Jump to content

JaredMiles

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

Reputation

0 Neutral

About JaredMiles

  • Birthday 12/28/1993

Profile Information

  • Location
    Plymouth
  • Interests
    Football
  1. JaredMiles
    Thanks for all your help, support and advise. You can now close this thread
  2. JaredMiles
    No worry's and kk thank you. I work at a computer shop myself fixing computers but I, my work colleagues or any of my bosses knew what it was and had never heard of it so didn't know exactly what it was or what it did to be honest. I use things like ebay and amazon so just wanted to be on the safe side and didn't want it getting hold of my card details. Here are the logs: OTL Extras logfile created on: 21/02/2012 13:03:04 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jared\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.68 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 71.90% Memory free 11.36 Gb Paging File | 9.64 Gb Available in Paging File | 84.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 583.07 Gb Total Space | 388.80 Gb Free Space | 66.68% Space Free | Partition Type: NTFS Drive E: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 1.95 Gb Total Space | 1.26 Gb Free Space | 64.38% Space Free | Partition Type: FAT Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0 "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Blender" = Blender "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12 "DAEMON Tools Pro" = DAEMON Tools Pro "Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009) "Football Manager 2012_is1" = Football Manager 2012 "GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online "Identity Card" = Identity Card "ImgBurn" = ImgBurn "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Unity" = Unity "WinFF_is1" = WinFF 1.4.0 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06/02/2012 20:43:25 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 06/02/2012 20:43:28 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 06/02/2012 20:43:52 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 08/02/2012 05:27:19 | Computer Name = Jared-PC | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error - 08/02/2012 05:53:45 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 08/02/2012 05:54:02 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 08/02/2012 05:54:29 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 09/02/2012 23:13:47 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 09/02/2012 23:13:49 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 09/02/2012 23:14:14 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. [ System Events ] Error - 15/02/2012 03:41:30 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = Error - 15/02/2012 03:42:20 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1899.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 15/02/2012 04:05:27 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = Error - 15/02/2012 04:41:21 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = Error - 15/02/2012 05:17:22 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = Error - 15/02/2012 05:41:27 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = Error - 15/02/2012 06:17:30 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = Error - 15/02/2012 06:48:26 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = Error - 15/02/2012 07:24:26 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = Error - 15/02/2012 07:48:30 | Computer Name = Jared-PC | Source = bowser | ID = 8003 Description = < End of report > OTL logfile created on: 21/02/2012 13:03:04 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jared\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.68 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 71.90% Memory free 11.36 Gb Paging File | 9.64 Gb Available in Paging File | 84.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 583.07 Gb Total Space | 388.80 Gb Free Space | 66.68% Space Free | Partition Type: NTFS Drive E: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 1.95 Gb Total Space | 1.26 Gb Free Space | 64.38% Space Free | Partition Type: FAT Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe PRC - [2012/01/31 02:22:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/08/17 07:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2010/08/10 09:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/08/10 09:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/06/28 22:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010/05/27 02:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/04/13 16:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/03/11 05:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010/03/11 05:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012/02/15 07:39:09 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e940e77e2e8cfd51f723acc172afeeef\IAStorUtil.ni.dll MOD - [2012/02/15 07:31:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 07:30:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/02/15 07:30:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/02/15 07:29:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012/02/15 07:29:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 07:29:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 07:29:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/02/14 01:47:02 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/02/14 01:47:02 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2012/02/14 01:47:02 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/02/14 01:47:02 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2012/02/14 01:47:02 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll MOD - [2011/12/27 04:18:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/06/28 22:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE MOD - [2009/05/20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/12/27 21:21:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/05/27 02:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/01/31 02:06:31 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/10/21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/07/09 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010/06/21 09:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/06/17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/06/03 19:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/05/15 12:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2010/04/20 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010/04/13 16:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/04/13 10:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/02/26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/03 02:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/03 02:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/03 02:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012/02/21 12:57:44 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4251CC2E-A86B-4BA7-A639-48F36B59C8B6}\MpKslc1d9217a.sys -- (MpKslc1d9217a) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2011/12/27 13:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions [2011/12/27 13:20:43 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011/12/27 13:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: WinZip Courier (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\wzwmcgc.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: WinZip Courier = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\ O1 HOSTS File: ([2012/02/06 00:23:50 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 139.222.131.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/10/31 14:16:33 | 000,000,069 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/15 03:00:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/15 03:00:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/15 03:00:51 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/02/15 03:00:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/15 03:00:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/15 03:00:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/15 03:00:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/02/15 03:00:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/02/15 03:00:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/15 03:00:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/02/15 03:00:47 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/02/15 02:41:26 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/15 02:41:25 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/15 02:41:25 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/15 02:41:21 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/06 00:23:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/05 16:29:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe [2012/02/05 15:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Test Success - All Tests (2009) [2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Driving Test Success [2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driving Test Success - All Tests (2009) [2012/02/05 00:31:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/02/04 11:27:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/02/03 17:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/02/03 17:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/02/03 17:03:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/02/03 16:59:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/02/02 23:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab [2012/02/02 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\PlayFirst [2012/02/02 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\My Games [2012/02/01 00:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Chromium [2012/02/01 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\SKIDROW [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Sports Interactive [2012/01/31 23:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA [2012/01/31 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA [2012/01/31 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Football.Manager.2012-SKIDROW [2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012/01/31 02:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/01/31 02:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro [2012/01/31 02:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro [2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012/01/28 23:33:38 | 000,064,000 | ---- | C] (Valve Corporation) -- C:\Windows\SysWow64\steam_api.dll [2012/01/28 23:29:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_41.dll [2012/01/28 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\WinZip [2012/01/28 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\WinZip [2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC [2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Courier [2012/01/28 23:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Courier [2012/01/28 23:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012/01/28 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012/01/28 23:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2012/01/28 23:01:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\ImgBurn [2012/01/28 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012/01/28 22:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012/01/28 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\Jared\Tracing [2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012/01/27 15:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ ========== Files - Modified Within 30 Days ========== [2012/02/21 12:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job [2012/02/21 12:27:25 | 000,730,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/21 12:27:25 | 000,631,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/21 12:27:25 | 000,111,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/21 06:11:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/21 06:11:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/20 22:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job [2012/02/19 23:23:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/19 20:52:35 | 277,905,407 | -HS- | M] () -- C:\hiberfil.sys [2012/02/17 02:42:21 | 000,002,405 | ---- | M] () -- C:\Users\Jared\Desktop\Google Chrome.lnk [2012/02/15 07:28:41 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/15 03:06:53 | 000,738,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/02/07 22:48:26 | 000,139,264 | ---- | M] () -- C:\Users\Jared\Desktop\SystemLook.exe [2012/02/06 00:23:50 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe [2012/02/05 15:19:54 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk [2012/02/03 00:19:54 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/31 23:11:49 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk [2012/01/31 02:06:31 | 000,526,392 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2012/01/28 22:56:03 | 000,001,897 | ---- | M] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2012/01/28 22:56:03 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk ========== Files Created - No Company Name ========== [2012/02/07 23:01:20 | 000,139,264 | ---- | C] () -- C:\Users\Jared\Desktop\SystemLook.exe [2012/02/05 23:49:28 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012/02/05 15:19:54 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk [2012/02/03 17:03:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/02/03 17:03:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/02/03 17:03:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/02/03 17:03:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/02/03 17:03:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/02/03 00:19:54 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/31 23:11:49 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk [2012/01/31 02:22:34 | 000,000,921 | ---- | C] () -- C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk [2012/01/31 02:06:29 | 000,526,392 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2012/01/28 22:56:03 | 000,001,897 | ---- | C] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2012/01/28 22:56:03 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/01/08 15:53:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/12/28 01:48:12 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011/12/27 04:42:05 | 000,738,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/21 17:27:54 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/10/21 17:27:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/10/21 17:27:54 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/08/30 08:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010/08/30 08:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/05/30 04:42:00 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2009/03/12 01:01:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll < End of report >
  3. JaredMiles
    it's fixed meaning it's not there not it's not gone meaning it hasn't been deleted
  4. JaredMiles
    ye it has worked I still have this isearch.whitesmoke though so how can i get rid of it for good?
  5. JaredMiles
    Ye I'm still here... Sorry my internet cut out but is back up now. Here are the logs ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Unable to fix default_search_provider items. Unable to fix default_search_provider items. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.31.0 log created on 02142012_014540 OTL logfile created on: 14/02/2012 02:01:39 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jared\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.68 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 71.18% Memory free 11.36 Gb Paging File | 9.60 Gb Available in Paging File | 84.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 583.07 Gb Total Space | 393.82 Gb Free Space | 67.54% Space Free | Partition Type: NTFS Drive E: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe PRC - [2012/01/31 02:22:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011/08/17 07:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/08/10 09:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/08/10 09:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/06/28 22:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010/05/27 02:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/04/13 16:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/03/11 05:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010/03/11 05:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012/02/14 01:47:02 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/02/14 01:47:02 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2012/02/14 01:47:02 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/02/14 01:47:02 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2012/02/14 01:47:02 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll MOD - [2012/01/20 05:35:35 | 000,411,120 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll MOD - [2012/01/20 05:35:34 | 003,767,792 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll MOD - [2012/01/20 05:34:10 | 000,122,880 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll MOD - [2012/01/20 05:34:09 | 000,222,208 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll MOD - [2012/01/20 05:34:07 | 001,746,432 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll MOD - [2012/01/02 01:04:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011/12/27 04:22:35 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4c06d1921304530c04615a2edd127484\IAStorUtil.ni.dll MOD - [2011/12/27 04:19:19 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011/12/27 04:19:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011/12/27 04:18:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011/12/27 04:18:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011/12/27 04:18:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011/12/27 04:18:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011/12/27 04:18:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2010/06/28 22:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009/05/20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/12/27 21:21:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/05/27 02:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/01/31 02:06:31 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/10/21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/07/09 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010/06/21 09:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/06/17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/06/03 19:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/05/15 12:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2010/04/20 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010/04/13 16:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/04/13 10:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/02/26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/03 02:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/03 02:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/03 02:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2011/12/27 13:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions [2011/12/27 13:20:43 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011/12/27 13:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: WhiteSmoke Search (Enabled) CHR - default_search_provider: search_url = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jared\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: WinZip Courier = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\ O1 HOSTS File: ([2012/02/06 00:23:50 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 139.222.131.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/10/31 14:16:33 | 000,000,069 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/06 00:23:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/05 16:29:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe [2012/02/05 15:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Test Success - All Tests (2009) [2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Driving Test Success [2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driving Test Success - All Tests (2009) [2012/02/05 00:31:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/02/04 11:27:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/02/03 17:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/02/03 17:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/02/03 17:03:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/02/03 16:59:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/02/02 23:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab [2012/02/02 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\PlayFirst [2012/02/02 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\My Games [2012/02/01 00:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Chromium [2012/02/01 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\SKIDROW [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Sports Interactive [2012/01/31 23:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA [2012/01/31 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA [2012/01/31 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Football.Manager.2012-SKIDROW [2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012/01/31 02:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/01/31 02:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro [2012/01/31 02:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro [2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012/01/28 23:33:38 | 000,064,000 | ---- | C] (Valve Corporation) -- C:\Windows\SysWow64\steam_api.dll [2012/01/28 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\WinZip [2012/01/28 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\WinZip [2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC [2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Courier [2012/01/28 23:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Courier [2012/01/28 23:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012/01/28 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012/01/28 23:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2012/01/28 23:01:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\ImgBurn [2012/01/28 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012/01/28 22:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012/01/28 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\Jared\Tracing [2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012/01/27 15:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012/01/19 12:40:44 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Microsoft Help [2012/01/19 12:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help ========== Files - Modified Within 30 Days ========== [2012/02/14 02:01:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/14 02:01:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/14 01:53:34 | 000,730,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/14 01:53:34 | 000,631,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/14 01:53:34 | 000,111,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/14 01:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/14 01:46:10 | 277,905,407 | -HS- | M] () -- C:\hiberfil.sys [2012/02/14 01:26:42 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job [2012/02/12 22:41:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job [2012/02/08 01:26:25 | 065,721,766 | ---- | M] () -- C:\Users\Jared\Documents\The.Hills.Have.Eyes.II.2007.UNRATED.BrRip.500MB.avi [2012/02/07 22:48:26 | 000,139,264 | ---- | M] () -- C:\Users\Jared\Desktop\SystemLook.exe [2012/02/06 00:23:50 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe [2012/02/05 15:19:54 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk [2012/02/03 00:19:54 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/31 23:11:49 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk [2012/01/31 02:06:31 | 000,526,392 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2012/01/28 22:56:03 | 000,001,897 | ---- | M] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2012/01/28 22:56:03 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/01/26 12:47:25 | 000,002,405 | ---- | M] () -- C:\Users\Jared\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012/02/08 01:24:06 | 065,721,766 | ---- | C] () -- C:\Users\Jared\Documents\The.Hills.Have.Eyes.II.2007.UNRATED.BrRip.500MB.avi [2012/02/07 23:01:20 | 000,139,264 | ---- | C] () -- C:\Users\Jared\Desktop\SystemLook.exe [2012/02/05 23:49:28 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012/02/05 15:19:54 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk [2012/02/03 17:03:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/02/03 17:03:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/02/03 17:03:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/02/03 17:03:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/02/03 17:03:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/02/03 00:19:54 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/31 23:11:49 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk [2012/01/31 02:22:34 | 000,000,921 | ---- | C] () -- C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk [2012/01/31 02:06:29 | 000,526,392 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2012/01/28 22:56:03 | 000,001,897 | ---- | C] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2012/01/28 22:56:03 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/01/08 15:53:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/12/28 01:48:12 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011/12/27 04:42:05 | 000,738,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/21 17:27:54 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/10/21 17:27:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/10/21 17:27:54 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/08/30 08:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010/08/30 08:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/05/30 04:42:00 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2009/03/12 01:01:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll ========== LOP Check ========== [2012/01/30 00:13:02 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Applian FLV and Media Player [2011/12/27 11:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Blender Foundation [2012/02/02 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro [2011/12/28 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\DriverCure [2012/02/07 00:16:48 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\ImgBurn [2012/01/08 15:53:53 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Leawo [2011/12/27 06:02:50 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PACE Anti-Piracy [2011/12/28 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PC Unleashed Online [2012/02/02 22:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PlayFirst [2012/02/14 01:37:36 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\SoftGrid Client [2011/12/26 23:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\SpinTop [2012/02/03 02:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Sports Interactive [2012/01/08 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\tiger-k [2012/01/05 16:31:32 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\TP [2011/12/27 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Unity [2012/02/08 01:25:50 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinFF [2012/01/28 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinZip [2012/01/07 17:35:51 | 000,022,954 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  6. JaredMiles
    Ye thats cool good luck
  7. JaredMiles
    Now when I open up chrome it loads up google like it should but it automatically opens up a tab at the same time which is isearch.whitesmoke.com
  8. JaredMiles
    I downloaded a few things before like ITunes, malwarebytes, win FF and things like that but when iv'e downloaded things like that I do it one big go. Almost like I have a list, I don't in case your wondering so most of it was all within a small period of time then after a couple of days it popped up. At first I thought nothing off it because when you download things they always asks to set up this and that with toolbars ect. I went on a week or so and then thought hang on it keeps reinstalling itself onto my computer and I have no toolbars and things installed as I uninstalled any toolbars I had on IE as I keep none on Chrome. That came to of no avail so researched into what it is then came here. What free software/ Programme would have got this virus type thing?
  9. JaredMiles
    I opened IE and looked in the opening page bit and isearch.whitesmoke was there so I deleted it. I then did the test as normal with everything off other then system look, I then did it with whitesmoke in the search browser and both said the same. SystemLook 30.07.11 by jpshortstuff Log created at 23:00 on 07/02/2012 by Jared Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== regfind ========== Searching for "WhiteSmoke" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] "DisplayName"="WhiteSmoke Search" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] "URL"="http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl] "Default"="http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860" [HKEY_USERS\S-1-5-21-2548204430-3489653281-3508443478-1000\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860" ========== filefind ========== Searching for "*WhiteSmoke*" No files found. ========== folderfind ========== Searching for "WhiteSmoke" No folders found. -= EOF =- Not sure what is going on with it, but thanks for your help so far Really appreciate it.
  10. JaredMiles
    I have already got it as my default search engine and got google as my default search browser. I know all that stuff, but when I open up a tab in Chrome then go an type something in the search bar isearch.whitesmoke comes up. It only comes up though if i type in something that is not the whole address of the website. For instance if I typed in www.facebook.com then facebook would come up with no isearch, but if I only typed in facebook then it would. Do you understand what I mean?
  11. JaredMiles
    This is Chrome. I don't use IE
  12. JaredMiles
    All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. ADS C:\ProgramData\Temp:92EB0F35 deleted successfully. ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully. ADS C:\ProgramData\Temp:CDFF58FE deleted successfully. ADS C:\ProgramData\Temp:4D066AD2 deleted successfully. ADS C:\ProgramData\Temp:93EB7685 deleted successfully. ADS C:\ProgramData\Temp:E1F04E8D deleted successfully. ADS C:\ProgramData\Temp:E36F5B57 deleted successfully. ADS C:\ProgramData\Temp:1A60DE96 deleted successfully. ADS C:\ProgramData\Temp:E3C56885 deleted successfully. ADS C:\ProgramData\Temp:0B9176C0 deleted successfully. ADS C:\ProgramData\Temp:798A3728 deleted successfully. ADS C:\ProgramData\Microsoft:cHNCBpWF477tL6UkfKRlr deleted successfully. ADS C:\ProgramData\Temp:CB0FEE2B deleted successfully. ADS C:\ProgramData\Microsoft:xgn3RAFkUowBSNEj5maJiajQb3Rgq deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jared ->Temp folder emptied: 9601 bytes ->Temporary Internet Files folder emptied: 259490 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 348096351 bytes ->Flash cache emptied: 2017 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 19238 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 332.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 02062012_002335 Files\Folders moved on Reboot... C:\Users\Jared\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... Yep it does not on first open of the browser but if I search in another tab it does.
  13. JaredMiles
    When I first open Chrome it comes up with google as it should but then if I open a new tab and search in that then I get isearch.whitesmoke but here are the scans. OTL logfile created on: 05/02/2012 16:30:11 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jared\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.68 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 77.74% Memory free 11.36 Gb Paging File | 9.80 Gb Available in Paging File | 86.28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 583.07 Gb Total Space | 390.80 Gb Free Space | 67.02% Space Free | Partition Type: NTFS Drive D: | 7.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe PRC - [2012/01/31 02:22:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011/08/17 07:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/08/10 09:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/08/10 09:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/06/28 22:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010/05/27 02:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/04/13 16:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/03/11 05:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010/03/11 05:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012/01/31 02:24:35 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/01/31 02:24:34 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2012/01/31 02:24:34 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/01/31 02:24:34 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2012/01/31 02:24:34 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll MOD - [2012/01/02 01:04:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011/12/27 04:22:35 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4c06d1921304530c04615a2edd127484\IAStorUtil.ni.dll MOD - [2011/12/27 04:19:19 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011/12/27 04:19:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011/12/27 04:18:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011/12/27 04:18:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011/12/27 04:18:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011/12/27 04:18:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011/12/27 04:18:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2010/06/28 22:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009/05/20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/12/27 21:21:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/05/27 02:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/01/31 02:06:31 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/10/21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/07/09 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010/06/21 09:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/06/17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/06/03 19:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/05/15 12:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2010/04/20 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010/04/13 16:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/04/13 10:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/02/26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/03 02:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/03 02:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/03 02:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.whitesmoke.com/?isid=9860 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2011/12/27 13:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions [2011/12/27 13:20:43 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011/12/27 13:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: WhiteSmoke Search (Enabled) CHR - default_search_provider: search_url = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jared\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: WinZip Courier = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\ O1 HOSTS File: ([2012/02/04 11:34:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/07/03 15:20:01 | 000,000,039 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ] O32 - AutoRun File - [2011/10/31 14:16:33 | 000,000,069 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/05 16:29:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe [2012/02/05 15:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Test Success - All Tests (2009) [2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Driving Test Success [2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driving Test Success - All Tests (2009) [2012/02/05 00:31:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/02/04 11:27:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/02/03 17:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/02/03 17:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/02/03 17:03:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/02/03 16:59:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/02/02 23:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab [2012/02/02 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\PlayFirst [2012/02/02 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\My Games [2012/02/01 00:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Chromium [2012/02/01 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\SKIDROW [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Sports Interactive [2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Sports Interactive [2012/01/31 23:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA [2012/01/31 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA [2012/01/31 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Football.Manager.2012-SKIDROW [2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012/01/31 02:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/01/31 02:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro [2012/01/31 02:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro [2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012/01/28 23:33:38 | 000,064,000 | ---- | C] (Valve Corporation) -- C:\Windows\SysWow64\steam_api.dll [2012/01/28 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\WinZip [2012/01/28 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\WinZip [2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC [2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Courier [2012/01/28 23:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Courier [2012/01/28 23:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012/01/28 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012/01/28 23:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2012/01/28 23:01:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\ImgBurn [2012/01/28 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012/01/28 22:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012/01/28 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\Jared\Tracing [2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012/01/27 15:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012/01/19 12:40:44 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Microsoft Help [2012/01/19 12:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012/01/14 16:53:04 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\WinFF [2012/01/14 16:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF [2012/01/14 16:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinFF [2012/01/09 22:44:28 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Cyberlink [2012/01/09 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\CyberLink [2012/01/09 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\CyberLink [2012/01/09 22:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012/01/08 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\tiger-k [2012/01/08 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Leawo [2012/01/08 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Leawo [2012/01/08 15:53:23 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll [2012/01/08 15:53:23 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax [2012/01/08 15:49:07 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\AVS4YOU [2012/01/08 15:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2012/01/08 15:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012/01/08 15:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2012/01/08 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Malwarebytes [2012/01/08 15:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/08 15:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/08 15:35:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/08 15:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/01/08 12:09:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2012/01/08 09:47:32 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Applian FLV and Media Player [2012/01/08 09:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies [2012/01/08 09:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies [2012/01/08 09:39:24 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Linkury [2012/01/08 09:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Linkury [2012/01/08 09:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkury [2012/01/08 09:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Computer Updater [2012/01/08 09:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com [2012/01/08 01:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe [2012/02/05 15:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job [2012/02/05 15:19:54 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk [2012/02/05 15:19:20 | 000,730,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/05 15:19:20 | 000,631,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/05 15:19:20 | 000,111,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/05 15:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/05 00:38:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/05 00:38:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/05 00:31:14 | 277,905,407 | -HS- | M] () -- C:\hiberfil.sys [2012/02/04 11:34:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/02/03 00:19:54 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/02 22:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job [2012/01/31 23:11:49 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk [2012/01/31 02:06:31 | 000,526,392 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2012/01/28 22:56:03 | 000,001,897 | ---- | M] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2012/01/28 22:56:03 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/01/26 12:47:25 | 000,002,405 | ---- | M] () -- C:\Users\Jared\Desktop\Google Chrome.lnk [2012/01/08 09:40:23 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/05 15:19:54 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk [2012/02/03 17:03:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/02/03 17:03:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/02/03 17:03:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/02/03 17:03:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/02/03 17:03:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/02/03 00:19:54 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/31 23:11:49 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk [2012/01/31 02:22:34 | 000,000,921 | ---- | C] () -- C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk [2012/01/31 02:06:29 | 000,526,392 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2012/01/28 22:56:03 | 000,001,897 | ---- | C] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2012/01/28 22:56:03 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/01/08 15:53:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/01/08 09:40:23 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk [2011/12/28 01:48:12 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011/12/27 04:42:05 | 000,738,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/21 17:27:54 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/10/21 17:27:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/10/21 17:27:54 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/08/30 08:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010/08/30 08:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/05/30 04:42:00 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2009/03/12 01:01:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll ========== LOP Check ========== [2012/01/30 00:13:02 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Applian FLV and Media Player [2011/12/27 11:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Blender Foundation [2012/02/02 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro [2011/12/28 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\DriverCure [2012/01/28 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\ImgBurn [2012/01/08 15:53:53 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Leawo [2011/12/27 06:02:50 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PACE Anti-Piracy [2011/12/28 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PC Unleashed Online [2012/02/02 22:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PlayFirst [2012/02/01 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\SoftGrid Client [2011/12/26 23:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\SpinTop [2012/02/03 02:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Sports Interactive [2012/01/08 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\tiger-k [2012/01/05 16:31:32 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\TP [2011/12/27 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Unity [2012/01/26 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinFF [2012/01/28 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinZip [2012/01/07 17:35:51 | 000,020,474 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/02/05 00:31:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/12/27 01:30:43 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2010/12/27 20:57:12 | 000,000,000 | ---D | M] -- C:\book [2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/12/27 20:50:54 | 000,000,000 | ---D | M] -- C:\Intel [2012/01/05 16:41:18 | 000,000,000 | R--D | M] -- C:\MSOCache [2011/12/26 22:45:41 | 000,000,000 | ---D | M] -- C:\OEM [2009/07/14 03:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/01/28 23:18:13 | 000,000,000 | R--D | M] -- C:\Program Files [2012/02/05 15:19:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012/02/05 15:19:40 | 000,000,000 | ---D | M] -- C:\ProgramData [2012/02/04 11:38:50 | 000,000,000 | ---D | M] -- C:\Qoobox [2011/12/26 22:44:26 | 000,000,000 | ---D | M] -- C:\Recovery [2012/02/05 16:31:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/12/26 22:44:32 | 000,000,000 | R--D | M] -- C:\Users [2012/02/04 11:35:04 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010/07/17 19:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe [2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010/02/04 10:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/07/17 19:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/02/04 10:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010/07/17 19:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/02/04 10:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010/07/17 19:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010/02/04 10:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009/07/14 01:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe [2009/07/14 01:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009/07/14 01:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/14 01:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009/07/14 01:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/07/17 19:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/07/17 19:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:92EB0F35 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 1140 bytes -> C:\ProgramData\Microsoft:cHNCBpWF477tL6UkfKRlr @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CB0FEE2B @Alternate Data Stream - 1015 bytes -> C:\ProgramData\Microsoft:xgn3RAFkUowBSNEj5maJiajQb3Rgq < End of report > OTL Extras logfile created on: 05/02/2012 16:30:11 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jared\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.68 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 77.74% Memory free 11.36 Gb Paging File | 9.80 Gb Available in Paging File | 86.28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 583.07 Gb Total Space | 390.80 Gb Free Space | 67.02% Space Free | Partition Type: NTFS Drive D: | 7.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0 "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Blender" = Blender "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12 "DAEMON Tools Pro" = DAEMON Tools Pro "Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009) "Football Manager 2012_is1" = Football Manager 2012 "GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online "Identity Card" = Identity Card "ImgBurn" = ImgBurn "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Unity" = Unity "WinFF_is1" = WinFF 1.4.0 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 29/01/2012 14:02:50 | Computer Name = Jared-PC | Source = Application Virtualization Client | ID = 6001 Description = {tid=56C:usr=Jared} Unable to CreateProcess (rc 0C701533-000006BA) Error - 29/01/2012 14:02:50 | Computer Name = Jared-PC | Source = Application Virtualization Client | ID = 3079 Description = {hap=13:app=OfficeVirt 9014006604090000:tid=56C:usr=Jared} The client could not launch C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (rc 0C701533-000006BA, last error 87). Error - 29/01/2012 18:22:25 | Computer Name = Jared-PC | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error - 29/01/2012 20:31:34 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 29/01/2012 20:31:53 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 29/01/2012 20:32:50 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 30/01/2012 22:06:10 | Computer Name = Jared-PC | Source = VSS | ID = 8194 Description = Error - 30/01/2012 23:41:13 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 30/01/2012 23:41:32 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 30/01/2012 23:42:29 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. [ System Events ] Error - 28/01/2012 18:31:44 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7024 Description = The Windows Search service terminated with service-specific error %%-1073473535. Error - 28/01/2012 18:31:44 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 28/01/2012 18:41:30 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.772.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 28/01/2012 19:51:51 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 28/01/2012 19:51:52 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7024 Description = The Windows Search service terminated with service-specific error %%-1073473535. Error - 28/01/2012 19:51:52 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 28/01/2012 19:52:22 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error - 29/01/2012 11:17:26 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 29/01/2012 18:02:49 | Computer Name = Jared-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 19:48:54 on ?29/?01/?2012 was unexpected. Error - 30/01/2012 18:13:50 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 < End of report >
  14. JaredMiles
    ComboFix 12-02-03.02 - Jared 04/02/2012 11:28:45.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5815.4331 [GMT 0:00] Running from: c:\users\Jared\Downloads\ComboFix.exe Command switches used :: c:\users\Jared\Downloads\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 ))))))))))))))))))))))))))))))) . . 2012-02-04 11:33 . 2012-02-04 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-04 11:09 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB9A73A5-CA71-43A8-A7B3-8A6BA9FE9926}\mpengine.dll 2012-02-02 23:35 . 2012-02-02 23:35 -------- d-----w- c:\programdata\Arcade Lab 2012-02-02 22:45 . 2012-02-02 22:45 -------- d-----w- c:\users\Jared\AppData\Roaming\PlayFirst 2012-02-01 00:07 . 2012-02-01 00:07 -------- d-----w- c:\users\Jared\AppData\Local\Chromium 2012-02-01 00:05 . 2012-02-01 00:05 -------- d-----w- c:\users\Jared\AppData\Local\SKIDROW 2012-01-31 23:13 . 2012-02-03 02:56 -------- d-----w- c:\users\Jared\AppData\Roaming\Sports Interactive 2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\users\Jared\AppData\Local\Sports Interactive 2012-01-31 23:07 . 2012-01-31 23:07 -------- d-----w- c:\program files (x86)\SEGA 2012-01-31 02:22 . 2012-01-31 02:22 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-01-31 02:22 . 2012-02-04 11:34 -------- d-----w- c:\program files (x86)\Steam 2012-01-31 02:06 . 2012-01-31 02:06 526392 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-01-31 02:05 . 2012-01-31 02:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro 2012-01-31 02:05 . 2012-02-02 18:33 -------- d-----w- c:\users\Jared\AppData\Roaming\DAEMON Tools Pro 2012-01-31 02:05 . 2012-01-31 02:05 -------- d-----w- c:\programdata\DAEMON Tools Pro 2012-01-28 23:33 . 2011-09-27 04:58 64000 ----a-w- c:\windows\SysWow64\steam_api.dll 2012-01-28 23:29 . 2011-09-27 04:24 4178264 ----a-w- c:\windows\SysWow64\d3dx9_41.dll 2012-01-28 23:24 . 2012-01-28 23:24 -------- d-----w- c:\users\Jared\AppData\Roaming\WinZip 2012-01-28 23:20 . 2012-01-28 23:20 -------- d-----w- c:\users\Jared\AppData\Local\WinZip 2012-01-28 23:19 . 2012-01-28 23:19 -------- d-----w- c:\program files (x86)\WinZip Courier 2012-01-28 23:19 . 2012-01-28 23:19 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP 2012-01-28 23:18 . 2012-01-28 23:19 -------- d-----w- c:\programdata\WinZip 2012-01-28 23:01 . 2012-01-28 23:01 -------- d-----w- c:\users\Jared\AppData\Roaming\ImgBurn 2012-01-28 22:55 . 2012-01-28 22:56 -------- d-----w- c:\program files (x86)\ImgBurn 2012-01-28 22:53 . 2012-02-03 00:15 -------- d-----w- c:\users\Jared\Tracing 2012-01-28 22:53 . 2012-01-28 22:53 -------- d-----w- c:\program files (x86)\SweetIM 2012-01-28 22:53 . 2012-01-28 22:53 -------- d-----w- c:\programdata\SweetIM 2012-01-27 15:59 . 2012-01-27 15:59 -------- d--h--w- c:\programdata\CanonBJ 2012-01-27 15:59 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL 2012-01-19 12:40 . 2012-01-19 12:40 -------- d-----w- c:\programdata\Microsoft Help 2012-01-19 12:40 . 2012-01-19 12:40 -------- d-----w- c:\users\Jared\AppData\Local\Microsoft Help 2012-01-14 16:53 . 2012-01-26 01:17 -------- d-----w- c:\users\Jared\AppData\Roaming\WinFF 2012-01-14 16:53 . 2012-01-14 16:53 -------- d-----w- c:\program files (x86)\WinFF 2012-01-11 13:34 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 13:34 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 13:34 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 13:34 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 13:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 13:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 13:29 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 13:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-09 22:44 . 2012-01-13 20:18 -------- d-----w- c:\users\Jared\AppData\Local\Cyberlink 2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\users\Public\CyberLink 2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\programdata\CyberLink 2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\users\Jared\AppData\Roaming\CyberLink 2012-01-08 16:42 . 2007-02-27 18:36 974848 ----a-w- c:\windows\SysWow64\mfc70.dll 2012-01-08 16:42 . 2007-02-27 18:36 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll 2012-01-08 15:53 . 2012-01-08 15:54 -------- d-----w- c:\users\Jared\AppData\Roaming\tiger-k 2012-01-08 15:53 . 2012-01-08 15:53 -------- d-----w- c:\users\Jared\AppData\Roaming\Leawo 2012-01-08 15:53 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2012-01-08 15:53 . 2008-10-28 10:10 139264 ----a-w- c:\windows\SysWow64\xvid.ax 2012-01-08 15:53 . 2008-10-08 09:45 606208 ----a-w- c:\windows\SysWow64\xvidcore.dll 2012-01-08 15:49 . 2012-01-08 15:49 -------- d-----w- c:\users\Jared\AppData\Roaming\AVS4YOU 2012-01-08 15:47 . 2012-01-11 13:03 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia 2012-01-08 15:47 . 2012-01-11 13:03 -------- d-----w- c:\program files (x86)\AVS4YOU 2012-01-08 15:47 . 2012-01-08 15:49 -------- d-----w- c:\programdata\AVS4YOU 2012-01-08 15:47 . 2011-08-22 16:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll 2012-01-08 15:35 . 2012-01-08 15:35 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes 2012-01-08 15:35 . 2012-01-08 15:35 -------- d-----w- c:\programdata\Malwarebytes 2012-01-08 15:35 . 2012-02-03 00:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-08 15:35 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-08 12:09 . 2012-01-08 15:26 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2012-01-08 09:47 . 2012-01-30 00:13 -------- d-----w- c:\users\Jared\AppData\Roaming\Applian FLV and Media Player 2012-01-08 09:40 . 2012-01-08 09:40 -------- d-----w- c:\program files (x86)\Applian Technologies 2012-01-08 09:39 . 2012-02-02 19:25 -------- d-----w- c:\users\Jared\AppData\Local\Linkury 2012-01-08 09:39 . 2012-01-25 12:44 -------- d-----w- c:\programdata\Linkury 2012-01-08 09:39 . 2012-01-25 12:44 -------- d-----w- c:\program files (x86)\Linkury 2012-01-08 09:39 . 2012-01-08 09:44 -------- d-----w- c:\programdata\Computer Updater 2012-01-08 09:39 . 2012-01-08 09:39 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2012-01-08 09:38 . 2012-01-08 09:38 9216 ----a-r- c:\users\Jared\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe 2012-01-07 18:10 . 2012-01-07 18:10 -------- d-----w- c:\users\Public\OEM 2012-01-05 18:43 . 2012-01-08 01:34 -------- d-----w- c:\programdata\VirtualizedApplications 2012-01-05 16:41 . 2012-01-05 16:41 -------- d-----r- C:\MSOCache 2012-01-05 16:31 . 2012-02-01 19:44 -------- d-----w- c:\users\Jared\AppData\Roaming\SoftGrid Client 2012-01-05 16:31 . 2012-01-05 16:31 -------- d-----w- c:\users\Jared\AppData\Local\SoftGrid Client 2012-01-05 16:30 . 2012-01-06 04:27 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-01-05 16:30 . 2012-01-05 16:31 -------- d-----w- c:\users\Jared\AppData\Roaming\TP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2011-12-26 23:21 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 05:15 . 2011-12-28 17:48 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-28 17:57 . 2011-12-28 17:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-27 04:45 . 2011-12-27 04:45 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F66BA7D9-1CB2-439A-928E-FC9E2AA4B230}\gapaengine.dll 2011-12-27 02:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-12-27 02:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-12-27 01:22 . 2011-12-27 01:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-12-27 01:22 . 2011-12-27 01:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-12-27 01:22 . 2011-12-27 01:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-12-27 01:22 . 2011-12-27 01:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-12-27 01:22 . 2011-12-27 01:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-12-27 01:22 . 2011-12-27 01:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-12-27 01:22 . 2011-12-27 01:22 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-12-27 01:22 . 2011-12-27 01:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-12-27 01:22 . 2011-12-27 01:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-12-27 01:22 . 2011-12-27 01:22 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-12-27 01:22 . 2011-12-27 01:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-12-27 01:22 . 2011-12-27 01:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-12-27 01:22 . 2011-12-27 01:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-12-27 01:22 . 2011-12-27 01:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-12-27 01:22 . 2011-12-27 01:22 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-12-27 01:22 . 2011-12-27 01:22 222208 ----a-w- c:\windows\system32\msls31.dll 2011-12-27 01:22 . 2011-12-27 01:22 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-12-27 01:22 . 2011-12-27 01:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-12-27 01:22 . 2011-12-27 01:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-12-27 01:22 . 2011-12-27 01:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-12-27 01:22 . 2011-12-27 01:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-12-27 01:22 . 2011-12-27 01:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-12-27 01:22 . 2011-12-27 01:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-12-27 01:22 . 2011-12-27 01:22 1390080 ----a-w- c:\windows\system32\wininet.dll 2011-12-27 01:22 . 2011-12-27 01:22 12288 ----a-w- c:\windows\system32\mshta.exe 2011-12-27 01:22 . 2011-12-27 01:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-12-27 01:22 . 2011-12-27 01:22 114176 ----a-w- c:\windows\system32\admparse.dll 2011-12-27 01:22 . 2011-12-27 01:22 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-27 01:22 . 2011-12-27 01:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-12-27 01:22 . 2011-12-27 01:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-12-27 01:22 . 2011-12-27 01:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-12-27 01:22 . 2011-12-27 01:22 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-12-27 01:22 . 2011-12-27 01:22 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-12-27 01:22 . 2011-12-27 01:22 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-12-27 01:22 . 2011-12-27 01:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-12-27 01:22 . 2011-12-27 01:22 448512 ----a-w- c:\windows\system32\html.iec 2011-12-27 01:22 . 2011-12-27 01:22 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-27 01:22 . 2011-12-27 01:22 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-12-27 01:22 . 2011-12-27 01:22 160256 ----a-w- c:\windows\system32\wextract.exe 2011-12-27 01:22 . 2011-12-27 01:22 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2011-12-27 01:22 . 2011-12-27 01:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-12-27 01:22 . 2011-12-27 01:22 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-11-30 02:21 . 2011-12-26 23:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C051B66-E169-4583-953A-912B09F480F6}\mpengine.dll 2011-11-24 04:52 . 2011-12-27 01:35 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-15 03:38 . 2011-11-15 03:38 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx 2011-11-15 03:38 . 2011-11-15 03:38 425984 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx 2011-11-15 03:38 . 2011-11-15 03:38 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx . . ((((((((((((((((((((((((((((( SnapShot@2012-02-03_17.09.52 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-04 11:33 . 2012-02-04 11:33 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-02-03 17:08 . 2012-02-03 17:08 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2010-08-30 08:59 . 2012-02-04 11:01 45540 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-02-04 11:01 30272 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-12-29 23:29 . 2012-02-03 20:39 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-12-26 22:46 . 2012-02-04 11:01 9866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2548204430-3489653281-3508443478-1000_UserData.bin - 2012-02-03 17:09 . 2012-02-03 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-04 11:34 . 2012-02-04 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-03 17:09 . 2012-02-03 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-04 11:34 . 2012-02-04 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-02-03 17:08 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-04 11:33 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-12-27 01:33 . 2012-02-03 17:08 1405626 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2548204430-3489653281-3508443478-1000-12288.dat + 2011-12-27 01:33 . 2012-02-04 11:33 1405626 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2548204430-3489653281-3508443478-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-08-24 18:21 1299248 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-31 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job - c:\users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 00:39] . 2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job - c:\users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 00:39] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552] "ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Supplementary Scan ------- . uStart Page = hxxp://isearch.whitesmoke.com/?isid=9860 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-02-04 11:38:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-04 11:38 ComboFix2.txt 2012-02-03 17:13 . Pre-Run: 419,803,287,552 bytes free Post-Run: 419,741,270,016 bytes free . - - End Of File - - B99623A4AC8ED106FE358716D8D3EE23 Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.04.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jared :: JARED-PC [administrator] 04/02/2012 11:44:45 mbam-log-2012-02-04 (11-44-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 184227 Time elapsed: 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Yes it still appears
  15. JaredMiles
    ComboFix 12-02-03.02 - Jared 03/02/2012 17:04:31.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5815.4002 [GMT 0:00] Running from: c:\users\Jared\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\Public\Documents\NTILiveUpdateV9.dll c:\users\Public\Documents\NTIMMV9Acer.dll c:\users\Public\Documents\NTIMMV9REGET.dll . . ((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 ))))))))))))))))))))))))))))))) . . 2012-02-03 17:08 . 2012-02-03 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-02 23:35 . 2012-02-02 23:35 -------- d-----w- c:\programdata\Arcade Lab 2012-02-02 22:45 . 2012-02-02 22:45 -------- d-----w- c:\users\Jared\AppData\Roaming\PlayFirst 2012-02-02 18:39 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5668E933-D761-4E5F-B963-A7BC9A88783A}\mpengine.dll 2012-02-01 00:07 . 2012-02-01 00:07 -------- d-----w- c:\users\Jared\AppData\Local\Chromium 2012-02-01 00:05 . 2012-02-01 00:05 -------- d-----w- c:\users\Jared\AppData\Local\SKIDROW 2012-01-31 23:13 . 2012-02-03 02:56 -------- d-----w- c:\users\Jared\AppData\Roaming\Sports Interactive 2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\users\Jared\AppData\Local\Sports Interactive 2012-01-31 23:07 . 2012-01-31 23:07 -------- d-----w- c:\program files (x86)\SEGA 2012-01-31 02:22 . 2012-01-31 02:22 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-01-31 02:22 . 2012-02-03 17:10 -------- d-----w- c:\program files (x86)\Steam 2012-01-31 02:06 . 2012-01-31 02:06 526392 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-01-31 02:05 . 2012-01-31 02:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro 2012-01-31 02:05 . 2012-02-02 18:33 -------- d-----w- c:\users\Jared\AppData\Roaming\DAEMON Tools Pro 2012-01-31 02:05 . 2012-01-31 02:05 -------- d-----w- c:\programdata\DAEMON Tools Pro 2012-01-28 23:33 . 2011-09-27 04:58 64000 ----a-w- c:\windows\SysWow64\steam_api.dll 2012-01-28 23:29 . 2011-09-27 04:24 4178264 ----a-w- c:\windows\SysWow64\d3dx9_41.dll 2012-01-28 23:24 . 2012-01-28 23:24 -------- d-----w- c:\users\Jared\AppData\Roaming\WinZip 2012-01-28 23:20 . 2012-01-28 23:20 -------- d-----w- c:\users\Jared\AppData\Local\WinZip 2012-01-28 23:19 . 2012-01-28 23:19 -------- d-----w- c:\program files (x86)\WinZip Courier 2012-01-28 23:19 . 2012-01-28 23:19 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP 2012-01-28 23:18 . 2012-01-28 23:19 -------- d-----w- c:\programdata\WinZip 2012-01-28 23:01 . 2012-01-28 23:01 -------- d-----w- c:\users\Jared\AppData\Roaming\ImgBurn 2012-01-28 22:55 . 2012-01-28 22:56 -------- d-----w- c:\program files (x86)\ImgBurn 2012-01-28 22:53 . 2012-02-03 00:15 -------- d-----w- c:\users\Jared\Tracing 2012-01-28 22:53 . 2012-01-28 22:53 -------- d-----w- c:\program files (x86)\SweetIM 2012-01-28 22:53 . 2012-01-28 22:53 -------- d-----w- c:\programdata\SweetIM 2012-01-27 15:59 . 2012-01-27 15:59 -------- d--h--w- c:\programdata\CanonBJ 2012-01-27 15:59 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL 2012-01-19 12:40 . 2012-01-19 12:40 -------- d-----w- c:\programdata\Microsoft Help 2012-01-19 12:40 . 2012-01-19 12:40 -------- d-----w- c:\users\Jared\AppData\Local\Microsoft Help 2012-01-14 16:53 . 2012-01-26 01:17 -------- d-----w- c:\users\Jared\AppData\Roaming\WinFF 2012-01-14 16:53 . 2012-01-14 16:53 -------- d-----w- c:\program files (x86)\WinFF 2012-01-11 13:34 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 13:34 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 13:34 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 13:34 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 13:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 13:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 13:29 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 13:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-09 22:44 . 2012-01-13 20:18 -------- d-----w- c:\users\Jared\AppData\Local\Cyberlink 2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\users\Public\CyberLink 2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\programdata\CyberLink 2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\users\Jared\AppData\Roaming\CyberLink 2012-01-08 16:42 . 2007-02-27 18:36 974848 ----a-w- c:\windows\SysWow64\mfc70.dll 2012-01-08 16:42 . 2007-02-27 18:36 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll 2012-01-08 15:53 . 2012-01-08 15:54 -------- d-----w- c:\users\Jared\AppData\Roaming\tiger-k 2012-01-08 15:53 . 2012-01-08 15:53 -------- d-----w- c:\users\Jared\AppData\Roaming\Leawo 2012-01-08 15:53 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2012-01-08 15:53 . 2008-10-28 10:10 139264 ----a-w- c:\windows\SysWow64\xvid.ax 2012-01-08 15:53 . 2008-10-08 09:45 606208 ----a-w- c:\windows\SysWow64\xvidcore.dll 2012-01-08 15:49 . 2012-01-08 15:49 -------- d-----w- c:\users\Jared\AppData\Roaming\AVS4YOU 2012-01-08 15:47 . 2012-01-11 13:03 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia 2012-01-08 15:47 . 2012-01-11 13:03 -------- d-----w- c:\program files (x86)\AVS4YOU 2012-01-08 15:47 . 2012-01-08 15:49 -------- d-----w- c:\programdata\AVS4YOU 2012-01-08 15:47 . 2011-08-22 16:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll 2012-01-08 15:35 . 2012-01-08 15:35 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes 2012-01-08 15:35 . 2012-01-08 15:35 -------- d-----w- c:\programdata\Malwarebytes 2012-01-08 15:35 . 2012-02-03 00:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-08 15:35 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-08 12:09 . 2012-01-08 15:26 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2012-01-08 09:47 . 2012-01-30 00:13 -------- d-----w- c:\users\Jared\AppData\Roaming\Applian FLV and Media Player 2012-01-08 09:40 . 2012-01-08 09:40 -------- d-----w- c:\program files (x86)\Applian Technologies 2012-01-08 09:39 . 2012-02-02 19:25 -------- d-----w- c:\users\Jared\AppData\Local\Linkury 2012-01-08 09:39 . 2012-01-25 12:44 -------- d-----w- c:\programdata\Linkury 2012-01-08 09:39 . 2012-01-25 12:44 -------- d-----w- c:\program files (x86)\Linkury 2012-01-08 09:39 . 2012-01-08 09:44 -------- d-----w- c:\programdata\Computer Updater 2012-01-08 09:39 . 2012-01-08 09:39 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2012-01-08 09:38 . 2012-01-08 09:38 9216 ----a-r- c:\users\Jared\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe 2012-01-07 18:10 . 2012-01-07 18:10 -------- d-----w- c:\users\Public\OEM 2012-01-05 18:43 . 2012-01-08 01:34 -------- d-----w- c:\programdata\VirtualizedApplications 2012-01-05 16:41 . 2012-01-05 16:41 -------- d-----r- C:\MSOCache 2012-01-05 16:31 . 2012-02-01 19:44 -------- d-----w- c:\users\Jared\AppData\Roaming\SoftGrid Client 2012-01-05 16:31 . 2012-01-05 16:31 -------- d-----w- c:\users\Jared\AppData\Local\SoftGrid Client 2012-01-05 16:30 . 2012-01-06 04:27 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-01-05 16:30 . 2012-01-05 16:31 -------- d-----w- c:\users\Jared\AppData\Roaming\TP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2011-12-26 23:21 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 05:15 . 2011-12-28 17:48 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-28 17:57 . 2011-12-28 17:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-27 04:45 . 2011-12-27 04:45 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F66BA7D9-1CB2-439A-928E-FC9E2AA4B230}\gapaengine.dll 2011-12-27 02:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-12-27 02:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-12-27 01:22 . 2011-12-27 01:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-12-27 01:22 . 2011-12-27 01:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-12-27 01:22 . 2011-12-27 01:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-12-27 01:22 . 2011-12-27 01:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-12-27 01:22 . 2011-12-27 01:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-12-27 01:22 . 2011-12-27 01:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-12-27 01:22 . 2011-12-27 01:22 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-12-27 01:22 . 2011-12-27 01:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-12-27 01:22 . 2011-12-27 01:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-12-27 01:22 . 2011-12-27 01:22 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-12-27 01:22 . 2011-12-27 01:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-12-27 01:22 . 2011-12-27 01:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-12-27 01:22 . 2011-12-27 01:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-12-27 01:22 . 2011-12-27 01:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-12-27 01:22 . 2011-12-27 01:22 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-12-27 01:22 . 2011-12-27 01:22 222208 ----a-w- c:\windows\system32\msls31.dll 2011-12-27 01:22 . 2011-12-27 01:22 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-12-27 01:22 . 2011-12-27 01:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-12-27 01:22 . 2011-12-27 01:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-12-27 01:22 . 2011-12-27 01:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-12-27 01:22 . 2011-12-27 01:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-12-27 01:22 . 2011-12-27 01:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-12-27 01:22 . 2011-12-27 01:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-12-27 01:22 . 2011-12-27 01:22 1390080 ----a-w- c:\windows\system32\wininet.dll 2011-12-27 01:22 . 2011-12-27 01:22 12288 ----a-w- c:\windows\system32\mshta.exe 2011-12-27 01:22 . 2011-12-27 01:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-12-27 01:22 . 2011-12-27 01:22 114176 ----a-w- c:\windows\system32\admparse.dll 2011-12-27 01:22 . 2011-12-27 01:22 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-27 01:22 . 2011-12-27 01:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-12-27 01:22 . 2011-12-27 01:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-12-27 01:22 . 2011-12-27 01:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-12-27 01:22 . 2011-12-27 01:22 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-12-27 01:22 . 2011-12-27 01:22 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-12-27 01:22 . 2011-12-27 01:22 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-12-27 01:22 . 2011-12-27 01:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-12-27 01:22 . 2011-12-27 01:22 448512 ----a-w- c:\windows\system32\html.iec 2011-12-27 01:22 . 2011-12-27 01:22 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-27 01:22 . 2011-12-27 01:22 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-12-27 01:22 . 2011-12-27 01:22 160256 ----a-w- c:\windows\system32\wextract.exe 2011-12-27 01:22 . 2011-12-27 01:22 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2011-12-27 01:22 . 2011-12-27 01:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-12-27 01:22 . 2011-12-27 01:22 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-11-30 02:21 . 2011-12-26 23:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C051B66-E169-4583-953A-912B09F480F6}\mpengine.dll 2011-11-24 04:52 . 2011-12-27 01:35 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-15 03:38 . 2011-11-15 03:38 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx 2011-11-15 03:38 . 2011-11-15 03:38 425984 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx 2011-11-15 03:38 . 2011-11-15 03:38 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-08-24 18:21 1299248 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-31 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c87ec40-4bb0-11e1-a249-806e6f6e6963}] \shell\AutoRun\command - E:\Setup.exe . Contents of the 'Scheduled Tasks' folder . 2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job - c:\users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 00:39] . 2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job - c:\users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 00:39] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://isearch.whitesmoke.com/?isid=9860 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-02-03 17:13:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-03 17:13 . Pre-Run: 420,291,964,928 bytes free Post-Run: 420,160,962,560 bytes free . - - End Of File - - 4D66099523E6ADCD8DEE5864D9916407
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.