD - [2012/02/19 16:06:07 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
MOD - [2012/02/19 16:06:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/19 16:05:36 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/19 16:05:29 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/19 16:05:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/19 16:05:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/19 16:05:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/19 16:05:07 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/01/04 02:07:15 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\2abaab1dfbdf0db8f4bf0378d8599c98\IAStorCommon.ni.dll
MOD - [2012/01/04 02:06:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/12/31 02:46:47 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/11 21:33:52 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2011/12/11 21:33:48 | 000,123,976 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll
MOD - [2011/11/21 23:39:39 | 000,146,944 | ---- | M] () -- C:\Users\Tyler\AppData\Roaming\Agibke\qeoqaz.exe
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010/12/29 14:56:16 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2010/11/11 18:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/06 15:32:14 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/13 11:16:32 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/19 12:17:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/23 21:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/11 18:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/09/27 19:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/29 00:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/06/22 23:43:04 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2011/06/07 05:44:16 | 000,040,128 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/02/25 03:20:58 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/02/25 03:20:58 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/02/25 03:20:58 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/01/27 09:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/20 18:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 18:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/19 20:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/01/17 15:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/01/13 18:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/11/11 23:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/09 03:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 01:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/29 22:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/29 22:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/17 12:25:24 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/08 20:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/19 19:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00000ff25615032
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff25615032
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tyler\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 18:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/28 00:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions
[2012/04/11 12:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\vp9rpvpq.default\extensions
[2012/04/12 21:13:02 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\vp9rpvpq.default\extensions\[email protected]
[2012/03/23 18:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/23 18:41:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/21 21:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2012/04/12 21:13:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\USERS\TYLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VP9RPVPQ.DEFAULT\EXTENSIONS\[email protected]
[2012/03/17 18:49:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/16 12:09:33 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/08/29 23:07:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 19:40:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Tyler\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [{B6C75E0F-2666-897D-2FBA-65724F926DE0}] C:\Users\Tyler\AppData\Roaming\Agibke\qeoqaz.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tyler\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25615032-501A-4B6F-A731-0761949A11C6}: DhcpNameServer = 8.8.8.8 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC6E159E-4C8D-474F-8DD1-ACA26BF4D8EB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Ita
[2012/04/13 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Agibke
[2012/04/12 21:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/12 21:27:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/12 20:39:26 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\PC Cleaners
[2012/04/12 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\PCPro
[2012/04/12 20:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2012/04/12 20:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/04/12 20:10:55 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/04/11 12:41:11 | 000,000,000 | ---D | C] -- C:\rei
[2012/04/11 12:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/04/11 12:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/04/10 22:16:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/10 16:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/04/10 14:22:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/04/10 14:21:57 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Malwarebytes
[2012/04/10 14:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/10 14:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/10 13:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/04/07 01:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundSpectrum
[2012/04/06 19:38:58 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\PulseIM
[2012/04/06 19:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pulse IM
[2012/04/06 19:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/04/04 15:06:18 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2012/04/04 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2012/04/04 15:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2012/03/23 18:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/23 18:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/22 12:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2012/03/22 12:45:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2012/03/22 12:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2012/03/22 12:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/03/21 21:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/13 12:17:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/13 11:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 11:06:08 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1290111357-3248760699-4256558245-1000UA.job
[2012/04/13 09:42:53 | 000,793,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/13 09:42:53 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/13 09:42:53 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/13 09:07:26 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1290111357-3248760699-4256558245-1000Core.job
[2012/04/13 09:06:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/12 23:17:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/12 21:43:49 | 000,005,174 | ---- | M] () -- C:\Users\Tyler\Documents\4-14-12.reg
[2012/04/12 21:27:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 21:24:24 | 000,000,938 | ---- | M] () -- C:\Users\Tyler\Documents\cc_20120412_212419.reg
[2012/04/12 21:22:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 21:22:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 21:14:26 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/30 23:18:10 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/28 21:28:46 | 000,008,192 | ---- | M] () -- C:\Users\Tyler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/24 12:48:30 | 000,010,888 | ---- | M] () -- C:\Users\Tyler\Documents\cc_20120324_124826.reg
[2012/03/24 12:45:32 | 000,001,445 | ---- | M] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/24 12:45:04 | 000,431,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/23 18:41:04 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/23 03:02:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/23 03:02:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/22 12:45:15 | 000,001,389 | ---- | M] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/03/21 21:29:12 | 000,005,174 | ---- | M] () -- C:\Users\Tyler\Documents\cc_20120321_212908.reg
[2012/03/16 20:04:20 | 000,012,350 | ---- | M] () -- C:\Users\Tyler\Documents\cc_20120316_200416.reg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/13 11:16:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 21:43:47 | 000,005,174 | ---- | C] () -- C:\Users\Tyler\Documents\4-14-12.reg
[2012/04/12 21:27:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 21:24:23 | 000,000,938 | ---- | C] () -- C:\Users\Tyler\Documents\cc_20120412_212419.reg
[2012/03/27 17:07:47 | 000,119,343 | ---- | C] () -- C:\Users\Tyler\EasyVCW-v1.51.swf
[2012/03/27 17:07:47 | 000,008,293 | ---- | C] () -- C:\Users\Tyler\default.vcw
[2012/03/27 17:07:45 | 091,295,112 | ---- | C] () -- C:\Users\Tyler\Bethany.flv
[2012/03/27 17:07:45 | 013,107,184 | ---- | C] () -- C:\Users\Tyler\original video.wmv
[2012/03/27 17:07:45 | 000,006,148 | ---- | C] () -- C:\Users\Tyler\.DS_Store
[2012/03/24 12:48:28 | 000,010,888 | ---- | C] () -- C:\Users\Tyler\Documents\cc_20120324_124826.reg
[2012/03/23 03:02:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/23 03:02:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/22 12:45:40 | 000,002,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2012/03/22 12:45:15 | 000,001,389 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/03/22 12:45:05 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012/03/22 12:44:39 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2012/03/22 12:44:38 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2012/03/21 21:29:11 | 000,005,174 | ---- | C] () -- C:\Users\Tyler\Documents\cc_20120321_212908.reg
[2012/03/16 20:04:18 | 000,012,350 | ---- | C] () -- C:\Users\Tyler\Documents\cc_20120316_200416.reg
[2012/01/01 23:09:33 | 000,008,192 | ---- | C] () -- C:\Users\Tyler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 22:41:33 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/11 18:05:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/28 00:31:08 | 000,001,508 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/05/28 00:05:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/03 04:52:21 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/03 04:52:20 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/03 04:52:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/04/13 09:34:49 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Agibke
[2012/01/16 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Babylon
[2012/04/13 12:07:40 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Ita
[2012/01/02 04:47:49 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\ManyCam
[2012/02/25 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\NavNet Solutions
[2011/08/28 22:21:11 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\ooVoo Details
[2012/04/12 20:39:26 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PC Cleaners
[2012/04/12 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PCPro
[2011/08/15 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PowerCinema
[2012/04/06 19:38:58 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PulseIM
[2012/03/21 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\uTorrent
[2012/04/10 14:28:22 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Vso
[2011/12/30 02:06:25 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\WebcamMax
[2011/06/12 22:09:06 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\WildTangent
[2012/04/13 09:07:26 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1290111357-3248760699-4256558245-1000Core.job
[2012/04/13 11:06:08 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1290111357-3248760699-4256558245-1000UA.job
[2011/09/16 14:48:35 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 13 April 2012 - 02:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, what antivirus programme are you using ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKCU..\Run: [{B6C75E0F-2666-897D-2FBA-65724F926DE0}] C:\Users\Tyler\AppData\Roaming\Agibke\qeoqaz.exe ()
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    [2012/04/13 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Ita
    [2012/04/13 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Agibke

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 1

#3
letsg0skate
Posted 13 April 2012 - 04:29 PM

letsg0skate

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello! Thank you very much for your help. I am not currently running any antivirus program, although I have a few downloaded like AVG. This was what it said after the OTL reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tyler
->Temp folder emptied: 954379 bytes
->Temporary Internet Files folder emptied: 1393042 bytes
->Java cache emptied: 26830416 bytes
->FireFox cache emptied: 56687677 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8116487 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29728539 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028370 bytes
RecycleBin emptied: 24566 bytes

Total Files Cleaned = 152.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04132012_151323

Files\Folders moved on Reboot...
C:\Users\Tyler\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tyler\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Then, after I did a quick scan this was my log file.

OTL logfile created on: 4/13/2012 3:18:00 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tyler\Videos
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 66.52% Memory free
7.71 Gb Paging File | 6.23 Gb Available in Paging File | 80.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 391.92 Gb Free Space | 86.96% Space Free | Partition Type: NTFS

Computer Name: TYLER-PC | User Name: Tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/13 12:09:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Videos\OTL.exe
PRC - [2012/03/17 18:49:41 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/11 21:33:46 | 001,760,328 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2011/08/14 12:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/02/23 21:54:40 | 001,078,352 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/23 21:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/23 21:54:40 | 000,332,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/12/29 14:56:22 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010/12/09 22:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2010/11/11 18:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/11/11 18:21:36 | 000,296,768 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 20:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 17:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 17:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/04/26 19:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 13:49:41 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ba954f0e3a0bd2fb7ef2a9cd89e9f76d\IAStorUtil.ni.dll
MOD - [2012/04/13 13:01:19 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll
MOD - [2012/04/13 13:00:50 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:00:42 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012/03/17 18:49:40 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/19 16:06:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/19 16:05:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/19 16:05:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/19 16:05:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/19 16:05:07 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/01/04 02:07:15 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\2abaab1dfbdf0db8f4bf0378d8599c98\IAStorCommon.ni.dll
MOD - [2012/01/04 02:06:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/12/31 02:46:47 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/11 21:33:52 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2011/12/11 21:33:48 | 000,123,976 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010/12/29 14:56:16 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2010/11/11 18:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/06 15:32:14 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/13 11:16:32 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/19 12:17:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/23 21:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/11 18:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/09/27 19:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 00:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/06/22 23:43:04 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2011/06/07 05:44:16 | 000,040,128 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/02/25 03:20:58 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/02/25 03:20:58 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/02/25 03:20:58 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/01/27 09:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/20 18:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 18:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/19 20:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/01/17 15:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/01/13 18:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/11/11 23:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/09 03:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 01:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/29 22:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/29 22:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/17 12:25:24 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/08 20:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/19 19:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00000ff25615032
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff25615032
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tyler\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 18:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/28 00:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions
[2012/04/11 12:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\vp9rpvpq.default\extensions
[2012/04/12 21:13:02 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\vp9rpvpq.default\extensions\[email protected]
[2012/03/23 18:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/23 18:41:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/21 21:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2012/04/12 21:13:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\USERS\TYLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VP9RPVPQ.DEFAULT\EXTENSIONS\[email protected]
[2012/03/17 18:49:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/16 12:09:33 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/08/29 23:07:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 19:40:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Tyler\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/04/13 15:13:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tyler\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25615032-501A-4B6F-A731-0761949A11C6}: DhcpNameServer = 8.8.8.8 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC6E159E-4C8D-474F-8DD1-ACA26BF4D8EB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 15:13:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/12 21:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/12 21:27:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/12 20:39:26 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\PC Cleaners
[2012/04/12 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\PCPro
[2012/04/12 20:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2012/04/12 20:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/04/12 20:10:55 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/04/11 12:41:11 | 000,000,000 | ---D | C] -- C:\rei
[2012/04/11 12:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/04/11 12:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/04/10 22:16:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/10 16:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/04/10 14:22:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/04/10 14:21:57 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Malwarebytes
[2012/04/10 14:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/10 14:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/10 13:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/04/07 01:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundSpectrum
[2012/04/06 19:38:58 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\PulseIM
[2012/04/06 19:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pulse IM
[2012/04/06 19:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/04/04 15:06:18 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2012/04/04 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2012/04/04 15:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2012/03/23 18:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/23 18:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/22 12:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2012/03/22 12:45:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2012/03/22 12:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2012/03/22 12:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/03/21 21:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/04/13 15:17:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/13 15:16:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/13 15:15:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/13 15:15:41 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/13 15:15:01 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/13 15:15:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/13 15:13:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/04/13 14:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 14:06:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1290111357-3248760699-4256558245-1000UA.job
[2012/04/13 09:42:53 | 000,793,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/13 09:42:53 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/13 09:42:53 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/13 09:07:26 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1290111357-3248760699-4256558245-1000Core.job
[2012/04/12 21:43:49 | 000,005,174 | ---- | M] () -- C:\Users\Tyler\Documents\4-14-12.reg
[2012/04/12 21:27:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 21:24:24 | 000,000,938 | ---- | M] () -- C:\Users\Tyler\Documents\cc_20120412_212419.reg
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/30 23:18:10 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/28 21:28:46 | 000,008,192 | ---- | M] () -- C:\Users\Tyler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/24 12:48:30 | 000,010,888 | ---- | M] () -- C:\Users\Tyler\Documents\cc_20120324_124826.reg
[2012/03/24 12:45:32 | 000,001,445 | ---- | M] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/24 12:45:04 | 000,431,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/23 18:41:04 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/23 03:02:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/23 03:02:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/22 12:45:15 | 000,001,389 | ---- | M] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/03/21 21:29:12 | 000,005,174 | ---- | M] () -- C:\Users\Tyler\Documents\cc_20120321_212908.reg
[2012/03/16 20:04:20 | 000,012,350 | ---- | M] () -- C:\Users\Tyler\Documents\cc_20120316_200416.reg

========== Files Created - No Company Name ==========

[2012/04/13 11:16:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 21:43:47 | 000,005,174 | ---- | C] () -- C:\Users\Tyler\Documents\4-14-12.reg
[2012/04/12 21:27:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 21:24:23 | 000,000,938 | ---- | C] () -- C:\Users\Tyler\Documents\cc_20120412_212419.reg
[2012/03/27 17:07:47 | 000,119,343 | ---- | C] () -- C:\Users\Tyler\EasyVCW-v1.51.swf
[2012/03/27 17:07:47 | 000,008,293 | ---- | C] () -- C:\Users\Tyler\default.vcw
[2012/03/27 17:07:45 | 091,295,112 | ---- | C] () -- C:\Users\Tyler\Bethany.flv
[2012/03/27 17:07:45 | 013,107,184 | ---- | C] () -- C:\Users\Tyler\original video.wmv
[2012/03/27 17:07:45 | 000,006,148 | ---- | C] () -- C:\Users\Tyler\.DS_Store
[2012/03/24 12:48:28 | 000,010,888 | ---- | C] () -- C:\Users\Tyler\Documents\cc_20120324_124826.reg
[2012/03/23 03:02:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/23 03:02:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/22 12:45:40 | 000,002,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2012/03/22 12:45:15 | 000,001,389 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/03/22 12:45:05 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012/03/22 12:44:39 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2012/03/22 12:44:38 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2012/03/21 21:29:11 | 000,005,174 | ---- | C] () -- C:\Users\Tyler\Documents\cc_20120321_212908.reg
[2012/03/16 20:04:18 | 000,012,350 | ---- | C] () -- C:\Users\Tyler\Documents\cc_20120316_200416.reg
[2012/01/01 23:09:33 | 000,008,192 | ---- | C] () -- C:\Users\Tyler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 22:41:33 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/11 18:05:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/28 00:31:08 | 000,001,508 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/05/28 00:05:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/03 04:52:21 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/03 04:52:20 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/03 04:52:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/01/16 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Babylon
[2012/01/02 04:47:49 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\ManyCam
[2012/02/25 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\NavNet Solutions
[2011/08/28 22:21:11 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\ooVoo Details
[2012/04/12 20:39:26 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PC Cleaners
[2012/04/12 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PCPro
[2011/08/15 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PowerCinema
[2012/04/06 19:38:58 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PulseIM
[2012/03/21 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\uTorrent
[2012/04/10 14:28:22 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Vso
[2011/12/30 02:06:25 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\WebcamMax
[2011/06/12 22:09:06 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\WildTangent
[2012/04/13 09:07:26 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1290111357-3248760699-4256558245-1000Core.job
[2012/04/13 14:06:07 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1290111357-3248760699-4256558245-1000UA.job
[2011/09/16 14:48:35 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



Last, here is the log file from the aswMBR.exe

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 15:23:47
-----------------------------
15:23:47.061 OS Version: Windows x64 6.1.7600
15:23:47.061 Number of processors: 4 586 0x2A07
15:23:47.062 ComputerName: TYLER-PC UserName: Tyler
15:23:48.121 Initialize success
15:26:39.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:26:39.680 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:26:39.685 Device \Driver\iaStor -> MajorFunction fffffa8006e5e5c4
15:26:39.691 Disk 0 MBR read successfully
15:26:39.696 Disk 0 MBR scan
15:26:39.701 Disk 0 Windows 7 default MBR code
15:26:39.725 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
15:26:39.745 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
15:26:39.757 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461478 MB offset 31664128
15:26:39.781 Disk 0 scanning C:\Windows\system32\drivers
15:26:44.467 Service scanning
15:26:57.264 Modules scanning
15:26:57.281 Disk 0 trace - called modules:
15:26:57.291
15:26:57.302 Scan finished successfully
15:27:22.239 Disk 0 MBR has been saved successfully to "C:\Users\Tyler\Desktop\MBR.dat"
15:27:22.245 The log file has been saved successfully to "C:\Users\Tyler\Desktop\aswMBR.txt"
  • 0

#4
letsg0skate
Posted 13 April 2012 - 08:28 PM

letsg0skate

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
My computer now has crashed and blue screens any time I try to run it even in safe mode. I was able to do a system restore from the command prompt but it still blue screens with the error 0x0000000e. I am on a different computer currently wondering what happened and how do I get my computer at least running again.
  • 0

#5
Essexboy
Posted 14 April 2012 - 05:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets go in outside of windows. We will need to create a CD and additionally use a USB drive

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST64
  • Locate the flash drive with FRST64 and double click
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#6
letsg0skate
Posted 14 April 2012 - 03:42 PM

letsg0skate

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I did that and booted from the disk it started loading the disk, looked like it was going to work started running windows xp for some reason and then went to blue screen with the error 0x00000007B immediately?
  • 0

#7
Essexboy
Posted 14 April 2012 - 04:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you boot to the safe mode menu ? As this may well be a driver hardware problem

The Reatogo disc is based on XP

From the safe mode menu select Last Known Good
  • 0

#8
Essexboy
Posted 18 April 2012 - 11:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP