Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SWEDISH POLICE RANSOMWARE VIRUS [Solved]


  • This topic is locked This topic is locked

#1
OZDOUG

OZDOUG

    Member

  • Member
  • PipPipPip
  • 117 posts
Hi!

I recently (last hour) got a supposed Swedish Police warning on my browser advising I need to pay a fine...I have attached a similar screen capture that I located after some digging around on this topic on Google. I see also from a quick tour of G2G that this is something that seems to happen to others in other countries...the only difference is the language!

I am running Windows 8 & my PC specs are attached.

I am also running Malwarebytes & Avast.

I ran the Malwarebytes scan twice & nothing bad was detected, plus Avast has not advised of any problems.

Can someone help me out with this please?

Attached Thumbnails

  • polisenenhetnenfordatabrottransomware_img1.png
  • SYSTEM SPECS.jpg

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello OZDOUG and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 1

#3
OZDOUG

OZDOUG

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Hi Maliprog....& thanks very much for your help on this!!

I ran through your instructions & can post the following reports/logs:
OTL.txt
------------------------------------
OTL logfile created on: 11/02/2014 16:59:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ACER-DESKTOP\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.71 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 71.27% Memory free
6.65 Gb Paging File | 4.90 Gb Available in Paging File | 73.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.52 Gb Total Space | 877.47 Gb Free Space | 95.95% Space Free | Partition Type: NTFS

Computer Name: NEW-ACER | User Name: ACER-DESKTOP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/11 12:45:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ACER-DESKTOP\Desktop\OTL.exe
PRC - [2014/02/02 00:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/28 12:43:10 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/28 12:43:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/20 00:03:54 | 002,615,368 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2012/07/14 01:27:00 | 000,769,432 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/07/12 15:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/02 00:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/02 00:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/02 00:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/02 00:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/02 00:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2013/11/22 19:02:55 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/02/21 06:58:24 | 000,089,672 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/28 12:43:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/31 10:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/08/16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/02 01:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/06 22:19:14 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/20 00:03:54 | 002,615,368 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/14 01:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/07/13 10:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/12 15:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe -- (D_Link_DWA-140_WPS)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/28 12:43:13 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/28 12:43:13 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/28 12:43:13 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/28 12:43:13 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/21 09:38:35 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/22 19:02:57 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/22 19:02:56 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/08/16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 02:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/02 01:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 23:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/04 08:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/04 15:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 23:06:46 | 011,269,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/06 21:56:36 | 000,550,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 12:11:56 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/11/06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/30 17:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/15 06:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/04/28 15:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/02/21 11:09:14 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\anodlwfx.sys -- (anodlwf)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C79C44C0-1B13-401E-9C21-FAC3DE70775C}
IE:64bit: - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://uk.yhs4.searc...p={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{C79C44C0-1B13-401E-9C21-FAC3DE70775C}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C79C44C0-1B13-401E-9C21-FAC3DE70775C}
IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://uk.yhs4.searc...p={searchTerms}
IE - HKLM\..\SearchScopes\{C79C44C0-1B13-401E-9C21-FAC3DE70775C}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {C79C44C0-1B13-401E-9C21-FAC3DE70775C}
IE - HKCU\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://uk.yhs4.searc...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\ACER-DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\ACER-DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\ACER-DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\ACER-DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\ACER-DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Google Wallet = C:\Users\ACER-DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\ACER-DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\ACER-DESKTOP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ACER-DESKTOP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 192.168.0.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61C9686E-C68E-4593-BAB3-5A10C8C7EC6E}: DhcpNameServer = 192.168.0.254 192.168.0.64
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/11 12:45:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ACER-DESKTOP\Desktop\OTL.exe
[2014/02/03 08:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/02/03 08:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/03 08:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/03 08:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/02/03 08:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/02/02 17:06:42 | 000,000,000 | ---D | C] -- C:\Users\ACER-DESKTOP\Documents\Custom Office Templates
[2014/01/28 12:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/28 12:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/01/28 12:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/22 13:10:04 | 000,000,000 | ---D | C] -- C:\Users\ACER-DESKTOP\Documents\Outlook Files
[2014/01/21 09:38:58 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/20 12:10:43 | 000,000,000 | ---D | C] -- C:\Users\ACER-DESKTOP\AppData\Local\Cyberlink
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/11 16:53:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/11 12:45:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ACER-DESKTOP\Desktop\OTL.exe
[2014/02/11 10:48:20 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/11 10:48:20 | 000,722,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/11 10:48:20 | 000,136,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/11 10:47:15 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/11 10:45:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/11 10:43:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/02/11 10:43:40 | 612,208,639 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/04 21:01:08 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/03 08:50:39 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/30 17:16:08 | 000,422,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/28 12:49:37 | 000,002,247 | ---- | M] () -- C:\Users\ACER-DESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/28 12:45:36 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/28 12:43:13 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/28 12:43:13 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/28 12:43:13 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/28 12:43:13 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/28 12:43:13 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/28 12:43:12 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/28 11:12:40 | 000,001,179 | ---- | M] () -- C:\Users\ACER-DESKTOP\Desktop\Recent - Shortcut.lnk
[2014/01/27 12:26:49 | 000,001,021 | ---- | M] () -- C:\Users\ACER-DESKTOP\Desktop\TFC - Shortcut.lnk
[2014/01/21 21:39:11 | 000,439,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswndisflt.sys
[2014/01/21 09:38:35 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/03 08:50:39 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/30 17:16:00 | 000,422,216 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/28 12:45:36 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/28 12:44:58 | 000,002,247 | ---- | C] () -- C:\Users\ACER-DESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/28 12:44:58 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/28 12:43:52 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/28 12:43:51 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/28 11:12:40 | 000,001,179 | ---- | C] () -- C:\Users\ACER-DESKTOP\Desktop\Recent - Shortcut.lnk
[2013/12/01 10:44:34 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/11/23 14:41:13 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/11/22 17:41:17 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2013/06/23 18:06:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/02/27 14:34:37 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/02/27 14:34:37 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/27 14:34:37 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/05/02 21:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/22 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\ACER-DESKTOP\AppData\Roaming\AcerRemote
[2013/11/22 19:05:15 | 000,000,000 | ---D | M] -- C:\Users\ACER-DESKTOP\AppData\Roaming\AVAST Software
[2014/02/02 16:37:02 | 000,000,000 | ---D | M] -- C:\Users\ACER-DESKTOP\AppData\Roaming\Epson

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2013/06/01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/12/02 08:48:15 | 000,193,351 | ---- | M] () MD5=14136418AB907DA7F81D339BDB9B9655 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/12/02 08:48:40 | 000,191,929 | ---- | M] () MD5=276FE7A1B24820C45ACE912A44E6AC8A -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/12/02 08:48:28 | 000,191,911 | ---- | M] () MD5=2D2587FA9C09502D2837317CCC913974 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/11/29 12:11:56 | 000,220,310 | ---- | M] () MD5=5BC7D0E43CE304989EC1E40C7395C929 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/11/29 12:11:48 | 000,221,955 | ---- | M] () MD5=661686284D4FFE593807630E2C17B278 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/11/29 12:12:04 | 000,220,321 | ---- | M] () MD5=93E86C2BCE6D88627AC038ED085302D9 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/11/29 12:12:12 | 000,217,360 | ---- | M] () MD5=A2098C8675C97D721782E798D85B423F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/12/02 08:48:53 | 000,190,101 | ---- | M] () MD5=B3592607C51199499B57F7EB750E4CEB -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/06/01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe

< MD5 for: SERVICES.EXE >
[2013/11/29 14:17:33 | 000,038,189 | ---- | M] () MD5=7ABFA57F43391137E75B309A86D4A83E -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012/09/20 07:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012/09/20 07:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013/11/29 14:17:34 | 000,001,252 | ---- | M] () MD5=C33C23CD6EC3F8A19128F1A4272B907C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe

< MD5 for: SVCHOST.EXE >
[2013/12/03 14:26:53 | 000,000,583 | ---- | M] () MD5=69C22033F7CB199AAD53AE5B18D8D101 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
[2013/12/03 14:26:53 | 000,003,208 | ---- | M] () MD5=906D80213D0B74910618FEE42943824D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012/09/20 06:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/09/20 06:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2013/11/30 10:28:56 | 000,000,609 | ---- | M] () MD5=A72913E7DE31B4D280A01A50969C7AE5 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2013/11/30 10:28:56 | 000,002,873 | ---- | M] () MD5=CCBCABC6A5068223860A4A7888051D0F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/09/20 07:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/09/20 07:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe

< MD5 for: USERINIT.EXE >
[2012/07/26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/12/01 09:21:42 | 000,053,884 | ---- | M] () MD5=0893B4D522C7A528937C47797336259D -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2013/12/01 09:21:44 | 000,001,620 | ---- | M] () MD5=344147389316D9A469048AAECFFF99AA -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2013/12/01 09:21:41 | 000,053,876 | ---- | M] () MD5=4808595801FC7EA58B4CEAB8C3DFCC45 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/10/11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012/10/11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/12/01 09:21:40 | 000,053,889 | ---- | M] () MD5=C75E983F891903766A084EB2528A4889 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe

< %systemroot%\*. /mp /s >

< dir C:\ /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is C8EA-4B24
Directory of C:\
26/07/2012 08:22 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
26/07/2012 08:22 <JUNCTION> Application Data [C:\ProgramData]
26/07/2012 08:22 <JUNCTION> Desktop [C:\Users\Public\Desktop]
26/07/2012 08:22 <JUNCTION> Documents [C:\Users\Public\Documents]
26/07/2012 08:22 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012 08:22 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
26/07/2012 08:22 <SYMLINKD> All Users [C:\ProgramData]
26/07/2012 08:22 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\ACER-DESKTOP
22/11/2013 17:26 <JUNCTION> Application Data [C:\Users\ACER-DESKTOP\AppData\Roaming]
22/11/2013 17:26 <JUNCTION> Cookies [C:\Users\ACER-DESKTOP\AppData\Roaming\Microsoft\Windows\Cookies]
22/11/2013 17:26 <JUNCTION> Local Settings [C:\Users\ACER-DESKTOP\AppData\Local]
22/11/2013 17:26 <JUNCTION> My Documents [C:\Users\ACER-DESKTOP\Documents]
22/11/2013 17:26 <JUNCTION> NetHood [C:\Users\ACER-DESKTOP\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/11/2013 17:26 <JUNCTION> PrintHood [C:\Users\ACER-DESKTOP\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/11/2013 17:26 <JUNCTION> Recent [C:\Users\ACER-DESKTOP\AppData\Roaming\Microsoft\Windows\Recent]
22/11/2013 17:26 <JUNCTION> SendTo [C:\Users\ACER-DESKTOP\AppData\Roaming\Microsoft\Windows\SendTo]
22/11/2013 17:26 <JUNCTION> Start Menu [C:\Users\ACER-DESKTOP\AppData\Roaming\Microsoft\Windows\Start Menu]
22/11/2013 17:26 <JUNCTION> Templates [C:\Users\ACER-DESKTOP\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\ACER-DESKTOP\AppData\Local
22/11/2013 17:26 <JUNCTION> Application Data [C:\Users\ACER-DESKTOP\AppData\Local]
22/11/2013 17:26 <JUNCTION> History [C:\Users\ACER-DESKTOP\AppData\Local\Microsoft\Windows\History]
22/11/2013 17:26 <JUNCTION> Temporary Internet Files [C:\Users\ACER-DESKTOP\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\ACER-DESKTOP\Documents
22/11/2013 17:26 <JUNCTION> My Music [C:\Users\ACER-DESKTOP\Music]
22/11/2013 17:26 <JUNCTION> My Pictures [C:\Users\ACER-DESKTOP\Pictures]
22/11/2013 17:26 <JUNCTION> My Videos [C:\Users\ACER-DESKTOP\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
26/07/2012 08:22 <JUNCTION> Application Data [C:\ProgramData]
26/07/2012 08:22 <JUNCTION> Desktop [C:\Users\Public\Desktop]
26/07/2012 08:22 <JUNCTION> Documents [C:\Users\Public\Documents]
26/07/2012 08:22 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012 08:22 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
26/07/2012 08:22 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
26/07/2012 08:22 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
26/07/2012 08:22 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
26/07/2012 08:22 <JUNCTION> My Documents [C:\Users\Default\Documents]
26/07/2012 08:22 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26/07/2012 08:22 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26/07/2012 08:22 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
26/07/2012 08:22 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
26/07/2012 08:22 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
26/07/2012 08:22 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
26/07/2012 08:22 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
26/07/2012 08:22 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
26/07/2012 08:22 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
26/07/2012 08:22 <JUNCTION> My Music [C:\Users\Default\Music]
26/07/2012 08:22 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
26/07/2012 08:22 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
26/07/2012 08:22 <JUNCTION> My Music [C:\Users\Public\Music]
26/07/2012 08:22 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
26/07/2012 08:22 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
48 Dir(s) 942,175,195,136 bytes free

< End of report >
-----------------------------------------------------------
  • 0

#4
OZDOUG

OZDOUG

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Now for Extras.txt:
--------------------------------
OTL Extras logfile created on: 11/02/2014 16:29:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ACER-DESKTOP\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.71 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 74.28% Memory free
6.65 Gb Paging File | 4.96 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.52 Gb Total Space | 877.46 Gb Free Space | 95.95% Space Free | Partition Type: NTFS

Computer Name: NEW-ACER | User Name: ACER-DESKTOP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B3C64D-B3A5-4971-891B-E0E62EA1BE8F}" = lport=139 | protocol=6 | dir=in | app=system |
"{1DAF33B9-A904-4912-8B15-0C1437554AC1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3803B5B2-CCBE-4FD1-A67A-E3A40520AC81}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C33D2CC-86A2-4F45-8B49-AC7046FC1F94}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F5752B2-A7D5-4E53-A43B-E94350F18126}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{53BA7CC4-4DBF-4001-A45F-89005D11AA74}" = lport=445 | protocol=6 | dir=in | app=system |
"{65E599F4-EEB6-4719-ADCE-CE7C58D35344}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{75487690-BBD8-470C-A0E6-469900E03732}" = rport=445 | protocol=6 | dir=out | app=system |
"{7659ED79-B75D-4466-8A51-852AAB0FF8B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78878B07-A71C-4DB7-9028-498BE1BB1D14}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{7E238772-6FA6-4170-88C1-D7D8E8EB7366}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91628013-B140-4C84-812B-240D9277077D}" = rport=138 | protocol=17 | dir=out | app=system |
"{A163F1C1-6844-4059-8132-723F01BF6BFE}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8EA4405-D86C-4609-B70E-49608342093B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D88BBBC4-89ED-4EBC-A286-D45DEA9057DA}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036C1D0E-7C5C-4967-8742-7BE00F42B03D}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{0AD3232C-F42F-4B29-A461-97D17AC4DCC5}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{0D6BA556-0868-4C3C-A13E-A2700E06151B}" = dir=in | app=c:\users\acer-desktop\appdata\local\microsoft\skydrive\skydrive.exe |
"{0E7E4F30-5087-47F0-976B-CA54B379F145}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{14D008CC-A822-41AE-A7A1-017C401D857B}" = protocol=58 | dir=in | [email protected],-28545 |
"{16D11542-8FA9-4237-A853-557CA020D7AB}" = dir=out | name=netflix |
"{184EBEFC-5CF7-47BA-847D-57AC2B8AB8C0}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe |
"{208B03CC-FB99-41A2-A570-6E54F67995D5}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{24226D99-C77E-4E8D-8484-B3E26C81857F}" = dir=out | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{250E27C5-60E5-41AE-9688-C3790CBDB2F1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{284EF4EA-978C-4562-BF0B-738971871D87}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28F3C666-9467-4D60-A7A3-DD9AE4688758}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{29C4961D-727E-4BFE-8B56-B98A609FB4F1}" = dir=out | name=acer explorer |
"{2B250047-722E-4CE9-97EA-8BC46B5C573A}" = dir=out | [email protected]{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{2C6749A7-9804-4189-8BDE-8630F9D3A144}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{37F4CCB4-20E2-431D-A0D5-7E07081AD122}" = protocol=1 | dir=out | [email protected],-28544 |
"{3DE2A80B-A876-4C0E-A3C5-172C3B1DCC92}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{3F65CB46-DEB3-4A25-8B05-EFB2823F8E95}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{3FFCD592-8BC9-44CB-9C26-30EE972DA034}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{4290EE8D-45F9-4CEA-A48E-A617F2A5697E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{602ACB12-0DAE-493D-A8DC-6BEA0FCD0164}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{6E83DF2D-59DB-4540-9C3B-EF483CAB5C7F}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{706D2300-26EE-4E0C-9EE8-84A740A3284D}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{70F96E2A-F1CB-4758-8D7F-7A579F7EF57E}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{714BBD40-ABBE-4AD2-988B-61AD6A6A01E7}" = protocol=58 | dir=out | [email protected],-28546 |
"{75FA314B-4ADE-4A0C-9B0D-0DAB442AED04}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{857B1BB3-A83B-499B-B40E-553BD7AF90C2}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{87F50505-9E90-4D16-B8EB-67396D39256E}" = dir=in | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{880D3F65-CCF5-4922-AE3B-F62E10D68ED1}" = dir=out | name=windows_ie_ac_001 |
"{8A973883-6742-4D3E-BDBB-F2AA05269CAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FC9259A-A69E-4544-97E0-6258A8E59C34}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{90736937-293B-44B3-A887-7B580C1F9BF7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{91AA80FB-DE12-4D43-94A0-69CC6A87786E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{9D86A4E0-B541-4B5C-A645-AF83FC20A399}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9E43E590-4BA7-4FEA-A146-E83FFFDF3BB0}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{A1718800-5112-4CF1-8BFB-A01F924A36BA}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A84C9576-C956-4A5B-B783-DDFE48AF079D}" = dir=in | [email protected]{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{ABC354D6-08EC-422D-8F43-6B67B0D94F4C}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{AEF20286-FAF4-4400-829C-E0D0C8D0211F}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{B2FC6B2B-D390-4E8A-A731-DAF4BEE335D0}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{B9C429EE-A21C-4DED-BEEF-6CDC685B210D}" = dir=out | name=7digital music store |
"{BC1E080D-E9C8-4B83-976B-386C4222E747}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{BEEC5D09-A62C-4669-AFE1-03CAE5D8B4C0}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C0440376-D9B5-4F85-A1A5-9DFBF58F5810}" = dir=out | name=newsxpresso |
"{C23DCD78-C198-4057-BE2B-BEC177FFD94B}" = dir=out | name=kindle |
"{C368FF58-F1C0-44ED-8910-9D03E3868DAF}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{C48F13B0-F83F-479D-B3C8-A7EA2D247942}" = dir=in | name=newsxpresso |
"{CA99EC6D-465E-46E1-B2AF-158D82138BDC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CC16AD62-60C3-4A85-B1C1-20457F96EE2A}" = dir=out | name=weatherbug.a |
"{D2E10F39-2F33-46BC-A6B6-874552B8788D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{DD185709-FE62-4E79-872D-5B2CAFCC33E3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{E1AEBF14-30FA-4B5E-9E15-61CBADB6CC2F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8C07004-D371-43B1-AE13-0025FFF1B4D5}" = dir=out | name=tunein radio |
"{E9CD58D2-6BC6-41B5-B88F-97C4D8199C4F}" = protocol=1 | dir=in | [email protected],-28543 |
"{E9FFE379-E617-4BCD-88E9-64CD8150B6A8}" = dir=in | name=acer explorer |
"{EC3F9C43-65F1-433D-B39F-B1B549453EC5}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{EEAD1AFB-894F-44C2-95B2-8C211D577137}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{EF03D5AD-23B5-4453-B96D-BDB3DE99CD64}" = protocol=6 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe |
"{F0242B22-FA56-4B1C-A466-3CE39427BC9B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe |
"{F6C104D6-260B-434B-B89F-3EEC85BDB947}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe |
"{FC2BD62B-94E1-4BF4-8236-EA26957313EC}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{FD5D048D-E9D0-42EF-9173-D026165F1ED4}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{FE4D0575-F12A-4DA9-B5C3-F6D8CFE53589}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe |
"{FE71D4F8-DD41-44EB-9615-55AF6DECACED}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{FF44984B-2D29-4335-A0EA-A0470CC44559}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"TCP Query User{74CEA21D-F127-47E6-A9D9-048697A845BD}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{20EE32F8-2FCE-437D-A8BD-050C1946C599}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4E5AC9F2-19C8-0CA1-034B-A3056AD67E1C}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DBF565E2-B42B-B256-7DC8-B6240C53EF0D}" = AMD Accelerated Video Transcoding
"{E3A51D8F-668B-4D7B-8CF5-99D00F89A4A5}" = AMD Catalyst Install Manager
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1398DDAD-B984-275D-C61E-A1C5152450F8}" = CCC Help Finnish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF18EF2-2B14-CCFD-56FE-C5A84F66689C}" = CCC Help Hungarian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27D49E0E-422F-C9D3-56BC-CF0881C7A477}" = CCC Help Chinese Standard
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2E8B87B9-DBD2-B5A1-B1A7-C4228CFC193A}" = CCC Help Thai
"{2EE2F065-4B50-F7C4-5F6D-DA25874A0D0B}" = CCC Help Russian
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3F80D43E-2D98-EDD3-EBD6-2C14FA31EEB5}" = AMD VISION Engine Control Center
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}" = Nero BackItUp 12 Essentials OEM.a01
"{4DEE1489-ED1A-93BF-8EEF-6888A7846697}" = Catalyst Control Center InstallProxy
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6A450C9E-E017-4881-01F9-BD1E242E2AF0}" = CCC Help Dutch
"{6B60CF02-C313-3384-5A75-F8D548398803}" = CCC Help Turkish
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{904BD3AD-0841-8364-08D6-A41F48FAE30E}" = CCC Help Chinese Traditional
"{9669A51F-16AA-9DCB-6756-CEF9E140EC9C}" = CCC Help Korean
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA44AD4-B6B1-956C-92FF-043178C9CAE5}" = CCC Help Danish
"{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal
"{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ACD89BA8-EAA8-4D7F-F61C-4C072CEC354B}" = CCC Help Japanese
"{AD3317DB-5E17-C2E9-6E76-215157DF1792}" = CCC Help English
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{BC41D891-531E-FC55-CDD8-C1CDFABE13D3}" = CCC Help Swedish
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C8DA89DA-C203-EEF3-281E-E34AB1F2CC81}" = Catalyst Control Center Localization All
"{C8DB7D14-11F3-9B81-27C4-BEB7C11D3107}" = CCC Help Spanish
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CED122AA-03DA-E301-FE04-98784421E639}" = CCC Help French
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link DWA-140
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E342E703-8D0F-AAAD-FF90-0EBB60CF9C3A}" = CCC Help Greek
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EB8464D8-D611-4A2E-5962-DB47A70E4B73}" = CCC Help German
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EBE0919B-F97B-4D58-9B1D-9EEA3003718D}" = Catalyst Control Center - Branding
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F486E5F2-0300-FDA0-BE59-C8CE3CAC8165}" = CCC Help Portuguese
"{F546ACF6-5427-F740-FC98-EBDC65A018AB}" = CCC Help Polish
"{F61D13C7-7209-0AD0-6584-1FCE625EBB11}" = CCC Help Italian
"{F7AFD54C-285E-E3D8-D17F-BE1C24403AF0}" = CCC Help Norwegian
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE705EB4-D4F1-3B0C-8965-798B8B2FC0E8}" = CCC Help Czech
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Acer Remote1.0" = Acer Remote
"Avast" = avast! Free Antivirus
"BitZipper_is1" = BitZipper 2013
"EPSON Scanner" = EPSON Scan
"EPSON XP-102 103 Series Useg" = User's Guide EPSON XP-102 103 Series
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 2.1.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/01/2014 05:47:47 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2138

Error - 29/01/2014 10:05:22 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/01/2014 10:05:22 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15453693

Error - 29/01/2014 10:05:22 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15453693

Error - 29/01/2014 10:05:24 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/01/2014 10:05:24 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15455363

Error - 29/01/2014 10:05:24 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15455363

Error - 29/01/2014 18:33:29 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/01/2014 18:33:29 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1825

Error - 29/01/2014 18:33:29 | Computer Name = NEW-ACER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1825

[ System Events ]
Error - 28/01/2014 04:35:54 | Computer Name = NEW-ACER | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB2871690).

Error - 28/01/2014 04:35:55 | Computer Name = NEW-ACER | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB2892074).

Error - 28/01/2014 04:35:55 | Computer Name = NEW-ACER | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2913152).

Error - 28/01/2014 04:35:55 | Computer Name = NEW-ACER | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0922: Update for Windows 8 for x64-based Systems (KB2917499).

Error - 28/01/2014 04:35:55 | Computer Name = NEW-ACER | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB2893984).

Error - 28/01/2014 04:35:55 | Computer Name = NEW-ACER | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0922: Security Update for Windows 8 for x64-based Systems (KB2887069).

Error - 28/01/2014 07:20:41 | Computer Name = NEW-ACER | Source = DCOM | ID = 10016
Description =

Error - 28/01/2014 07:20:41 | Computer Name = NEW-ACER | Source = DCOM | ID = 10016
Description =

Error - 28/01/2014 07:29:05 | Computer Name = NEW-ACER | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 28/01/2014 07:34:39 | Computer Name = NEW-ACER | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =


< End of report >
-----------------------------------------
  • 0

#5
OZDOUG

OZDOUG

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
...& finally the GMER log
** Please note, this did not go as planned.
Firstly my system would not allow me to save the application file under the C: root directory so I had to put it one folder up.
When I ran the application I got the attached error message (GMER MESSAGE-1). I hit 'OK' & the application ran.
At the end of the run I got the attached error message (GMER MESSAGE-2). I hit 'OK' & I then got the attached error message (GMER MESSAGE-3). I hit 'OK' & the message advised the scan had run successfully.

The text of the GMER log is below:
------------------------------------
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-11 17:59:21
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 WDC_WD10EZEX-22RKKA0 rev.80.00A80 931.51GB
Running: 1rniu7d8.exe; Driver: C:\Users\ACER-D~1\AppData\Local\Temp\kfdcqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600006da00 7 bytes [40, CA, 81, 01, 00, 4C, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff9600006da08 7 bytes [01, EA, BF, FF, 00, C7, DA]

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\wininit.exe[600] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\services.exe[660] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[912] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[912] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f955c9177a 4 bytes [C9, 55, F9, 07]
.text C:\Windows\system32\atiesrxx.exe[912] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f955c91782 4 bytes [C9, 55, F9, 07]
.text C:\Windows\System32\svchost.exe[944] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\dwm.exe[984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[364] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[452] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[452] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f955c9177a 4 bytes [C9, 55, F9, 07]
.text C:\Windows\system32\atieclxx.exe[452] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f955c91782 4 bytes [C9, 55, F9, 07]
.text C:\Windows\System32\svchost.exe[1064] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1388] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1704] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1908] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1908] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f955c9177a 4 bytes [C9, 55, F9, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1908] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f955c91782 4 bytes [C9, 55, F9, 07]
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\EscSvc64.exe[1476] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\EscSvc64.exe[1476] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f955c9177a 4 bytes [C9, 55, F9, 07]
.text C:\Windows\system32\EscSvc64.exe[1476] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f955c91782 4 bytes [C9, 55, F9, 07]
.text C:\Windows\system32\svchost.exe[2708] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1688] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1688] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f94c021532 4 bytes [02, 4C, F9, 07]
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1688] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f94c02153a 4 bytes [02, 4C, F9, 07]
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1688] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f94c02165a 4 bytes [02, 4C, F9, 07]
.text C:\Windows\system32\SearchIndexer.exe[456] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[2360] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\Explorer.EXE[2260] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\Explorer.EXE[2260] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f94c021532 4 bytes [02, 4C, F9, 07]
.text C:\Windows\Explorer.EXE[2260] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f94c02153a 4 bytes [02, 4C, F9, 07]
.text C:\Windows\Explorer.EXE[2260] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f94c02165a 4 bytes [02, 4C, F9, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3472] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3472] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f94c021532 4 bytes [02, 4C, F9, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3472] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f94c02153a 4 bytes [02, 4C, F9, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3472] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f94c02165a 4 bytes [02, 4C, F9, 07]
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3548] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[300] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\wuauclt.exe[2236] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[3512] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[5072] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f953f7f7eb 1 byte [62]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [592:636] fffff960007535e8
Thread C:\Windows\system32\svchost.exe [1016:4656] 000007f9496f10f0
Thread C:\Windows\system32\svchost.exe [1016:2540] 000007f94bec16b0

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
------------------------------------------------------------

Attached Thumbnails

  • GMER MESSAGE-1.jpg
  • GMER MESSAGE-2.jpg
  • GMER MESSAGE-3.jpg

  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi OZDOUG,

Can you tell me is all browsers you use are infected with this or just one?

Please test all browsers you use and let me know results.
  • 0

#7
OZDOUG

OZDOUG

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Morning Maliprog,

I only ever use Google Chrome & it is running fine at the moment. Everything on my PC is still running fine....just now.

I seem to remember (?) reading in the message that came up from the 'Police' that the virus would be effective in 12hrs, so I would expect to see it be active this morning.

If nothing has shown up in the files/logs I sent you then maybe this thing was stopped by Avast....maybe?

Should we wait & see what happens today?
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi there,

I would like to wait because I don't see any trace of it in OTL log. Please test your system for 24 hours and let me know results.

I'll be here...
  • 0

#9
OZDOUG

OZDOUG

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Will do....I'll let you know what happens! Thanks again :thumbsup:
  • 0

#10
OZDOUG

OZDOUG

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Hi Maliprog.
So, more than 24hrs now & no indication of any issues with my PC....which is a good thing I think.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi OZDOUG,

Nice to hear that. Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP