Jump to content

Eric72

Honorary Members
  • Posts

    50
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Great, thanks so much for all the help! Will make sure I stay up to date from now on. Thanks!
  2. Cool, I gave it some extra time, an yeah it just needed to get past the bigger files. ESET log: C:\Users\Eric\Downloads\OrbitDownloader4101.exe Win32/OpenCandy application deleted - quarantined C:\Users\Eric\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application deleted - quarantined C:\Users\Eric\Downloads\OrbitSetup4.0.7.exe Win32/OpenCandy application deleted - quarantined C:\Users\Eric\Downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application deleted - quarantined
  3. I updated Adobe & Java without problem, but while running ESET it gets as far as C:\ACER\Preload\Autorun\APP\NTI Media Maker\Data1.cab and doesn't make any progress after that. It hasn't hung the laptop, and the timer on ESET is still working, but it just won't scan past that item. The first time it stopped at around 2 minutes, and stayed like that for another 10 minutes, so I exited it and tried again, but it's stopped at that same item again.
  4. No weird messages, everything running normal this time! All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Eric\LOCALS~1\Temp\mssmlou.com deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Desktop ->Temp folder emptied: 0 bytes User: Eric ->Temp folder emptied: 237366 bytes ->Temporary Internet Files folder emptied: 813350 bytes ->Java cache emptied: 6473393 bytes ->FireFox cache emptied: 44926059 bytes ->Flash cache emptied: 5355 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8658373 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 54204 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 58.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04142012_134218 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot. Registry entries deleted on Reboot...
  5. OTL: OTL logfile created on: 14/04/2012 13:25:09 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Eric\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.22% Memory free 6.19 Gb Paging File | 4.88 Gb Available in Paging File | 78.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 90.44 Gb Free Space | 30.34% Space Free | Partition Type: NTFS Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/14 13:24:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe PRC - [2012/04/14 12:47:34 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Eric\AppData\Local\temp\RtkBtMnt.exe PRC - [2012/03/14 09:33:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/02/26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012/02/16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe PRC - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011/08/24 02:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerDVD11\PDVD11Serv.exe PRC - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/06/28 22:26:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/28 10:22:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/03/03 09:38:32 | 000,380,416 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe PRC - [2011/02/26 16:18:20 | 003,474,432 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe PRC - [2011/02/26 16:18:09 | 003,659,264 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/12/16 17:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2009/04/10 23:28:06 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/04/28 12:18:26 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008/04/22 12:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008/03/21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008/03/12 03:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008/03/07 11:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008/03/05 15:55:24 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008/03/05 15:55:16 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008/03/05 12:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe PRC - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008/03/05 07:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008/03/04 21:21:06 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008/02/26 09:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008/01/10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2007/12/11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007/10/23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/04/24 19:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007/03/27 13:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe ========== Modules (No Company Name) ========== MOD - [2012/04/12 15:43:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86f6e2383ca898849c321080b32b66f8\System.ServiceProcess.ni.dll MOD - [2012/04/12 15:43:35 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll MOD - [2012/04/12 15:38:12 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll MOD - [2012/04/12 15:38:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll MOD - [2012/03/14 09:33:41 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll MOD - [2012/02/16 12:13:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll MOD - [2012/02/16 12:11:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MOD - [2012/02/16 12:09:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012/02/16 12:09:06 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll MOD - [2012/02/16 12:07:51 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011/10/13 15:28:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011/06/28 11:03:20 | 000,438,272 | ---- | M] () -- C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll MOD - [2011/06/27 11:13:12 | 000,094,208 | ---- | M] () -- C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll MOD - [2011/03/03 09:38:32 | 000,380,416 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe MOD - [2011/02/26 16:39:59 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2011/02/26 16:39:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll MOD - [2011/02/26 16:39:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2011/02/12 09:22:44 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3050.37261__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011/02/12 09:22:44 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3050.37221__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011/02/12 09:22:44 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3050.37274__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011/02/12 09:22:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3050.37253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011/02/12 09:22:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3050.37240__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011/02/12 09:22:43 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3050.37475__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011/02/12 09:22:43 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3050.37446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011/02/12 09:22:43 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3050.37411__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011/02/12 09:22:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3050.37370__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011/02/12 09:22:30 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3050.37234__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011/02/12 09:22:29 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3050.37482__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011/02/12 09:22:29 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3050.37425__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011/02/12 09:22:28 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3050.37372__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011/02/12 09:22:28 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3050.37365__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011/02/12 09:22:28 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3050.37241__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011/02/12 09:22:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3050.37405__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011/02/12 09:22:28 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3050.37293__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011/02/12 09:22:28 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3050.37281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011/02/12 09:22:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3050.37371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011/02/12 09:22:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3050.37377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011/02/12 09:22:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3050.37404__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011/02/12 09:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011/02/12 09:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011/02/12 09:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011/02/12 09:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011/02/12 09:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011/02/12 09:22:28 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011/02/12 09:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011/02/12 09:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011/02/12 09:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011/02/12 09:22:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011/02/12 09:22:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011/02/12 09:22:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011/02/12 09:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011/02/12 09:22:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011/02/12 09:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011/02/12 09:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011/02/12 09:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011/02/12 09:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011/02/12 09:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011/02/12 09:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011/02/12 09:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2011/02/12 09:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011/02/12 09:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011/02/12 09:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011/02/12 09:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011/02/12 09:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011/02/12 09:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011/02/12 09:22:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011/02/12 09:22:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011/02/12 09:22:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011/02/12 09:22:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011/02/12 09:22:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011/02/12 09:22:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011/02/12 09:22:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011/02/12 09:22:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2011/02/12 09:22:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011/02/12 09:22:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2011/02/12 09:22:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011/02/12 09:22:22 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3050.37228__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011/02/12 09:22:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3050.37248__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011/02/12 09:22:22 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3050.37467__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011/02/12 09:22:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011/02/12 09:22:22 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3050.37215__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011/02/12 09:22:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3050.37466__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011/02/12 09:22:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011/02/12 09:22:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011/02/12 09:22:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011/02/12 09:22:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3050.37493__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011/02/12 09:22:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011/02/12 09:22:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3050.37467__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011/02/12 09:22:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011/02/12 09:22:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011/02/12 09:22:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011/02/12 09:22:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2011/02/12 09:22:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2011/02/12 09:22:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011/02/12 09:22:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3050.37213__90ba9c70f846762e\APM.Server.dll MOD - [2011/02/12 09:22:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3050.37213__90ba9c70f846762e\AEM.Server.dll MOD - [2011/02/12 09:22:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008/05/08 15:14:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008/03/11 17:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008/03/05 15:55:28 | 000,753,664 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2008/03/05 15:55:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008/03/05 07:38:16 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008/02/25 10:00:54 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2007/10/23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007/09/11 12:12:08 | 000,475,136 | ---- | M] () -- C:\Program Files\Acer\Acer VCM\AcerControl.dll MOD - [2007/04/24 19:44:26 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007/04/24 19:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2003/06/07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011/06/28 22:26:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 10:22:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/02/26 16:18:20 | 003,474,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/12/16 17:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2008/04/22 12:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008/03/21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/01/10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007/12/11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2011/09/27 02:47:48 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/09/02 12:08:46 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/09/22 17:39:28] [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/08/24 02:13:44 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD) DRV - [2011/06/28 22:26:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/28 22:26:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/02/26 16:18:13 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/12/09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009/08/20 08:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008/05/08 18:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/04/22 12:02:34 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008/03/21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/03/05 09:25:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008/02/29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/02/17 20:31:00 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008/01/16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2008/01/08 20:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/12/19 01:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2006/11/29 06:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50) DRV - [2006/11/02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 2E BF 0D 64 19 CD 01 [binary data] IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=4026b9a7000000000000001de0cc9403 IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.7 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 09:40:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/14 09:33:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B5360CBC-EB19-437D-BEF0-4E40D753FB3C}: C:\Users\Eric\AppData\Local\{B5360CBC-EB19-437D-BEF0-4E40D753FB3C}\ FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Eric\AppData\Roaming\IDM\idmmzcc5 [2011/12/30 19:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions [2011/12/30 19:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com [2012/04/14 12:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions [2011/12/22 18:30:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/07/10 21:37:19 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} [2011/12/22 18:30:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/06/05 21:16:00 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} [2011/12/22 18:30:44 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\anttoolbar@ant.com [2011/12/22 18:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\anttoolbar@ant.com-trash [2012/04/08 01:23:24 | 000,003,915 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\searchplugins\sweetim.xml [2012/04/13 12:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/03/06 22:01:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/07/02 21:38:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/12/09 16:09:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012/01/30 01:28:52 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/04/21 00:07:17 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/01/29 17:10:19 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/04/21 00:07:17 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/04/21 00:07:17 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/04/21 00:07:17 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2012/04/14 11:12:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) F3 - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000 WinNT: Load - (C:\Users\Eric\LOCALS~1\Temp\mssmlou.com) - File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 155.198.142.7 155.198.142.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28F30A1C-9488-42F2-A329-4B76799E8FE7}: DhcpNameServer = 155.198.142.7 155.198.142.8 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Eric\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Eric\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/14 13:24:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2012/04/14 12:45:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/04/14 11:16:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\temp [2012/04/14 11:15:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/04/14 10:59:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/14 10:59:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/14 10:59:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/14 10:59:08 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/04/14 10:31:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/13 12:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/04/13 02:18:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\gizza [2012/04/12 15:42:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/04/12 15:42:28 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/04/12 15:42:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/04/12 15:42:26 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/04/12 15:42:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/04/12 15:42:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/04/12 15:42:06 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/04/12 15:42:06 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/04/08 01:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012/04/08 01:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012/04/08 01:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012/04/08 01:22:35 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Google [2012/04/08 01:22:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Codec-V [2012/04/08 01:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Codec-V [2012/04/08 01:22:22 | 000,000,000 | ---D | C] -- C:\codec-info [2012/04/08 01:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate ========== Files - Modified Within 30 Days ========== [2012/04/14 13:25:36 | 000,224,256 | ---- | M] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/14 13:24:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2012/04/14 12:52:12 | 000,660,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/14 12:52:12 | 000,129,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/14 12:45:11 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/14 12:45:11 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/14 12:45:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/14 12:45:01 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012/04/14 11:12:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/04/13 11:57:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/04/13 11:50:59 | 000,001,356 | ---- | M] () -- C:\Users\Eric\AppData\Local\d3d9caps.dat [2012/04/10 09:09:55 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/08 01:23:00 | 000,000,248 | ---- | M] () -- C:\Users\Eric\Desktop\SweetPcFix.url [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/04/14 12:45:01 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2012/04/14 10:59:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/14 10:59:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/14 10:59:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/14 10:59:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/14 10:59:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/08 01:23:00 | 000,000,248 | ---- | C] () -- C:\Users\Eric\Desktop\SweetPcFix.url [2011/07/10 21:55:31 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat [2011/07/10 21:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Local\Schedule8.dat [2011/07/02 22:18:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/07/02 22:17:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/06/14 16:50:30 | 000,510,976 | ---- | C] () -- C:\Windows\System32\synsoacc.dll [2011/05/31 15:14:53 | 000,000,264 | ---- | C] () -- C:\Windows\_delis32.ini [2011/05/31 15:14:44 | 000,000,632 | ---- | C] () -- C:\Windows\Sofplat.INI [2011/05/13 14:07:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011/04/15 20:50:13 | 000,001,356 | ---- | C] () -- C:\Users\Eric\AppData\Local\d3d9caps.dat [2011/02/28 13:04:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/02/26 17:36:25 | 000,224,256 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/26 16:27:41 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011/02/26 16:27:41 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe [2011/02/26 16:27:41 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini [2011/02/26 16:18:39 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2011/02/26 16:18:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/12 09:21:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/06/25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll < End of report > EXTRAS: OTL Extras logfile created on: 14/04/2012 13:25:09 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Eric\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.22% Memory free 6.19 Gb Paging File | 4.88 Gb Available in Paging File | 78.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 90.44 Gb Free Space | 30.34% Space Free | Partition Type: NTFS Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{684EA8C1-35D3-4A54-9664-C4CB9C423927}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05995A65-61B1-4DE5-8E30-CED3246E3D69}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{060DF8CA-D797-4B32-8999-D900724B3353}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | "{08B2F51D-DDC9-42CF-A5DF-EE8C5F58A350}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{18C0553F-8B83-455E-90A2-37D44B60FFE8}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | "{1941BF53-AEDB-4B57-A9A3-A5A7B009BEDC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1B92F18C-FE09-4E23-9F8D-6DAFE8B7B976}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{2372926D-D06D-4912-A5A9-42B0CA1035D8}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{37E63E76-3C4C-493A-9B81-CE348263EF27}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{435A97D9-0136-433A-9746-AF82ABC2B52B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{47CBB50D-A339-4603-A715-AF656529BFDF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{52DAA8D3-1F8B-44ED-A795-215D061EF317}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{748DE669-0A1B-4F25-9B50-8559497E3208}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | "{792080E6-5F54-4B34-AE34-E83A1E9C2CB6}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{811F00AB-9037-4A29-B384-0FA2F82FAFB4}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{9583A5FF-9971-45DB-9BCE-F83AF574995E}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | "{9A240BF5-5983-4553-AAF3-71121F3C5525}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe | "{9BD5C089-7D29-4820-9BBC-5F8B1EA4E3BC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{A4BCA0F1-6A98-4E8F-A186-E48F7BE02A1E}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe | "{C21A2371-A0EE-4F87-9D18-73D6CDB2F713}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\moviemodule.exe | "{C4F95D9A-E4A6-4128-BA56-64416467C628}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{EAE93F48-EADC-4412-8ABE-1C765AD7866B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ED7F9E70-265F-4258-8C94-590303D890C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{EF4D3131-F7E5-4053-A339-62BE19BE89C2}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{F81E8A9B-5069-4E37-BA68-758DD12470A3}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{FB2A2540-E766-4F45-9422-6F07F47DE126}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "TCP Query User{061CE710-5694-4047-BE92-E419A2E14520}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{1C37E673-496E-4169-ACD2-6FA100094EA3}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "TCP Query User{4056CCCC-AF22-47DA-AD80-5624360363B4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{431115C4-E230-4940-A45B-97CA97C301D9}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{809E31E7-5C20-4A13-9704-F1327516A28D}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe | "TCP Query User{AF1720A7-C334-44DE-A592-D93DA320C59C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{B02B5B43-1E5A-4880-BE30-5F8645FB6317}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{BB2875B9-486E-4A2C-9F50-20D007D9FB6E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C49A76A5-D175-47B6-9A0B-057781F39C85}C:\users\eric\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\eric\appdata\roaming\spotify\spotify.exe | "TCP Query User{EEF30B05-A174-4FF8-A6C0-70F455A63009}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{63634F3C-3EDD-4102-AAC9-F3AACCC62C7A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{6B4924F6-68B8-445C-BC5C-F75B66F658F5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6B6C57B6-3639-408F-BF68-16E173B62112}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe | "UDP Query User{85752273-830B-400F-8FF7-0650F6F4787A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{A3FACE3D-8870-4790-A274-2E7C46E98471}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{AB0077BD-809E-422B-95F6-FF8FF2801510}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{BB3293E8-63C0-4E38-A6D3-591080269FCD}C:\users\eric\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\eric\appdata\roaming\spotify\spotify.exe | "UDP Query User{BE31F0DF-9B5B-483C-A938-D12F37DAD6AD}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | "UDP Query User{D08145FE-660E-4F7C-A309-0EB0EFC794E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{F6555C09-F5A0-48A4-884E-80B410B2054D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0A1984C3-5036-5B5F-F18E-16453EF5A6E1}" = Catalyst Control Center Localization Swedish "{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{155BBB23-C7A5-223C-3B33-289089D6E0A2}" = Catalyst Control Center Localization Finnish "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24F149E4-D897-9046-48A5-87CD67F81865}" = CCC Help Polish "{25C1AF96-1F59-A1CE-3135-B38AFAA5C614}" = CCC Help Czech "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 29 "{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing "{27B7371A-7AA2-CC5B-6377-72161660F0BE}" = CCC Help Chinese Traditional "{29F3D466-E05F-CBB6-63E9-01C85C083FCD}" = CCC Help French "{2CB2E1AE-B62A-3F43-9DD0-EF73467977AC}" = Catalyst Control Center Localization Hungarian "{2F488C61-0855-43D2-847D-AB703AA4D1ED}" = Minitab16 "{30BDD0BE-6A51-6DDD-197D-EFCE3B0EF79D}" = CCC Help German "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver "{358C26F2-5B99-A7E9-18CF-2AE6BC97289B}" = Catalyst Control Center Localization Czech "{3C277F75-605E-BFFE-4F87-27709C92370C}" = Catalyst Control Center Localization Portuguese "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{4BD4AA8B-3C63-26AB-1CA3-010475A9EA72}" = CCC Help Portuguese "{5262BAD6-5AB7-1490-A65C-D06368F07FF1}" = Catalyst Control Center Localization Italian "{53F44183-B716-8D7D-053E-CB8039B38E74}" = CCC Help Hungarian "{5539EBB1-4BB9-21E5-921B-16E8886639D3}" = Catalyst Control Center Localization Chinese Traditional "{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A89D38C-B9FE-ECFF-B90E-B9DEC8C8F2D8}" = Catalyst Control Center Localization Greek "{5B1519C1-265C-C636-C414-F1E150B4F0AA}" = CCC Help Turkish "{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5 "{6184B5A4-1355-A8D6-CE24-8F7EE887CBF3}" = CCC Help Norwegian "{62F75265-0C68-46BC-8E7E-AB14E1C281F4}" = Minitab16 "{650BDC60-79C7-383B-2E9C-B8FF3909A127}" = Catalyst Control Center Localization Spanish "{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{6CF428B5-D735-4A0B-AA3F-693AC9285D45}" = Minitab16 "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{790DA23A-126B-91A9-FAB7-13EF66724253}" = CCC Help Swedish "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7DBDAAAB-8639-B59D-798A-32458B7380F9}" = Catalyst Control Center Localization Norwegian "{7E96828D-B970-B1A9-3D9F-7EC3624785D0}" = Catalyst Control Center Localization German "{7ECBF19A-78EC-1665-7E1C-B3E92B07F7CC}" = CCC Help Japanese "{80C1F369-F876-3D19-7816-B7800E7A6961}" = CCC Help Greek "{827CFE4D-8687-9E1E-0A72-587BFF0B0D3A}" = CCC Help Thai "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF60AF6-B109-D3A4-4367-B3620CBA37A7}" = CCC Help Finnish "{9ED61802-0F47-F846-FA23-67CE3E4BD427}" = CCC Help Italian "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{AE2C968B-8A14-ABA2-D742-14E575104BCD}" = Catalyst Control Center Localization Korean "{b2042d5e-986d-44ec-aee3-afe4108ccc93}" = Python 3.2 "{B6988D5B-4325-F1F7-B0E5-C4CCCD01E6B8}" = Catalyst Control Center Localization Thai "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B734B040-25BB-02CA-39BD-FD6D070EDDAB}" = Catalyst Control Center Localization Danish "{B86EE516-7CB4-E4C3-8382-010D4F2807F5}" = CCC Help Korean "{B9D9B170-6A42-4AD0-8DBE-10E0EF29B0A3}" = Bootstrapper "{BB01F512-272A-3C70-DA60-884C8BBC39DD}" = Catalyst Control Center Localization Chinese Standard "{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation "{BD5106DF-C061-5736-F1A5-F114BAA63759}" = CCC Help Russian "{C03A43DF-CEE0-6D82-D2D3-781CCE1FC24E}" = Catalyst Control Center Localization Japanese "{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins "{C8256DAF-828E-7E91-FB83-D900AA8E3C86}" = CCC Help Danish "{C9429012-1CBE-E0CA-0955-CC53E0F2115F}" = CCC Help Chinese Standard "{CB9B619A-EEA1-BFAB-6CA5-1FC655E2A0DA}" = Catalyst Control Center Localization Turkish "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.58.429 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static "{E08C03D7-AE05-0458-2D14-78F219316933}" = Catalyst Control Center Localization Dutch "{E4FD0200-A7DB-2D5A-B5B1-DBC0A184C9B2}" = Catalyst Control Center Localization Russian "{E9BA4A79-BD4C-52E3-F34F-85B1CC62EE15}" = Catalyst Control Center Localization Polish "{E9D20FA4-7CA6-F243-A503-CA961CCD2277}" = CCC Help Spanish "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EF9E54C1-2D5F-DDA8-8E7B-0CD3EF89C8E4}" = Catalyst Control Center Localization French "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver "{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable "{FD2B6E20-5344-07B4-C210-B57611E02906}" = CCC Help Dutch "Acer Acer Bio Protection 6.0.00.12" = Acer Bio Protection AAV 6.0.00.12 "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Codec-V" = Codec-V "Comical_is1" = Comical 0.8 "ComicRack" = ComicRack v0.9.142 "DAEMON Tools Lite" = DAEMON Tools Lite "DAPlayer_is1" = DAPlayer 1.0.1.9 "DivX Setup" = DivX Setup "ESET Online Scanner" = ESET Online Scanner v3 "FastStone Image Viewer" = FastStone Image Viewer 4.6 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Minitab16" = Minitab 16 "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) "Orbit_is1" = Orbit Downloader "Philips Songbird" = Philips Songbird "Spotify" = Spotify "Steinberg Cubase SX v2.2.0.35" = Steinberg Cubase SX v2.2.0.35 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Transcribe!_is1" = Transcribe! 8.00 "VLC media player" = VLC media player 1.1.9 "WinDjView" = WinDjView 1.0.3 "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR 4.00 beta 7 (32-bit) "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "QUICKMEDIACONVERTER" = Quick Media Converter ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  6. When I started it up, I got a message saying "Could not load or run 'C:\Users\Eric\Locals~1\Temp\mssmlou.com' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry." After I get rid of that error message, the system tray icons load up like normal, including Avira, and it looks like everything is working normally, thanks!
  7. Okay, it ran with no problem, I've attached the log: combofixlog.txt
  8. Hi Elise, When I start the process with ComboFix, it tells me that Avira AntiVir is running, but since I'm in safe mode, there's no AntiVir icon in the system tray, and starting Avira directly shows that AntiVir Guard was already disabled before I got the prompt from ComboFix, is it okay to continue?
  9. Hi, I recently got the UKASH scam turning up on my laptop. I've tried running rkill before it gets a chance to pop up, but that doesn't stop it. The only way around it is to run my laptop in safe mode. Running it in safe mode, I can run malwarebytes, but it doesn't pick up any detections at all. Any help would be appreciated, thanks! dds.txt attach.txt
  10. Everything's behaving normally! Thankyou!
  11. MBAM log: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.01.31.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Eric :: ERIC-PC [administrator] 31/01/2012 21:39:19 mbam-log-2012-01-31 (21-39-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 181582 Time elapsed: 7 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=9ffb1e2415daf1408285ea7de01f1696 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-31 11:09:18 # local_time=2012-01-31 11:09:18 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 358095 64583150 191893 0 # compatibility_mode=5892 16776573 100 100 14750 165579329 0 0 # compatibility_mode=8192 67108863 100 0 24728412 24728412 0 0 # scanned=153298 # found=3 # cleaned=3 # scan_time=4757 C:\Users\Eric\Downloads\cnet_Install-Hd-4-5-0-2_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01302012_172614\C_Users\Eric\AppData\Local\qdiqnjcm\ygwdxjia.exe Win32/Ramnit.A virus (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01302012_172614\C_Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ygwdxjia.exe Win32/Ramnit.A virus (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  12. Alright, no problem: ComboFix 12-01-30.02 - Eric 31/01/2012 21:19:52.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1687 [GMT 0:00] Running from: c:\users\Eric\Desktop\ComboFix.exe Command switches used :: c:\users\Eric\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "C:\user.js" . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 ))))))))))))))))))))))))))))))) . . 2012-01-31 21:28 . 2012-01-31 21:28 -------- d-----w- c:\users\Eric\AppData\Local\temp 2012-01-31 21:28 . 2012-01-31 21:28 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-01-31 21:28 . 2012-01-31 21:28 -------- d-----w- c:\users\Desktop\AppData\Local\temp 2012-01-31 21:28 . 2012-01-31 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-31 18:44 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78D135A9-9E7C-4EAD-AD77-C1185AB4AEE9}\mpengine.dll 2012-01-30 17:26 . 2012-01-30 17:26 -------- d-----w- C:\_OTL 2012-01-30 00:28 . 2012-01-30 00:28 -------- d-----w- c:\program files\Orbitdownloader 2012-01-29 16:10 . 2012-01-29 16:10 243 ----a-w- C:\user.js 2012-01-13 13:43 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-13 13:43 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-13 13:43 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-13 13:43 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-13 13:43 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-13 13:43 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-11 20:59 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-11 20:59 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-11 20:59 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 20:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-11 20:59 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-11 20:59 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-01-11 20:59 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 20:59 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 15:24 . 2011-03-01 18:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-07 10:08 . 2011-02-27 02:00 236576 ------w- c:\windows\system32\MpSigStub.exe 2011-11-23 13:37 . 2011-12-14 12:35 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-08 14:42 . 2011-12-14 12:20 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-03 22:47 . 2011-12-15 03:01 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-11-03 22:40 . 2011-12-15 03:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-03 22:39 . 2011-12-15 03:01 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-03 22:31 . 2011-12-15 03:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-05 06:38 121392 ------w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-12 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-26 34040] "RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2011-02-26 3659264] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-03-05 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-03-05 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-03-04 167936] "RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-03-03 380416] . c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-2-26 1216512] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2011-02-26 15:18 3024896 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Supplementary Scan ------- . mStart Page = hxxp://en.uk.acer.yahoo.com IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 155.198.142.7 155.198.142.8 FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-31 21:28 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*å^Oo] @Class="Shell" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*å^Oo\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*n*d*º`Û%\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*n*d*£ÚwN\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*s*h*l*e*Ë00\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*s*h*l*e*ñËø2\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*wZÉc\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*b*^09] @Class="Shell" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*b*^09\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3376) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\system32\btmmhook.dll c:\windows\System32\SysHook.dll . Completion time: 2012-01-31 21:31:16 ComboFix-quarantined-files.txt 2012-01-31 21:31 ComboFix2.txt 2012-01-31 12:24 . Pre-Run: 72,279,769,088 bytes free Post-Run: 72,253,968,384 bytes free . - - End Of File - - DFE0AF99D9E8188627F5B0410275BBCC
  13. Here you go: ComboFix 12-01-30.02 - Eric 31/01/2012 12:11:55.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1857 [GMT 0:00] Running from: c:\users\Eric\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Eric\AppData\Local\akauylqy.log c:\users\Eric\AppData\Local\bbhiuixv.log c:\users\Eric\AppData\Local\cxwbspxp.log c:\users\Eric\AppData\Local\ftusbeht.log c:\users\Eric\AppData\Local\mabysbym.log c:\users\Eric\AppData\Local\osrvfads.log c:\users\Eric\AppData\Local\shklkjdq.log c:\users\Eric\AppData\Local\TempDIR c:\users\Eric\AppData\Local\TempDIR\BetterInstaller.exe c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 ))))))))))))))))))))))))))))))) . . 2012-01-30 17:26 . 2012-01-30 17:26 -------- d-----w- C:\_OTL 2012-01-30 00:28 . 2012-01-30 00:28 -------- d-----w- c:\program files\Orbitdownloader 2012-01-29 16:10 . 2012-01-29 16:10 243 ----a-w- C:\user.js 2012-01-27 09:08 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39CD746A-8B22-4EDA-AFF4-9BF0084AFEBC}\mpengine.dll 2012-01-13 13:43 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-13 13:43 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-13 13:43 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-13 13:43 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-13 13:43 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-13 13:43 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-11 20:59 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-11 20:59 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-11 20:59 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 20:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-11 20:59 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-11 20:59 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-01-11 20:59 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 20:59 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 15:24 . 2011-03-01 18:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-07 10:08 . 2011-02-27 02:00 236576 ------w- c:\windows\system32\MpSigStub.exe 2011-11-23 13:37 . 2011-12-14 12:35 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-08 14:42 . 2011-12-14 12:20 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-03 22:47 . 2011-12-15 03:01 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-11-03 22:40 . 2011-12-15 03:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-03 22:39 . 2011-12-15 03:01 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-03 22:31 . 2011-12-15 03:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-05 06:38 121392 ------w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-12 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-26 34040] "RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2011-02-26 3659264] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-03-05 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-03-05 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-03-04 167936] "RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-03-03 380416] . c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-2-26 1216512] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2011-02-26 15:18 3024896 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Supplementary Scan ------- . uStart Page = mStart Page = hxxp://en.uk.acer.yahoo.com IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 155.198.142.7 155.198.142.8 FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\ FF - prefs.js: browser.search.selectedEngine - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.http.accept-encoding - FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: extensions.BabylonToolbar_i.id - 4026b9a7000000000000001de0cc9403 FF - user.js: extensions.BabylonToolbar_i.hardId - 4026b9a7000000000000001de0cc9403 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15368 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:10 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb5 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789 FF - user.js: extensions.BabylonToolbar_i.babExt - somoto FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . HKCU-Run-YgwDxjia - c:\users\Eric\AppData\Local\qdiqnjcm\ygwdxjia.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-31 12:20 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*å^Oo] @Class="Shell" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*å^Oo\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*n*d*º`Û%\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*n*d*£ÚwN\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*s*h*l*e*Ë00\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*s*h*l*e*ñËø2\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*wZÉc\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*b*^09] @Class="Shell" . [HKEY_USERS\S-1-5-21-2844847763-3726028296-3422661878-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*b*^09\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3968) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\system32\btmmhook.dll c:\windows\System32\SysHook.dll . Completion time: 2012-01-31 12:24:07 ComboFix-quarantined-files.txt 2012-01-31 12:24 . Pre-Run: 75,114,446,848 bytes free Post-Run: 75,225,333,760 bytes free . - - End Of File - - 6CCEAA393294F479B8BEA15FD9EC7D76
  14. OTL logfile created on: 30/01/2012 17:29:38 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 64.90% Memory free 6.19 Gb Paging File | 5.09 Gb Available in Paging File | 82.19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 69.88 Gb Free Space | 23.44% Space Free | Partition Type: NTFS Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/29 21:15:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe PRC - [2011/12/21 21:49:40 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/12/09 14:50:33 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Eric\AppData\Local\temp\RtkBtMnt.exe PRC - [2011/09/02 04:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe PRC - [2011/09/02 04:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011/08/24 01:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerDVD11\PDVD11Serv.exe PRC - [2011/08/24 01:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/06/28 21:26:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/28 09:22:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/04 13:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/03/03 08:38:32 | 000,380,416 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe PRC - [2011/02/26 15:18:20 | 003,474,432 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe PRC - [2011/02/26 15:18:09 | 003,659,264 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/04/22 11:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008/03/21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008/03/12 02:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008/03/07 10:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008/03/05 14:55:24 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008/03/05 14:55:16 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008/03/05 06:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008/03/05 06:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008/03/04 20:21:06 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008/02/26 08:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/01/16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008/01/10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2007/12/11 03:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007/12/06 23:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/10/03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/04/24 18:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (No Company Name) ========== MOD - [2012/01/03 03:04:46 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll MOD - [2012/01/03 03:04:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll MOD - [2011/12/21 21:49:40 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll MOD - [2011/10/13 14:47:07 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll MOD - [2011/10/13 14:31:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011/10/13 14:30:45 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011/10/13 14:30:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011/10/13 14:29:19 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011/10/13 14:28:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011/06/28 10:03:20 | 000,438,272 | ---- | M] () -- C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll MOD - [2011/06/27 10:13:12 | 000,094,208 | ---- | M] () -- C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll MOD - [2011/03/03 08:38:32 | 000,380,416 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe MOD - [2011/02/26 15:39:59 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2011/02/26 15:39:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll MOD - [2011/02/26 15:39:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2011/02/22 17:01:26 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2011/02/12 08:22:44 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3050.37261__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011/02/12 08:22:44 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3050.37221__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011/02/12 08:22:44 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3050.37274__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011/02/12 08:22:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3050.37253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011/02/12 08:22:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3050.37240__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011/02/12 08:22:43 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3050.37475__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011/02/12 08:22:43 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3050.37446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011/02/12 08:22:43 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3050.37411__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011/02/12 08:22:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3050.37370__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011/02/12 08:22:30 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3050.37234__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011/02/12 08:22:29 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3050.37482__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011/02/12 08:22:29 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3050.37425__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011/02/12 08:22:28 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3050.37372__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011/02/12 08:22:28 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3050.37365__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011/02/12 08:22:28 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3050.37241__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011/02/12 08:22:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3050.37405__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011/02/12 08:22:28 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3050.37293__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011/02/12 08:22:28 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3050.37281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011/02/12 08:22:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3050.37371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011/02/12 08:22:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3050.37377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011/02/12 08:22:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3050.37404__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011/02/12 08:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011/02/12 08:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011/02/12 08:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011/02/12 08:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011/02/12 08:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011/02/12 08:22:28 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011/02/12 08:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011/02/12 08:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011/02/12 08:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011/02/12 08:22:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011/02/12 08:22:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011/02/12 08:22:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011/02/12 08:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011/02/12 08:22:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011/02/12 08:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011/02/12 08:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011/02/12 08:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011/02/12 08:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011/02/12 08:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011/02/12 08:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011/02/12 08:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2011/02/12 08:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011/02/12 08:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011/02/12 08:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011/02/12 08:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011/02/12 08:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011/02/12 08:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011/02/12 08:22:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011/02/12 08:22:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011/02/12 08:22:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011/02/12 08:22:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011/02/12 08:22:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011/02/12 08:22:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011/02/12 08:22:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011/02/12 08:22:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2011/02/12 08:22:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011/02/12 08:22:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2011/02/12 08:22:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011/02/12 08:22:22 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3050.37228__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011/02/12 08:22:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3050.37248__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011/02/12 08:22:22 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3050.37467__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011/02/12 08:22:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011/02/12 08:22:22 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3050.37215__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011/02/12 08:22:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3050.37466__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011/02/12 08:22:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011/02/12 08:22:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011/02/12 08:22:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011/02/12 08:22:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3050.37493__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011/02/12 08:22:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011/02/12 08:22:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3050.37467__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011/02/12 08:22:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011/02/12 08:22:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011/02/12 08:22:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011/02/12 08:22:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2011/02/12 08:22:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2011/02/12 08:22:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011/02/12 08:22:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3050.37213__90ba9c70f846762e\APM.Server.dll MOD - [2011/02/12 08:22:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3050.37213__90ba9c70f846762e\AEM.Server.dll MOD - [2011/02/12 08:22:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008/05/08 14:14:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008/03/11 16:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008/03/05 14:55:28 | 000,753,664 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2008/03/05 14:55:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008/03/05 06:38:16 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008/02/25 09:00:54 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007/04/24 18:44:26 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007/04/24 18:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll ========== Win32 Services (SafeList) ========== SRV - [2011/09/02 04:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/02 04:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/08/24 01:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011/06/28 21:26:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 09:22:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/02/26 15:18:20 | 003,474,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2010/06/25 17:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2008/04/22 11:02:06 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008/03/21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008/03/05 06:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/01/10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007/12/11 03:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007/12/06 23:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® ========== Driver Services (SafeList) ========== DRV - [2011/09/27 01:47:48 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/09/02 11:08:46 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/09/22 17:39:28] [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/08/24 01:13:44 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD) DRV - [2011/06/28 21:26:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/28 21:26:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/02/26 15:18:13 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF) DRV - [2010/06/25 17:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010/06/17 13:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008/05/08 17:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/04/22 11:02:34 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008/03/21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/03/05 08:25:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008/02/29 07:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/02/17 19:31:00 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008/01/16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2008/01/08 19:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/12/19 00:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2006/11/29 05:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50) DRV - [2006/11/02 13:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.7 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 21:49:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/01 15:08:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B5360CBC-EB19-437D-BEF0-4E40D753FB3C}: C:\Users\Eric\AppData\Local\{B5360CBC-EB19-437D-BEF0-4E40D753FB3C}\ FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Eric\AppData\Roaming\IDM\idmmzcc5 [2011/12/30 18:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions [2011/12/30 18:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com [2012/01/30 00:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions [2011/12/22 17:30:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/07/10 20:37:19 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} [2011/12/22 17:30:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/06/05 20:16:00 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} [2011/12/22 17:30:44 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\anttoolbar@ant.com [2011/12/22 17:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\2pxu152n.default\extensions\anttoolbar@ant.com-trash [2012/01/30 00:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/03/06 21:01:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/07/02 20:38:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/12/09 15:09:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012/01/30 00:28:52 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/04/20 23:07:17 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/01/29 16:10:19 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/04/20 23:07:17 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/04/20 23:07:17 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/04/20 23:07:17 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/07/02 17:56:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [YgwDxjia] C:\Users\Eric\AppData\Local\qdiqnjcm\ygwdxjia.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 155.198.142.7 155.198.142.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28F30A1C-9488-42F2-A329-4B76799E8FE7}: DhcpNameServer = 155.198.142.7 155.198.142.8 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\Eric\AppData\Local\qdiqnjcm\ygwdxjia.exe) - File not found O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Eric\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Eric\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/30 17:26:14 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/30 00:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit [2012/01/30 00:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader [2012/01/29 21:15:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2012/01/29 21:15:15 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\tdsskiller.exe [2012/01/29 16:10:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\TempDIR [2012/01/29 10:02:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Eric\Desktop\dds.scr [2012/01/01 15:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX ========== Files - Modified Within 30 Days ========== [2012/01/30 17:27:37 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/30 17:27:37 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/30 17:27:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/30 17:27:25 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012/01/30 17:26:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/01/30 11:58:02 | 000,660,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/01/30 11:58:02 | 000,129,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/01/30 11:51:43 | 000,001,356 | ---- | M] () -- C:\Users\Eric\AppData\Local\d3d9caps.dat [2012/01/30 03:33:08 | 000,242,176 | ---- | M] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/30 00:28:54 | 000,000,876 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk [2012/01/30 00:28:54 | 000,000,852 | ---- | M] () -- C:\Users\Eric\Desktop\Orbit.lnk [2012/01/29 21:15:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2012/01/29 21:15:15 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\tdsskiller.exe [2012/01/29 16:10:24 | 000,000,243 | ---- | M] () -- C:\user.js [2012/01/29 10:02:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Eric\Desktop\dds.scr [2012/01/21 14:16:55 | 000,000,881 | ---- | M] () -- C:\Users\Eric\Desktop\VLC media player.lnk [2012/01/01 15:08:37 | 000,001,397 | ---- | M] () -- C:\Users\Eric\Desktop\DivX Movies.lnk ========== Files Created - No Company Name ========== [2012/01/30 00:28:54 | 000,000,876 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk [2012/01/30 00:28:54 | 000,000,852 | ---- | C] () -- C:\Users\Eric\Desktop\Orbit.lnk [2012/01/29 16:10:24 | 000,000,243 | ---- | C] () -- C:\user.js [2012/01/27 19:29:49 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2012/01/21 14:16:55 | 000,000,881 | ---- | C] () -- C:\Users\Eric\Desktop\VLC media player.lnk [2011/07/10 20:55:31 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat [2011/07/10 20:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Local\Schedule8.dat [2011/07/02 21:18:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/07/02 21:17:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/06/14 15:50:30 | 000,510,976 | ---- | C] () -- C:\Windows\System32\synsoacc.dll [2011/05/31 14:14:53 | 000,000,264 | ---- | C] () -- C:\Windows\_delis32.ini [2011/05/31 14:14:44 | 000,000,632 | ---- | C] () -- C:\Windows\Sofplat.INI [2011/05/13 13:07:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011/04/15 19:50:13 | 000,001,356 | ---- | C] () -- C:\Users\Eric\AppData\Local\d3d9caps.dat [2011/02/28 12:04:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/02/26 16:36:25 | 000,242,176 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/26 15:27:41 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011/02/26 15:27:41 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe [2011/02/26 15:27:41 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini [2011/02/26 15:18:39 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2011/02/26 15:18:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/12 08:21:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/06/25 17:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2008/10/28 16:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008/05/16 05:50:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/05/16 05:50:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/05/16 05:50:44 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/05/16 05:50:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008/03/15 01:55:13 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008/03/15 01:55:13 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008/03/15 01:17:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008/03/15 01:13:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008/03/15 01:09:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/03/15 01:09:29 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008/03/15 01:08:16 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008/03/14 09:48:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007/11/14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007/04/24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 12:47:37 | 000,298,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 10:33:01 | 000,660,578 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 10:33:01 | 000,129,736 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011/04/05 22:23:02 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\.minecraft [2011/02/26 15:37:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Acer [2008/03/15 01:33:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Acer GameZone Console [2011/09/07 20:34:16 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Cocoon Software [2011/06/07 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\cYo [2011/12/25 15:07:25 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Daedb [2011/09/27 01:49:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite [2011/09/22 15:46:55 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Digiarty [2011/07/07 16:14:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DMCache [2011/07/10 20:55:31 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DonationCoder [2011/10/22 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GetRightToGo [2011/12/24 00:37:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GrabPro [2012/01/30 02:38:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Orbit [2011/12/30 18:04:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Philips-Songbird [2011/02/27 21:06:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ProgSense [2011/07/02 20:04:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\QuickScan [2011/09/22 15:57:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SoftDMA [2011/12/08 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Spotify [2011/06/14 15:51:56 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Steinberg [2011/12/31 02:00:40 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Symudem [2011/02/26 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Validity [2012/01/30 17:26:46 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > When it rebooted, I didn't get the message saying that an unknown program wants access, this time. It's looking good, thanks!
  15. Hi Maniac, thanks for helping with this! TDDS log: 21:15:59.0668 4948 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27 21:15:59.0782 4948 ============================================================ 21:15:59.0782 4948 Current date / time: 2012/01/29 21:15:59.0782 21:15:59.0782 4948 SystemInfo: 21:15:59.0782 4948 21:15:59.0782 4948 OS Version: 6.0.6002 ServicePack: 2.0 21:15:59.0782 4948 Product type: Workstation 21:15:59.0782 4948 ComputerName: ERIC-PC 21:15:59.0782 4948 UserName: Eric 21:15:59.0782 4948 Windows directory: C:\Windows 21:15:59.0782 4948 System windows directory: C:\Windows 21:15:59.0782 4948 Processor architecture: Intel x86 21:15:59.0783 4948 Number of processors: 2 21:15:59.0783 4948 Page size: 0x1000 21:15:59.0783 4948 Boot type: Normal boot 21:15:59.0783 4948 ============================================================ 21:16:00.0273 4948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:16:00.0303 4948 Initialize success 21:16:23.0745 2524 ============================================================ 21:16:23.0745 2524 Scan started 21:16:23.0745 2524 Mode: Manual; SigCheck; TDLFS; 21:16:23.0745 2524 ============================================================ 21:16:24.0117 2524 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 21:16:24.0229 2524 ACPI - ok 21:16:24.0289 2524 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 21:16:24.0311 2524 adp94xx - ok 21:16:24.0401 2524 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 21:16:24.0420 2524 adpahci - ok 21:16:24.0450 2524 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 21:16:24.0463 2524 adpu160m - ok 21:16:24.0492 2524 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 21:16:24.0507 2524 adpu320 - ok 21:16:24.0573 2524 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 21:16:24.0658 2524 AFD - ok 21:16:24.0862 2524 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys 21:16:24.0980 2524 AgereSoftModem - ok 21:16:25.0131 2524 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 21:16:25.0143 2524 agp440 - ok 21:16:25.0167 2524 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 21:16:25.0180 2524 aic78xx - ok 21:16:25.0253 2524 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\Windows\system32\drivers\aksfridge.sys 21:16:25.0298 2524 aksfridge - ok 21:16:25.0461 2524 AlfaFF (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys 21:16:25.0517 2524 AlfaFF - ok 21:16:25.0836 2524 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 21:16:25.0849 2524 aliide - ok 21:16:25.0988 2524 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 21:16:26.0001 2524 amdagp - ok 21:16:26.0052 2524 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 21:16:26.0065 2524 amdide - ok 21:16:26.0114 2524 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 21:16:26.0229 2524 AmdK7 - ok 21:16:26.0364 2524 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 21:16:26.0404 2524 AmdK8 - ok 21:16:26.0594 2524 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\APLMp50.sys 21:16:26.0605 2524 APLMp50 - ok 21:16:26.0660 2524 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 21:16:26.0673 2524 arc - ok 21:16:26.0724 2524 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 21:16:26.0736 2524 arcsas - ok 21:16:26.0951 2524 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 21:16:26.0990 2524 AsyncMac - ok 21:16:27.0146 2524 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 21:16:27.0160 2524 atapi - ok 21:16:27.0402 2524 atikmdag (2dc63afb58a1b166cf1d1b5a9f144135) C:\Windows\system32\DRIVERS\atikmdag.sys 21:16:27.0632 2524 atikmdag - ok 21:16:27.0827 2524 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 21:16:27.0837 2524 avgntflt - ok 21:16:27.0853 2524 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 21:16:27.0866 2524 avipbb - ok 21:16:28.0049 2524 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 21:16:28.0124 2524 Beep - ok 21:16:28.0303 2524 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 21:16:28.0340 2524 blbdrive - ok 21:16:28.0383 2524 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 21:16:28.0437 2524 bowser - ok 21:16:28.0560 2524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 21:16:28.0607 2524 BrFiltLo - ok 21:16:28.0627 2524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 21:16:28.0686 2524 BrFiltUp - ok 21:16:28.0758 2524 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 21:16:28.0940 2524 Brserid - ok 21:16:29.0070 2524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 21:16:29.0155 2524 BrSerWdm - ok 21:16:29.0191 2524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 21:16:29.0248 2524 BrUsbMdm - ok 21:16:29.0265 2524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 21:16:29.0340 2524 BrUsbSer - ok 21:16:29.0491 2524 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 21:16:29.0547 2524 BthEnum - ok 21:16:29.0709 2524 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 21:16:29.0774 2524 BTHMODEM - ok 21:16:29.0825 2524 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 21:16:29.0895 2524 BthPan - ok 21:16:30.0056 2524 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 21:16:30.0111 2524 BthPort - ok 21:16:30.0253 2524 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 21:16:30.0297 2524 BTHUSB - ok 21:16:30.0453 2524 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys 21:16:30.0465 2524 btwaudio - ok 21:16:30.0648 2524 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys 21:16:30.0659 2524 btwavdt - ok 21:16:30.0709 2524 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys 21:16:30.0718 2524 btwrchid - ok 21:16:30.0861 2524 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 21:16:30.0905 2524 cdfs - ok 21:16:31.0034 2524 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 21:16:31.0070 2524 cdrom - ok 21:16:31.0107 2524 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 21:16:31.0180 2524 circlass - ok 21:16:31.0246 2524 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 21:16:31.0264 2524 CLFS - ok 21:16:31.0461 2524 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 21:16:31.0506 2524 CmBatt - ok 21:16:31.0576 2524 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 21:16:31.0589 2524 cmdide - ok 21:16:31.0671 2524 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 21:16:31.0682 2524 Compbatt - ok 21:16:31.0697 2524 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 21:16:31.0709 2524 crcdisk - ok 21:16:31.0735 2524 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 21:16:31.0784 2524 Crusoe - ok 21:16:32.0019 2524 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 21:16:32.0087 2524 DfsC - ok 21:16:32.0253 2524 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 21:16:32.0267 2524 disk - ok 21:16:32.0331 2524 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 21:16:32.0341 2524 DKbFltr - ok 21:16:32.0483 2524 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys 21:16:32.0493 2524 DritekPortIO - ok 21:16:32.0625 2524 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 21:16:32.0670 2524 drmkaud - ok 21:16:32.0913 2524 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 21:16:32.0926 2524 dtsoftbus01 - ok 21:16:32.0975 2524 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 21:16:33.0006 2524 DXGKrnl - ok 21:16:33.0087 2524 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 21:16:33.0131 2524 E1G60 - ok 21:16:33.0347 2524 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 21:16:33.0363 2524 Ecache - ok 21:16:33.0548 2524 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 21:16:33.0568 2524 elxstor - ok 21:16:33.0607 2524 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 21:16:33.0663 2524 ErrDev - ok 21:16:33.0788 2524 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 21:16:33.0860 2524 exfat - ok 21:16:34.0006 2524 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 21:16:34.0065 2524 fastfat - ok 21:16:34.0261 2524 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 21:16:34.0301 2524 fdc - ok 21:16:34.0358 2524 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 21:16:34.0372 2524 FileInfo - ok 21:16:34.0399 2524 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 21:16:34.0447 2524 Filetrace - ok 21:16:34.0480 2524 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 21:16:34.0527 2524 flpydisk - ok 21:16:34.0685 2524 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 21:16:34.0701 2524 FltMgr - ok 21:16:34.0866 2524 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 21:16:34.0941 2524 Fs_Rec - ok 21:16:34.0980 2524 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 21:16:34.0993 2524 gagp30kx - ok 21:16:35.0063 2524 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys 21:16:35.0073 2524 GEARAspiWDM - ok 21:16:35.0233 2524 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys 21:16:35.0297 2524 hardlock - ok 21:16:35.0492 2524 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 21:16:35.0540 2524 HdAudAddService - ok 21:16:35.0581 2524 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:16:35.0615 2524 HDAudBus - ok 21:16:35.0649 2524 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 21:16:35.0753 2524 HidBth - ok 21:16:35.0800 2524 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 21:16:35.0833 2524 HidIr - ok 21:16:35.0851 2524 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 21:16:35.0906 2524 HidUsb - ok 21:16:35.0940 2524 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 21:16:35.0951 2524 HpCISSs - ok 21:16:36.0003 2524 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 21:16:36.0103 2524 HTTP - ok 21:16:36.0224 2524 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 21:16:36.0237 2524 i2omp - ok 21:16:36.0306 2524 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 21:16:36.0376 2524 i8042prt - ok 21:16:36.0411 2524 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys 21:16:36.0425 2524 iaStor - ok 21:16:36.0452 2524 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 21:16:36.0467 2524 iaStorV - ok 21:16:36.0503 2524 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 21:16:36.0514 2524 iirsp - ok 21:16:36.0575 2524 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys 21:16:36.0584 2524 int15 - ok 21:16:36.0685 2524 IntcAzAudAddService (4de88b49c891f45cd9ea6d83a341d3e3) C:\Windows\system32\drivers\RTKVHDA.sys 21:16:36.0812 2524 IntcAzAudAddService - ok 21:16:36.0984 2524 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 21:16:36.0996 2524 intelide - ok 21:16:37.0057 2524 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 21:16:37.0094 2524 intelppm - ok 21:16:37.0115 2524 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:16:37.0145 2524 IpFilterDriver - ok 21:16:37.0159 2524 IpInIp - ok 21:16:37.0184 2524 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 21:16:37.0232 2524 IPMIDRV - ok 21:16:37.0255 2524 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 21:16:37.0286 2524 IPNAT - ok 21:16:37.0310 2524 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 21:16:37.0347 2524 IRENUM - ok 21:16:37.0379 2524 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 21:16:37.0391 2524 isapnp - ok 21:16:37.0446 2524 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 21:16:37.0462 2524 iScsiPrt - ok 21:16:37.0503 2524 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 21:16:37.0515 2524 iteatapi - ok 21:16:37.0538 2524 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys 21:16:37.0564 2524 itecir - ok 21:16:37.0583 2524 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 21:16:37.0595 2524 iteraid - ok 21:16:37.0617 2524 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 21:16:37.0629 2524 kbdclass - ok 21:16:37.0659 2524 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 21:16:37.0701 2524 kbdhid - ok 21:16:37.0760 2524 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 21:16:37.0784 2524 KSecDD - ok 21:16:37.0884 2524 L1E (a611c063a83f77533c1217ecc455a094) C:\Windows\system32\DRIVERS\L1E60x86.sys 21:16:37.0958 2524 L1E - ok 21:16:38.0118 2524 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 21:16:38.0169 2524 lltdio - ok 21:16:38.0212 2524 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 21:16:38.0225 2524 LSI_FC - ok 21:16:38.0250 2524 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 21:16:38.0262 2524 LSI_SAS - ok 21:16:38.0389 2524 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 21:16:38.0402 2524 LSI_SCSI - ok 21:16:38.0479 2524 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 21:16:38.0516 2524 luafv - ok 21:16:38.0666 2524 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 21:16:38.0678 2524 megasas - ok 21:16:38.0761 2524 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 21:16:38.0782 2524 MegaSR - ok 21:16:38.0863 2524 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 21:16:38.0900 2524 Modem - ok 21:16:38.0922 2524 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 21:16:38.0977 2524 monitor - ok 21:16:39.0007 2524 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 21:16:39.0019 2524 mouclass - ok 21:16:39.0043 2524 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 21:16:39.0093 2524 mouhid - ok 21:16:39.0128 2524 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 21:16:39.0141 2524 MountMgr - ok 21:16:39.0193 2524 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 21:16:39.0206 2524 mpio - ok 21:16:39.0230 2524 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 21:16:39.0271 2524 mpsdrv - ok 21:16:39.0320 2524 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 21:16:39.0332 2524 Mraid35x - ok 21:16:39.0380 2524 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 21:16:39.0424 2524 MRxDAV - ok 21:16:39.0480 2524 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:16:39.0519 2524 mrxsmb - ok 21:16:39.0555 2524 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:16:39.0588 2524 mrxsmb10 - ok 21:16:39.0640 2524 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:16:39.0667 2524 mrxsmb20 - ok 21:16:39.0706 2524 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 21:16:39.0717 2524 msahci - ok 21:16:39.0741 2524 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 21:16:39.0754 2524 msdsm - ok 21:16:39.0775 2524 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 21:16:39.0819 2524 Msfs - ok 21:16:39.0979 2524 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 21:16:39.0991 2524 msisadrv - ok 21:16:40.0061 2524 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 21:16:40.0102 2524 MSKSSRV - ok 21:16:40.0255 2524 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 21:16:40.0284 2524 MSPCLOCK - ok 21:16:40.0358 2524 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 21:16:40.0395 2524 MSPQM - ok 21:16:40.0472 2524 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 21:16:40.0497 2524 MsRPC - ok 21:16:40.0524 2524 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 21:16:40.0537 2524 mssmbios - ok 21:16:40.0588 2524 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 21:16:40.0637 2524 MSTEE - ok 21:16:40.0774 2524 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 21:16:40.0788 2524 Mup - ok 21:16:40.0851 2524 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 21:16:40.0888 2524 NativeWifiP - ok 21:16:40.0964 2524 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 21:16:40.0988 2524 NDIS - ok 21:16:41.0032 2524 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 21:16:41.0065 2524 NdisTapi - ok 21:16:41.0147 2524 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 21:16:41.0176 2524 Ndisuio - ok 21:16:41.0255 2524 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 21:16:41.0280 2524 NdisWan - ok 21:16:41.0294 2524 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 21:16:41.0333 2524 NDProxy - ok 21:16:41.0351 2524 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 21:16:41.0388 2524 NetBIOS - ok 21:16:41.0437 2524 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 21:16:41.0486 2524 netbt - ok 21:16:41.0749 2524 NETw4v32 (caaea35dae7f4c19db05481dac22c2ba) C:\Windows\system32\DRIVERS\NETw4v32.sys 21:16:41.0918 2524 NETw4v32 - ok 21:16:42.0049 2524 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 21:16:42.0061 2524 nfrd960 - ok 21:16:42.0142 2524 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys 21:16:42.0155 2524 NPF - ok 21:16:42.0213 2524 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 21:16:42.0258 2524 Npfs - ok 21:16:42.0301 2524 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 21:16:42.0330 2524 nsiproxy - ok 21:16:42.0398 2524 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 21:16:42.0489 2524 Ntfs - ok 21:16:42.0627 2524 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys 21:16:42.0636 2524 NTIDrvr - ok 21:16:42.0882 2524 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys 21:16:42.0910 2524 NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning 21:16:42.0910 2524 NTIPPKernel - detected UnsignedFile.Multi.Generic (1) 21:16:43.0046 2524 ntk_PowerDVD (170ee229d4def31dbe95348c9a88fe74) C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys 21:16:43.0057 2524 ntk_PowerDVD - ok 21:16:43.0196 2524 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 21:16:43.0244 2524 ntrigdigi - ok 21:16:43.0269 2524 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 21:16:43.0321 2524 Null - ok 21:16:43.0349 2524 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 21:16:43.0361 2524 nvraid - ok 21:16:43.0388 2524 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 21:16:43.0400 2524 nvstor - ok 21:16:43.0429 2524 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 21:16:43.0442 2524 nv_agp - ok 21:16:43.0474 2524 NwlnkFlt - ok 21:16:43.0485 2524 NwlnkFwd - ok 21:16:43.0547 2524 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 21:16:43.0621 2524 ohci1394 - ok 21:16:43.0776 2524 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 21:16:43.0852 2524 Parport - ok 21:16:43.0895 2524 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 21:16:43.0909 2524 partmgr - ok 21:16:43.0949 2524 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 21:16:44.0002 2524 Parvdm - ok 21:16:44.0041 2524 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 21:16:44.0058 2524 pci - ok 21:16:44.0102 2524 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 21:16:44.0114 2524 pciide - ok 21:16:44.0146 2524 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 21:16:44.0159 2524 pcmcia - ok 21:16:44.0219 2524 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 21:16:44.0289 2524 PEAUTH - ok 21:16:44.0357 2524 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 21:16:44.0404 2524 PptpMiniport - ok 21:16:44.0424 2524 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 21:16:44.0452 2524 Processor - ok 21:16:44.0509 2524 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 21:16:44.0548 2524 PSched - ok 21:16:44.0613 2524 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys 21:16:44.0623 2524 PSDFilter - ok 21:16:44.0645 2524 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys 21:16:44.0655 2524 PSDNServ - ok 21:16:44.0676 2524 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys 21:16:44.0686 2524 psdvdisk - ok 21:16:44.0825 2524 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 21:16:44.0874 2524 ql2300 - ok 21:16:45.0042 2524 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 21:16:45.0055 2524 ql40xx - ok 21:16:45.0079 2524 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 21:16:45.0150 2524 QWAVEdrv - ok 21:16:45.0176 2524 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 21:16:45.0220 2524 RasAcd - ok 21:16:45.0251 2524 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:16:45.0281 2524 Rasl2tp - ok 21:16:45.0330 2524 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 21:16:45.0361 2524 RasPppoe - ok 21:16:45.0392 2524 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 21:16:45.0437 2524 RasSstp - ok 21:16:45.0487 2524 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 21:16:45.0513 2524 rdbss - ok 21:16:45.0537 2524 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:16:45.0577 2524 RDPCDD - ok 21:16:45.0601 2524 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 21:16:45.0633 2524 rdpdr - ok 21:16:45.0644 2524 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 21:16:45.0679 2524 RDPENCDD - ok 21:16:45.0728 2524 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 21:16:45.0760 2524 RDPWD - ok 21:16:45.0831 2524 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 21:16:45.0879 2524 RFCOMM - ok 21:16:45.0916 2524 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 21:16:45.0945 2524 rspndr - ok 21:16:45.0992 2524 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 21:16:46.0006 2524 sbp2port - ok 21:16:46.0045 2524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 21:16:46.0111 2524 secdrv - ok 21:16:46.0143 2524 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 21:16:46.0205 2524 Serenum - ok 21:16:46.0230 2524 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 21:16:46.0298 2524 Serial - ok 21:16:46.0325 2524 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 21:16:46.0354 2524 sermouse - ok 21:16:46.0398 2524 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 21:16:46.0420 2524 sffdisk - ok 21:16:46.0442 2524 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 21:16:46.0479 2524 sffp_mmc - ok 21:16:46.0497 2524 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 21:16:46.0525 2524 sffp_sd - ok 21:16:46.0556 2524 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 21:16:46.0626 2524 sfloppy - ok 21:16:46.0684 2524 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 21:16:46.0696 2524 sisagp - ok 21:16:46.0724 2524 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 21:16:46.0738 2524 SiSRaid2 - ok 21:16:46.0777 2524 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 21:16:46.0789 2524 SiSRaid4 - ok 21:16:46.0851 2524 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 21:16:46.0891 2524 Smb - ok 21:16:46.0924 2524 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 21:16:46.0941 2524 spldr - ok 21:16:46.0977 2524 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 21:16:47.0028 2524 srv - ok 21:16:47.0076 2524 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 21:16:47.0139 2524 srv2 - ok 21:16:47.0192 2524 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 21:16:47.0229 2524 srvnet - ok 21:16:47.0274 2524 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 21:16:47.0285 2524 ssmdrv - ok 21:16:47.0349 2524 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 21:16:47.0361 2524 swenum - ok 21:16:47.0392 2524 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 21:16:47.0404 2524 Symc8xx - ok 21:16:47.0429 2524 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 21:16:47.0440 2524 Sym_hi - ok 21:16:47.0462 2524 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 21:16:47.0473 2524 Sym_u3 - ok 21:16:47.0577 2524 SynTP (93d33a3a0a4516584a1394c7821bae2e) C:\Windows\system32\DRIVERS\SynTP.sys 21:16:47.0590 2524 SynTP - ok 21:16:47.0665 2524 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 21:16:47.0703 2524 Tcpip - ok 21:16:47.0742 2524 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 21:16:47.0793 2524 Tcpip6 - ok 21:16:47.0826 2524 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 21:16:47.0854 2524 tcpipreg - ok 21:16:47.0901 2524 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 21:16:47.0929 2524 TDPIPE - ok 21:16:48.0010 2524 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 21:16:48.0039 2524 TDTCP - ok 21:16:48.0075 2524 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 21:16:48.0118 2524 tdx - ok 21:16:48.0165 2524 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 21:16:48.0178 2524 TermDD - ok 21:16:48.0250 2524 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:16:48.0290 2524 tssecsrv - ok 21:16:48.0480 2524 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 21:16:48.0520 2524 tunmp - ok 21:16:48.0555 2524 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 21:16:48.0595 2524 tunnel - ok 21:16:48.0664 2524 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 21:16:48.0677 2524 uagp35 - ok 21:16:48.0699 2524 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys 21:16:48.0726 2524 UBHelper - ok 21:16:48.0769 2524 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 21:16:48.0796 2524 udfs - ok 21:16:48.0829 2524 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 21:16:48.0841 2524 uliagpkx - ok 21:16:48.0866 2524 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 21:16:48.0881 2524 uliahci - ok 21:16:48.0908 2524 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 21:16:48.0921 2524 UlSata - ok 21:16:48.0950 2524 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 21:16:48.0963 2524 ulsata2 - ok 21:16:48.0995 2524 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 21:16:49.0032 2524 umbus - ok 21:16:49.0073 2524 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 21:16:49.0112 2524 usbccgp - ok 21:16:49.0145 2524 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 21:16:49.0206 2524 usbcir - ok 21:16:49.0303 2524 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 21:16:49.0339 2524 usbehci - ok 21:16:49.0490 2524 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 21:16:49.0538 2524 usbhub - ok 21:16:49.0568 2524 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 21:16:49.0615 2524 usbohci - ok 21:16:49.0644 2524 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 21:16:49.0690 2524 usbprint - ok 21:16:49.0738 2524 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:16:49.0774 2524 USBSTOR - ok 21:16:49.0803 2524 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 21:16:49.0827 2524 usbuhci - ok 21:16:49.0884 2524 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 21:16:49.0929 2524 usbvideo - ok 21:16:50.0058 2524 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys 21:16:50.0101 2524 VClone - ok 21:16:50.0274 2524 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys 21:16:50.0284 2524 vfs101x - ok 21:16:50.0318 2524 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 21:16:50.0363 2524 vga - ok 21:16:50.0382 2524 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 21:16:50.0428 2524 VgaSave - ok 21:16:50.0465 2524 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 21:16:50.0476 2524 viaagp - ok 21:16:50.0504 2524 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 21:16:50.0532 2524 ViaC7 - ok 21:16:50.0552 2524 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 21:16:50.0563 2524 viaide - ok 21:16:50.0587 2524 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 21:16:50.0599 2524 volmgr - ok 21:16:50.0647 2524 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 21:16:50.0664 2524 volmgrx - ok 21:16:50.0697 2524 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 21:16:50.0714 2524 volsnap - ok 21:16:50.0770 2524 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 21:16:50.0783 2524 vsmraid - ok 21:16:50.0822 2524 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 21:16:50.0870 2524 WacomPen - ok 21:16:50.0922 2524 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 21:16:50.0946 2524 Wanarp - ok 21:16:50.0950 2524 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 21:16:50.0976 2524 Wanarpv6 - ok 21:16:51.0004 2524 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 21:16:51.0015 2524 Wd - ok 21:16:51.0045 2524 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 21:16:51.0069 2524 Wdf01000 - ok 21:16:51.0158 2524 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:16:51.0211 2524 WmiAcpi - ok 21:16:51.0281 2524 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 21:16:51.0321 2524 WpdUsb - ok 21:16:51.0367 2524 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 21:16:51.0415 2524 ws2ifsl - ok 21:16:51.0574 2524 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:16:51.0617 2524 WUDFRd - ok 21:16:51.0816 2524 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (3cb263cf60b253bead6e0205e1fa5669) C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl 21:16:51.0826 2524 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok 21:16:51.0905 2524 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 21:16:51.0915 2524 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok 21:16:51.0969 2524 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 21:16:52.0120 2524 \Device\Harddisk0\DR0 - ok 21:16:52.0125 2524 Boot (0x1200) (1f697a32c8858c96fd4ada8ad5e2baf5) \Device\Harddisk0\DR0\Partition0 21:16:52.0126 2524 \Device\Harddisk0\DR0\Partition0 - ok 21:16:52.0129 2524 ============================================================ 21:16:52.0129 2524 Scan finished 21:16:52.0129 2524 ============================================================ 21:16:52.0145 0544 Detected object count: 1 21:16:52.0145 0544 Actual detected object count: 1 21:17:25.0054 0544 NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user 21:17:25.0054 0544 NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:17:38.0775 2816 Deinitialize success The OTL and Extras are attached as text, sorry, as I got a message telling me the full contents are too long to post. OTL.Txt Extras.Txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.