Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I may Have some Bootkit Related Instability

Started by mikeloeven , Oct 16 2012 10:58 PM

  • Please log in to reply

#1
mikeloeven
Posted 16 October 2012 - 10:58 PM

mikeloeven

    Member

  • Member
  • PipPipPip
  • 305 posts
i have an acer tablet which has been acting oddly lately. aside from being slow ...... er than normal i have been having increased problems with internet connection dropping and a bunch of little quirks i cant explain or trace. most recently i encountered a problem that makes my computer ask to be rebooted if i try to set a manual IP. ran several programs ill list them below

malware bytes
full system scan with avira
combofix

none of which returned any results however suspiciously combo fix crashed frequently and i only it to run completely once but it didn't remove any thing.

i have attached a OTL log and i hope someone can give me a answer as soon as possible i need this computer for school. being a tablet i normally would just back and wack it since everything is on my desktop or server but i don't have a usb DVD drive to reinstall windows with. so frustratingly i have to trouble shoot and fix it without nuking it


//LOG START
OTL logfile created on: 10/17/2012 1:04:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user1\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 50.80% Memory free
2.09 Gb Paging File | 0.72 Gb Available in Paging File | 34.44% Paging File free
Paging file location(s): c:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.72 Gb Total Space | 5.81 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
Drive D: | 29.81 Gb Total Space | 1.14 Gb Free Space | 3.82% Space Free | Partition Type: NTFS

Computer Name: MLOEVEN1 | User Name: mikeloeven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 00:49:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
PRC - [2012/08/29 12:03:38 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/08/29 12:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/08/09 05:38:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/08/06 12:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/07/31 16:27:16 | 000,428,928 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
PRC - [2012/07/27 16:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/28 15:56:36 | 000,288,128 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/05/09 17:39:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/09 17:39:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/09 17:39:25 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/27 22:16:32 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/05 22:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/04/05 22:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/02/15 14:55:02 | 002,627,728 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
PRC - [2012/02/15 14:55:00 | 003,082,384 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
PRC - [2011/10/14 15:47:48 | 001,571,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/03 18:00:04 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 00:01:02 | 000,469,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2011/02/22 21:01:10 | 000,715,368 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2011/02/22 21:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2011/02/21 23:01:17 | 000,066,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe
PRC - [2011/02/21 23:01:16 | 000,239,696 | ---- | M] () -- C:\Program Files\Acer\Device Control\ADevCtrl.exe
PRC - [2011/02/21 23:01:16 | 000,106,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Device Control\AdWmiSvc.exe
PRC - [2011/02/21 09:33:32 | 000,114,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe
PRC - [2011/02/11 08:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2011/02/11 05:53:18 | 000,114,688 | ---- | M] () -- C:\Program Files\HIDMon\HIDMON.exe
PRC - [2011/02/04 05:12:38 | 000,086,016 | ---- | M] () -- C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
PRC - [2011/01/06 20:04:40 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/29 20:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/04 02:03:18 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3f25cd6c52cc9e3ff35efd975ccd887\WindowsFormsIntegration.ni.dll
MOD - [2012/08/30 23:46:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\20a2851f49de050c597dd1e8abb86c02\System.Web.ni.dll
MOD - [2012/08/30 23:46:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d55e75f2b71f108f012ff4feee71e9f4\System.Windows.Forms.ni.dll
MOD - [2012/08/06 12:23:14 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012/08/06 12:07:30 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/07/27 16:51:28 | 000,249,272 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/06/07 00:16:03 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/06/06 23:14:06 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae55e761d480fe15781156d1311a1837\PresentationFramework.Classic.ni.dll
MOD - [2012/06/06 23:12:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/06 23:10:45 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/06/06 23:08:11 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/06/06 23:07:54 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/06/06 23:07:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/06/06 23:07:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/06 23:06:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/06 23:05:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/06 23:05:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/06 23:04:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/27 22:16:32 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/08 16:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/02/21 23:01:16 | 000,239,696 | ---- | M] () -- C:\Program Files\Acer\Device Control\ADevCtrl.exe
MOD - [2011/02/21 23:01:16 | 000,057,424 | ---- | M] () -- C:\Program Files\Acer\Device Control\BrandDetection.dll
MOD - [2011/02/11 05:53:18 | 000,114,688 | ---- | M] () -- C:\Program Files\HIDMon\HIDMON.exe
MOD - [2004/09/30 13:09:36 | 000,155,648 | ---- | M] () -- C:\Program Files\LinkShellExtension\RockallDLL.dll


========== Services (SafeList) ==========

SRV - [2012/10/09 02:10:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 23:46:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/29 12:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/06 12:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/05/09 17:39:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 17:39:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/05 22:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/02/15 14:55:00 | 003,082,384 | ---- | M] (Bradford Networks) [Auto | Running] -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent)
SRV - [2011/07/01 18:53:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/03 18:00:04 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/22 21:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/02/21 23:01:17 | 000,066,128 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe -- (DsiDeviceControlService)
SRV - [2011/02/11 08:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/04 05:12:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe -- (SnxUsbDockingKB2267Srv)
SRV - [2011/01/31 17:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/01/06 20:04:40 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/01/29 20:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7FA0ACF-EA6E-49C0-AF96-36EB662507DB}\MpKsl9c42c54c.sys -- (MpKsl9c42c54c)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Users\user1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/18 00:04:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/05/14 02:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/05/09 17:39:27 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 17:39:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/06 01:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/05 21:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/05 14:02:36 | 001,630,056 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ts_athw.sys -- (TS_AR5416)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Disabled | Stopped] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011/01/10 08:59:36 | 000,015,936 | ---- | M] (Bosch Sensortec GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\bma150.sys -- (BST)
DRV - [2011/01/06 20:05:14 | 000,241,824 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/01/06 20:05:14 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/01/06 20:05:14 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/01/06 20:05:12 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/01/06 20:05:12 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/01/06 20:05:10 | 000,258,720 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/01/06 20:05:10 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010/12/31 03:17:32 | 000,081,408 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ax88772b.sys -- (AX88772B)
DRV - [2010/11/28 15:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/09 06:26:46 | 001,884,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/11/01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010/10/29 04:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9299BAEC-69A8-49DC-A118-74C73AA53FE2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9299BAEC-69A8-49DC-A118-74C73AA53FE2}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: [email protected]:0.4
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..network.proxy.autoconfig_url: "http://proxify.com/proxy.pac"
FF - prefs.js..network.proxy.http: "194.28.8.139"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/03/08 07:14:55 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/27 22:16:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/20 11:26:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/27 22:16:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/20 11:26:50 | 000,000,000 | ---D | M]

[2011/10/27 22:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Extensions
[2012/10/10 15:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\hnh964sn.default\extensions
[2012/08/03 00:20:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\hnh964sn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/21 23:07:42 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\firefox\profiles\hnh964sn.default\extensions\[email protected]
[2012/04/14 00:30:50 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\firefox\profiles\hnh964sn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/10/10 15:08:01 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\firefox\profiles\hnh964sn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/24 23:54:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\firefox\profiles\hnh964sn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/11 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/29 23:10:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/27 22:16:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/08 13:53:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 13:53:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ADevCtrl] C:\Program Files\Acer\Device Control\ADevCtrl.exe ()
O4 - HKLM..\Run: [AutoScreenRotationBlocker] C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe (Dritek System Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\clistart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [xLaunchHIDMon] C:\Program Files\HIDMon\HIDMON.exe ()
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 5\suo10_smartram.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([file] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06DD3726-62B5-4A58-9B4D-14ADFC39E302}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8C48887-3859-465C-957B-A52D4611A82E}: DhcpNameServer = 192.168.213.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8C72A05-F058-4555-8DDC-EEDBEA833AC7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5B19D87-A8D9-4088-9E79-682E2A1FD8F6}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F69620A4-B10B-4301-BC1F-263499A40F08}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu.dll (Stardock)
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll (Bad [bleep] Apps)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e14398d-0021-11e1-8abb-e95fc59e4f57}\Shell - "" = AutoRun
O33 - MountPoints2\{1e14398d-0021-11e1-8abb-e95fc59e4f57}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/17 00:49:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
[2012/10/15 09:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gtk+
[2012/10/15 09:54:48 | 000,000,000 | ---D | C] -- C:\GTK
[2012/10/15 09:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TiEmu3-gdb
[2012/10/15 09:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LPG Shared
[2012/10/15 09:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\GTK2-Runtime
[2012/10/15 09:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\TiEmu3-gdb
[2012/10/15 09:33:52 | 000,043,520 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2012/10/10 20:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/10/10 20:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/10/10 20:08:37 | 000,000,000 | R--D | C] -- C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/10/09 02:10:08 | 000,000,000 | ---D | C] -- C:\Users\user1\Desktop\Discovering Computers Fundamentals 8th Edition 2012
[2012/10/04 17:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/10/04 17:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Bradford Networks
[2012/10/04 17:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bradford Networks
[2012/10/04 17:03:35 | 000,000,000 | ---D | C] -- C:\Users\user1\Documents\OneNote Notebooks
[2012/09/30 23:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2012/09/30 13:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IJ Network Scanner Selector EX
[2012/09/30 13:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2012/09/30 13:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3100 series User Registration
[2012/09/30 13:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3100 series
[2012/09/18 00:03:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/09/18 00:03:10 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\Malwarebytes
[2012/09/18 00:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/18 00:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/18 00:02:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/18 00:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/28 22:42:19 | 011,733,072 | ---- | C] (IObit ) -- C:\Users\user1\gb3.5-beta-setup.exe

========== Files - Modified Within 30 Days ==========

[2012/10/17 01:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/17 00:49:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
[2012/10/17 00:29:42 | 000,664,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/17 00:29:42 | 000,123,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/16 21:17:40 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 21:17:40 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 09:54:18 | 000,000,960 | ---- | M] () -- C:\Users\user1\Desktop\TiEmu.lnk
[2012/10/15 09:48:55 | 003,205,979 | ---- | M] () -- C:\Users\user1\Desktop\tiemu.zip
[2012/10/15 09:26:21 | 000,445,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/12 12:57:31 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/10/11 00:38:32 | 003,493,235 | ---- | M] () -- C:\Users\user1\Desktop\C++ Without Fear A Beginner's Guide That Makes You Feel Smart (2nd Edition)-viny.pdf
[2012/10/10 15:07:59 | 000,000,187 | ---- | M] () -- C:\Windows\wininit.ini
[2012/10/04 17:52:18 | 000,002,090 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/10/01 01:03:10 | 000,002,076 | -H-- | M] () -- C:\Users\user1\Documents\Default.rdp
[2012/09/26 20:37:11 | 012,433,084 | ---- | M] () -- C:\Users\user1\Desktop\[Stefan_Baratto,_Barry_Bergman,_Donald_Hutchison]_(BookFi.org).pdf
[2012/09/18 00:04:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/09/18 00:02:59 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/17 21:21:28 | 000,002,693 | ---- | M] () -- C:\Users\user1\Desktop\Microsoft Office Outlook 2007.lnk
[2012/09/17 21:01:46 | 000,001,103 | ---- | M] () -- C:\Users\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

========== Files Created - No Company Name ==========

[2012/10/15 09:54:18 | 000,000,960 | ---- | C] () -- C:\Users\user1\Desktop\TiEmu.lnk
[2012/10/15 09:48:54 | 003,205,979 | ---- | C] () -- C:\Users\user1\Desktop\tiemu.zip
[2012/10/09 02:12:56 | 003,493,235 | ---- | C] () -- C:\Users\user1\Desktop\C++ Without Fear A Beginner's Guide That Makes You Feel Smart (2nd Edition)-viny.pdf
[2012/10/09 02:12:28 | 012,433,084 | ---- | C] () -- C:\Users\user1\Desktop\[Stefan_Baratto,_Barry_Bergman,_Donald_Hutchison]_(BookFi.org).pdf
[2012/10/04 17:43:49 | 000,002,090 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/30 13:23:18 | 000,063,744 | ---- | C] () -- C:\Windows\System32\CNC1752D.TBL
[2012/09/18 00:02:59 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/17 21:21:28 | 000,002,693 | ---- | C] () -- C:\Users\user1\Desktop\Microsoft Office Outlook 2007.lnk
[2012/09/17 21:01:46 | 000,001,103 | ---- | C] () -- C:\Users\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/30 00:18:51 | 000,000,017 | ---- | C] () -- C:\Users\user1\AppData\Local\resmon.resmoncfg
[2012/07/27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/07/13 00:12:42 | 000,080,491 | ---- | C] () -- C:\Users\user1\AppData\Roaming\icarus-dxdiag.xml
[2012/06/28 22:43:30 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/06/17 23:23:55 | 000,000,187 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/02/26 00:09:17 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/02/14 22:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/02/14 22:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/01/13 00:58:26 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_processtamer_InstallInfo.dat
[2012/01/13 00:58:26 | 000,000,046 | ---- | C] () -- C:\Users\user1\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
[2012/01/10 17:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/11/19 18:33:42 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/10/27 11:55:18 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/07/27 10:46:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/16 11:09:20 | 000,001,165 | ---- | C] () -- C:\Windows\SYSTEMCD.dat
[2011/04/16 11:09:20 | 000,000,620 | ---- | C] () -- C:\Windows\LPCD.dat
[2011/04/16 11:09:20 | 000,000,438 | ---- | C] () -- C:\Windows\RCD.dat
[2011/04/16 11:09:20 | 000,000,066 | ---- | C] () -- C:\Windows\NAPP.dat
[2011/03/08 07:12:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/08 07:08:45 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011/03/08 07:08:45 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2011/03/08 07:08:45 | 000,029,494 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2011/03/08 07:08:45 | 000,002,084 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2011/03/08 07:08:45 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/03/08 07:08:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2011/03/08 07:08:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/03/08 07:08:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/03/08 07:08:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/03/08 07:08:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2011/03/08 07:08:45 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/01/06 19:55:08 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/08/30 02:06:22 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/06 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Acer
[2012/08/10 19:08:22 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\calibre
[2012/07/24 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Catznip
[2012/01/11 02:45:14 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\CrystalApp
[2012/09/21 22:58:32 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\CrystalSpace
[2012/01/13 00:58:26 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\DonationCoder
[2012/05/11 15:52:36 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\FileZilla
[2012/08/01 22:50:52 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Firestorm
[2012/04/25 17:18:23 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\GetRightToGo
[2012/03/08 00:29:04 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\IObit
[2012/01/01 21:39:48 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Luxand
[2012/08/31 22:40:12 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\minecraft
[2012/08/21 21:54:30 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\minecraftbak
[2012/06/17 23:29:08 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Origin
[2012/01/11 02:59:42 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PlaneShift
[2011/10/27 18:34:38 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PowerCinema
[2012/08/03 22:20:48 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Radegast
[2012/04/16 01:08:29 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Stardock
[2011/10/30 00:49:21 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\SumatraPDF
[2012/05/16 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\TeamViewer
[2011/11/08 00:30:49 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\TouchBrowser
[2012/10/17 01:01:25 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >
h

Edited by mikeloeven, 16 October 2012 - 11:33 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP