Jump to content

Recommended Posts

Hello. I was using Google chrome as my default web browser and a couple of days ago I loaded up chrome and instead of getting Google I got isearch.whitesmoke.com/?isid=9860/. I have gone in and deleted in as my default search browser, but it keeps installing itself back on there. I have done virus scans, quick and full using Microsoft Security Essentials and same with malwarebytes. All of them don't find anything and was wondering if you could do anything to get rid of it?

Any help will be appreciated :)

Cheers

Jared

Link to post
Share on other sites

:welcome:

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

dds_scr.gif

Download DDS and save it to your desktop from here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop and post them in your next reply

Please post in your next reply

DDS.txt

attach.txt

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jared at 13:47:07 on 2012-02-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5815.3891 [GMT 0:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Users\Jared\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jared\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jared\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jared\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.whitesmoke.com/?isid=9860

uDefault_Page_URL = hxxp://acer.msn.com

uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/stg_drm.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/armhelper.ocx

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}\244584F6D65684572623D2456475A5 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}\244584F6D65684572623D264347323 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}\35B4951323334333 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}\465667F6C6F6 : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}\7414E44434 : DhcpNameServer = 192.168.1.254

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll

BHO-X64: WinZip Courier BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

BHO-X64: SWEETIE - No File

TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 MpKsl483d2bb6;MpKsl483d2bb6;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5668E933-D761-4E5F-B963-A7BC9A88783A}\MpKsl483d2bb6.sys [2012-2-3 35664]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-30 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-27 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-30 13336]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-30 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-30 243232]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-03 02:20:02 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5668E933-D761-4E5F-B963-A7BC9A88783A}\MpKsl483d2bb6.sys

2012-02-02 23:35:22 -------- d-----w- C:\ProgramData\Arcade Lab

2012-02-02 20:42:12 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5668E933-D761-4E5F-B963-A7BC9A88783A}\offreg.dll

2012-02-02 18:39:09 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5668E933-D761-4E5F-B963-A7BC9A88783A}\mpengine.dll

2012-02-01 00:07:03 -------- d-----w- C:\Users\Jared\AppData\Local\Chromium

2012-02-01 00:05:51 -------- d-----w- C:\Users\Jared\AppData\Local\SKIDROW

2012-01-31 23:13:56 -------- d-----w- C:\Users\Jared\AppData\Roaming\Sports Interactive

2012-01-31 23:13:56 -------- d-----w- C:\Users\Jared\AppData\Local\Sports Interactive

2012-01-31 23:07:55 -------- d-----w- C:\Program Files (x86)\SEGA

2012-01-31 02:22:33 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-01-31 02:22:31 -------- d-----w- C:\Program Files (x86)\Steam

2012-01-31 02:06:29 526392 ----a-w- C:\Windows\System32\drivers\sptd.sys

2012-01-31 02:05:59 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro

2012-01-31 02:05:11 -------- d-----w- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro

2012-01-31 02:05:11 -------- d-----w- C:\ProgramData\DAEMON Tools Pro

2012-01-28 23:33:38 64000 ----a-w- C:\Windows\SysWow64\steam_api.dll

2012-01-28 23:29:49 4178264 ----a-w- C:\Windows\SysWow64\d3dx9_41.dll

2012-01-28 23:24:43 -------- d-----w- C:\Users\Jared\AppData\Roaming\WinZip

2012-01-28 23:20:38 -------- d-----w- C:\Users\Jared\AppData\Local\WinZip

2012-01-28 23:19:36 -------- d-----w- C:\ProgramData\WinZipEC

2012-01-28 23:19:34 -------- d-----w- C:\Program Files (x86)\WinZip Courier

2012-01-28 23:19:33 -------- d-----w- C:\Windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP

2012-01-28 22:53:40 -------- d-----w- C:\Users\Jared\Tracing

2012-01-28 22:53:32 -------- d-----w- C:\ProgramData\SweetIM

2012-01-28 22:53:32 -------- d-----w- C:\Program Files (x86)\SweetIM

2012-01-27 15:59:30 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL

2012-01-19 12:40:44 -------- d-----w- C:\Users\Jared\AppData\Local\Microsoft Help

2012-01-14 16:53:04 -------- d-----w- C:\Users\Jared\AppData\Roaming\WinFF

2012-01-14 16:53:01 -------- d-----w- C:\Program Files (x86)\WinFF

2012-01-11 13:34:56 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 13:34:55 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 13:34:55 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 13:34:55 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 13:34:33 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 13:34:33 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 13:29:47 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 13:29:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-09 22:44:28 -------- d-----w- C:\Users\Jared\AppData\Local\Cyberlink

2012-01-08 16:42:45 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll

2012-01-08 16:42:44 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll

2012-01-08 15:53:53 -------- d-----w- C:\Users\Jared\AppData\Roaming\tiger-k

2012-01-08 15:53:53 -------- d-----w- C:\Users\Jared\AppData\Roaming\Leawo

2012-01-08 15:53:36 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-01-08 15:53:23 606208 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2012-01-08 15:53:23 139264 ----a-w- C:\Windows\SysWow64\xvid.ax

2012-01-08 15:49:07 -------- d-----w- C:\Users\Jared\AppData\Roaming\AVS4YOU

2012-01-08 15:47:17 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2012-01-08 15:47:17 -------- d-----w- C:\ProgramData\AVS4YOU

2012-01-08 15:47:17 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia

2012-01-08 15:47:17 -------- d-----w- C:\Program Files (x86)\AVS4YOU

2012-01-08 15:35:57 -------- d-----w- C:\Users\Jared\AppData\Roaming\Malwarebytes

2012-01-08 15:35:47 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-08 15:35:46 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-08 15:35:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-08 12:09:13 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2012-01-08 09:47:32 -------- d-----w- C:\Users\Jared\AppData\Roaming\Applian FLV and Media Player

2012-01-08 09:40:09 -------- d-----w- C:\Program Files (x86)\Applian Technologies

2012-01-08 09:39:24 -------- d-----w- C:\Users\Jared\AppData\Local\Linkury

2012-01-08 09:39:24 -------- d-----w- C:\ProgramData\Linkury

2012-01-08 09:39:24 -------- d-----w- C:\Program Files (x86)\Linkury

2012-01-08 09:39:16 -------- d-----w- C:\ProgramData\Computer Updater

2012-01-08 09:39:08 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com

2012-01-08 09:38:52 9216 ----a-r- C:\Users\Jared\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe

2012-01-05 18:43:09 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-01-05 16:31:24 -------- d-----w- C:\Users\Jared\AppData\Roaming\SoftGrid Client

2012-01-05 16:31:24 -------- d-----w- C:\Users\Jared\AppData\Local\SoftGrid Client

2012-01-05 16:30:32 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-01-05 16:30:21 -------- d-----w- C:\Users\Jared\AppData\Roaming\TP

.

==================== Find3M ====================

.

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-28 17:57:44 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-12-27 02:56:09 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-12-27 02:56:09 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-11-15 03:38:16 69632 ----a-w- C:\Windows\SysWow64\CUUpdateComponent.ocx

2011-11-15 03:38:16 425984 ----a-w- C:\Windows\SysWow64\ComputerUpdaterLM.ocx

2011-11-15 03:38:16 131072 ----a-w- C:\Windows\SysWow64\SafeAppRichList.ocx

.

============= FINISH: 13:47:37.14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 26/12/2011 22:44:28

System Uptime: 02/02/2012 18:27:37 (19 hours ago)

.

Motherboard: Acer | | Aspire 5742Z

Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU | 917/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 583 GiB total, 391.258 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP30: 28/01/2012 23:17:46 - Installed WinZip 16.0

RP31: 29/01/2012 00:02:19 - Windows Update

RP32: 29/01/2012 22:05:38 - Removed Windows Live ID Sign-in Assistant

RP34: 31/01/2012 02:06:10 - SPTD setup V1.78

RP35: 31/01/2012 02:22:16 - Installed Steam

RP36: 02/02/2012 18:38:39 - Windows Update

RP37: 02/02/2012 20:27:05 - Configured eSobi v2

.

==== Installed Programs ======================

.

Acer Backup Manager

Acer Crystal Eye webcam

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1 MUI

Age of Empires Online

Airport Mania First Flight

Amazonia

Apple Application Support

Apple Software Update

Applian FLV and Media Player 3.1.1.12

Backup Manager Basic

CyberLink PowerDVD 9

DAEMON Tools Pro

Dream Day First Home

eBay Worldwide

Football Manager 2012

Galapago

Google Chrome

Heroes of Hellas

Identity Card

ImgBurn

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 30

Junk Mail filter update

Launch Manager

Malwarebytes Anti-Malware version 1.60.1.1000

Merriam Websters Spell Jam

Microsoft Choice Guard

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MyWinLocker

MyWinLocker Suite

NTI Media Maker 9

Poker Pop

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Shredder

Skype™ 5.5

Spin & Win

Steam

SweetIM for Messenger 3.6

SweetIM Toolbar for Internet Explorer 4.2

Unity

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinFF 1.4.0

WinZip Courier

.

==== Event Viewer Messages From Past Week ========

.

31/01/2012 02:08:49, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

30/01/2012 22:13:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

29/01/2012 15:17:26, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

28/01/2012 23:52:22, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

28/01/2012 23:51:52, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

28/01/2012 23:51:52, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

28/01/2012 23:51:51, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

28/01/2012 22:41:30, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.772.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

28/01/2012 18:19:58, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

27/01/2012 19:52:37, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

27/01/2012 15:54:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

27/01/2012 13:30:49, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

02/02/2012 18:28:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

01/02/2012 19:22:14, Error: bowser [8003] - The master browser has received a server announcement from the computer TOSHIBA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{69B69274-1755-4F24-A17D-EA5633B929CF}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Please post in your next reply

Combofix.txt

Link to post
Share on other sites

ComboFix 12-02-03.02 - Jared 03/02/2012 17:04:31.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5815.4002 [GMT 0:00]

Running from: c:\users\Jared\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\Public\Documents\NTILiveUpdateV9.dll

c:\users\Public\Documents\NTIMMV9Acer.dll

c:\users\Public\Documents\NTIMMV9REGET.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))

.

.

2012-02-03 17:08 . 2012-02-03 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-02 23:35 . 2012-02-02 23:35 -------- d-----w- c:\programdata\Arcade Lab

2012-02-02 22:45 . 2012-02-02 22:45 -------- d-----w- c:\users\Jared\AppData\Roaming\PlayFirst

2012-02-02 18:39 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5668E933-D761-4E5F-B963-A7BC9A88783A}\mpengine.dll

2012-02-01 00:07 . 2012-02-01 00:07 -------- d-----w- c:\users\Jared\AppData\Local\Chromium

2012-02-01 00:05 . 2012-02-01 00:05 -------- d-----w- c:\users\Jared\AppData\Local\SKIDROW

2012-01-31 23:13 . 2012-02-03 02:56 -------- d-----w- c:\users\Jared\AppData\Roaming\Sports Interactive

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\users\Jared\AppData\Local\Sports Interactive

2012-01-31 23:07 . 2012-01-31 23:07 -------- d-----w- c:\program files (x86)\SEGA

2012-01-31 02:22 . 2012-01-31 02:22 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-01-31 02:22 . 2012-02-03 17:10 -------- d-----w- c:\program files (x86)\Steam

2012-01-31 02:06 . 2012-01-31 02:06 526392 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-01-31 02:05 . 2012-01-31 02:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro

2012-01-31 02:05 . 2012-02-02 18:33 -------- d-----w- c:\users\Jared\AppData\Roaming\DAEMON Tools Pro

2012-01-31 02:05 . 2012-01-31 02:05 -------- d-----w- c:\programdata\DAEMON Tools Pro

2012-01-28 23:33 . 2011-09-27 04:58 64000 ----a-w- c:\windows\SysWow64\steam_api.dll

2012-01-28 23:29 . 2011-09-27 04:24 4178264 ----a-w- c:\windows\SysWow64\d3dx9_41.dll

2012-01-28 23:24 . 2012-01-28 23:24 -------- d-----w- c:\users\Jared\AppData\Roaming\WinZip

2012-01-28 23:20 . 2012-01-28 23:20 -------- d-----w- c:\users\Jared\AppData\Local\WinZip

2012-01-28 23:19 . 2012-01-28 23:19 -------- d-----w- c:\program files (x86)\WinZip Courier

2012-01-28 23:19 . 2012-01-28 23:19 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP

2012-01-28 23:18 . 2012-01-28 23:19 -------- d-----w- c:\programdata\WinZip

2012-01-28 23:01 . 2012-01-28 23:01 -------- d-----w- c:\users\Jared\AppData\Roaming\ImgBurn

2012-01-28 22:55 . 2012-01-28 22:56 -------- d-----w- c:\program files (x86)\ImgBurn

2012-01-28 22:53 . 2012-02-03 00:15 -------- d-----w- c:\users\Jared\Tracing

2012-01-28 22:53 . 2012-01-28 22:53 -------- d-----w- c:\program files (x86)\SweetIM

2012-01-28 22:53 . 2012-01-28 22:53 -------- d-----w- c:\programdata\SweetIM

2012-01-27 15:59 . 2012-01-27 15:59 -------- d--h--w- c:\programdata\CanonBJ

2012-01-27 15:59 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL

2012-01-19 12:40 . 2012-01-19 12:40 -------- d-----w- c:\programdata\Microsoft Help

2012-01-19 12:40 . 2012-01-19 12:40 -------- d-----w- c:\users\Jared\AppData\Local\Microsoft Help

2012-01-14 16:53 . 2012-01-26 01:17 -------- d-----w- c:\users\Jared\AppData\Roaming\WinFF

2012-01-14 16:53 . 2012-01-14 16:53 -------- d-----w- c:\program files (x86)\WinFF

2012-01-11 13:34 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 13:34 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 13:34 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 13:34 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 13:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 13:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 13:29 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 13:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-09 22:44 . 2012-01-13 20:18 -------- d-----w- c:\users\Jared\AppData\Local\Cyberlink

2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\users\Public\CyberLink

2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\programdata\CyberLink

2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\users\Jared\AppData\Roaming\CyberLink

2012-01-08 16:42 . 2007-02-27 18:36 974848 ----a-w- c:\windows\SysWow64\mfc70.dll

2012-01-08 16:42 . 2007-02-27 18:36 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll

2012-01-08 15:53 . 2012-01-08 15:54 -------- d-----w- c:\users\Jared\AppData\Roaming\tiger-k

2012-01-08 15:53 . 2012-01-08 15:53 -------- d-----w- c:\users\Jared\AppData\Roaming\Leawo

2012-01-08 15:53 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll

2012-01-08 15:53 . 2008-10-28 10:10 139264 ----a-w- c:\windows\SysWow64\xvid.ax

2012-01-08 15:53 . 2008-10-08 09:45 606208 ----a-w- c:\windows\SysWow64\xvidcore.dll

2012-01-08 15:49 . 2012-01-08 15:49 -------- d-----w- c:\users\Jared\AppData\Roaming\AVS4YOU

2012-01-08 15:47 . 2012-01-11 13:03 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2012-01-08 15:47 . 2012-01-11 13:03 -------- d-----w- c:\program files (x86)\AVS4YOU

2012-01-08 15:47 . 2012-01-08 15:49 -------- d-----w- c:\programdata\AVS4YOU

2012-01-08 15:47 . 2011-08-22 16:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll

2012-01-08 15:35 . 2012-01-08 15:35 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes

2012-01-08 15:35 . 2012-01-08 15:35 -------- d-----w- c:\programdata\Malwarebytes

2012-01-08 15:35 . 2012-02-03 00:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-08 15:35 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-08 12:09 . 2012-01-08 15:26 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2012-01-08 09:47 . 2012-01-30 00:13 -------- d-----w- c:\users\Jared\AppData\Roaming\Applian FLV and Media Player

2012-01-08 09:40 . 2012-01-08 09:40 -------- d-----w- c:\program files (x86)\Applian Technologies

2012-01-08 09:39 . 2012-02-02 19:25 -------- d-----w- c:\users\Jared\AppData\Local\Linkury

2012-01-08 09:39 . 2012-01-25 12:44 -------- d-----w- c:\programdata\Linkury

2012-01-08 09:39 . 2012-01-25 12:44 -------- d-----w- c:\program files (x86)\Linkury

2012-01-08 09:39 . 2012-01-08 09:44 -------- d-----w- c:\programdata\Computer Updater

2012-01-08 09:39 . 2012-01-08 09:39 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com

2012-01-08 09:38 . 2012-01-08 09:38 9216 ----a-r- c:\users\Jared\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe

2012-01-07 18:10 . 2012-01-07 18:10 -------- d-----w- c:\users\Public\OEM

2012-01-05 18:43 . 2012-01-08 01:34 -------- d-----w- c:\programdata\VirtualizedApplications

2012-01-05 16:41 . 2012-01-05 16:41 -------- d-----r- C:\MSOCache

2012-01-05 16:31 . 2012-02-01 19:44 -------- d-----w- c:\users\Jared\AppData\Roaming\SoftGrid Client

2012-01-05 16:31 . 2012-01-05 16:31 -------- d-----w- c:\users\Jared\AppData\Local\SoftGrid Client

2012-01-05 16:30 . 2012-01-06 04:27 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-01-05 16:30 . 2012-01-05 16:31 -------- d-----w- c:\users\Jared\AppData\Roaming\TP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2011-12-26 23:21 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 05:15 . 2011-12-28 17:48 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-28 17:57 . 2011-12-28 17:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-12-27 04:45 . 2011-12-27 04:45 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F66BA7D9-1CB2-439A-928E-FC9E2AA4B230}\gapaengine.dll

2011-12-27 02:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-12-27 02:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-12-27 01:22 . 2011-12-27 01:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-12-27 01:22 . 2011-12-27 01:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-12-27 01:22 . 2011-12-27 01:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-12-27 01:22 . 2011-12-27 01:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-12-27 01:22 . 2011-12-27 01:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-12-27 01:22 . 2011-12-27 01:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-12-27 01:22 . 2011-12-27 01:22 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-12-27 01:22 . 2011-12-27 01:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-12-27 01:22 . 2011-12-27 01:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-12-27 01:22 . 2011-12-27 01:22 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-12-27 01:22 . 2011-12-27 01:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-12-27 01:22 . 2011-12-27 01:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-12-27 01:22 . 2011-12-27 01:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-27 01:22 . 2011-12-27 01:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-12-27 01:22 . 2011-12-27 01:22 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-12-27 01:22 . 2011-12-27 01:22 222208 ----a-w- c:\windows\system32\msls31.dll

2011-12-27 01:22 . 2011-12-27 01:22 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-12-27 01:22 . 2011-12-27 01:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-12-27 01:22 . 2011-12-27 01:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-12-27 01:22 . 2011-12-27 01:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-12-27 01:22 . 2011-12-27 01:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-12-27 01:22 . 2011-12-27 01:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-12-27 01:22 . 2011-12-27 01:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-12-27 01:22 . 2011-12-27 01:22 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-12-27 01:22 . 2011-12-27 01:22 12288 ----a-w- c:\windows\system32\mshta.exe

2011-12-27 01:22 . 2011-12-27 01:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-12-27 01:22 . 2011-12-27 01:22 114176 ----a-w- c:\windows\system32\admparse.dll

2011-12-27 01:22 . 2011-12-27 01:22 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-12-27 01:22 . 2011-12-27 01:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-12-27 01:22 . 2011-12-27 01:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-27 01:22 . 2011-12-27 01:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-12-27 01:22 . 2011-12-27 01:22 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-12-27 01:22 . 2011-12-27 01:22 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-12-27 01:22 . 2011-12-27 01:22 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-12-27 01:22 . 2011-12-27 01:22 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-12-27 01:22 . 2011-12-27 01:22 448512 ----a-w- c:\windows\system32\html.iec

2011-12-27 01:22 . 2011-12-27 01:22 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-27 01:22 . 2011-12-27 01:22 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-12-27 01:22 . 2011-12-27 01:22 160256 ----a-w- c:\windows\system32\wextract.exe

2011-12-27 01:22 . 2011-12-27 01:22 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-27 01:22 . 2011-12-27 01:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-12-27 01:22 . 2011-12-27 01:22 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-11-30 02:21 . 2011-12-26 23:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C051B66-E169-4583-953A-912B09F480F6}\mpengine.dll

2011-11-24 04:52 . 2011-12-27 01:35 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-15 03:38 . 2011-11-15 03:38 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx

2011-11-15 03:38 . 2011-11-15 03:38 425984 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx

2011-11-15 03:38 . 2011-11-15 03:38 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2011-08-24 18:21 1299248 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-31 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c87ec40-4bb0-11e1-a249-806e6f6e6963}]

\shell\AutoRun\command - E:\Setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job

- c:\users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 00:39]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job

- c:\users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 00:39]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://isearch.whitesmoke.com/?isid=9860

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-02-03 17:13:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-03 17:13

.

Pre-Run: 420,291,964,928 bytes free

Post-Run: 420,160,962,560 bytes free

.

- - End Of File - - 4D66099523E6ADCD8DEE5864D9916407

Link to post
Share on other sites

Hy,

Open notepad and copy/paste the text in the Code-box below into it:


DDS::
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
ClearJavaCache::

  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Please post in your next reply

Combofix.txt

MBAM Log

Let me know if whistesmoke still appear

Link to post
Share on other sites

ComboFix 12-02-03.02 - Jared 04/02/2012 11:28:45.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5815.4331 [GMT 0:00]

Running from: c:\users\Jared\Downloads\ComboFix.exe

Command switches used :: c:\users\Jared\Downloads\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))

.

.

2012-02-04 11:33 . 2012-02-04 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-04 11:09 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB9A73A5-CA71-43A8-A7B3-8A6BA9FE9926}\mpengine.dll

2012-02-02 23:35 . 2012-02-02 23:35 -------- d-----w- c:\programdata\Arcade Lab

2012-02-02 22:45 . 2012-02-02 22:45 -------- d-----w- c:\users\Jared\AppData\Roaming\PlayFirst

2012-02-01 00:07 . 2012-02-01 00:07 -------- d-----w- c:\users\Jared\AppData\Local\Chromium

2012-02-01 00:05 . 2012-02-01 00:05 -------- d-----w- c:\users\Jared\AppData\Local\SKIDROW

2012-01-31 23:13 . 2012-02-03 02:56 -------- d-----w- c:\users\Jared\AppData\Roaming\Sports Interactive

2012-01-31 23:13 . 2012-01-31 23:13 -------- d-----w- c:\users\Jared\AppData\Local\Sports Interactive

2012-01-31 23:07 . 2012-01-31 23:07 -------- d-----w- c:\program files (x86)\SEGA

2012-01-31 02:22 . 2012-01-31 02:22 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-01-31 02:22 . 2012-02-04 11:34 -------- d-----w- c:\program files (x86)\Steam

2012-01-31 02:06 . 2012-01-31 02:06 526392 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-01-31 02:05 . 2012-01-31 02:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro

2012-01-31 02:05 . 2012-02-02 18:33 -------- d-----w- c:\users\Jared\AppData\Roaming\DAEMON Tools Pro

2012-01-31 02:05 . 2012-01-31 02:05 -------- d-----w- c:\programdata\DAEMON Tools Pro

2012-01-28 23:33 . 2011-09-27 04:58 64000 ----a-w- c:\windows\SysWow64\steam_api.dll

2012-01-28 23:29 . 2011-09-27 04:24 4178264 ----a-w- c:\windows\SysWow64\d3dx9_41.dll

2012-01-28 23:24 . 2012-01-28 23:24 -------- d-----w- c:\users\Jared\AppData\Roaming\WinZip

2012-01-28 23:20 . 2012-01-28 23:20 -------- d-----w- c:\users\Jared\AppData\Local\WinZip

2012-01-28 23:19 . 2012-01-28 23:19 -------- d-----w- c:\program files (x86)\WinZip Courier

2012-01-28 23:19 . 2012-01-28 23:19 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP

2012-01-28 23:18 . 2012-01-28 23:19 -------- d-----w- c:\programdata\WinZip

2012-01-28 23:01 . 2012-01-28 23:01 -------- d-----w- c:\users\Jared\AppData\Roaming\ImgBurn

2012-01-28 22:55 . 2012-01-28 22:56 -------- d-----w- c:\program files (x86)\ImgBurn

2012-01-28 22:53 . 2012-02-03 00:15 -------- d-----w- c:\users\Jared\Tracing

2012-01-28 22:53 . 2012-01-28 22:53 -------- d-----w- c:\program files (x86)\SweetIM

2012-01-28 22:53 . 2012-01-28 22:53 -------- d-----w- c:\programdata\SweetIM

2012-01-27 15:59 . 2012-01-27 15:59 -------- d--h--w- c:\programdata\CanonBJ

2012-01-27 15:59 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL

2012-01-19 12:40 . 2012-01-19 12:40 -------- d-----w- c:\programdata\Microsoft Help

2012-01-19 12:40 . 2012-01-19 12:40 -------- d-----w- c:\users\Jared\AppData\Local\Microsoft Help

2012-01-14 16:53 . 2012-01-26 01:17 -------- d-----w- c:\users\Jared\AppData\Roaming\WinFF

2012-01-14 16:53 . 2012-01-14 16:53 -------- d-----w- c:\program files (x86)\WinFF

2012-01-11 13:34 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 13:34 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 13:34 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 13:34 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 13:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 13:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 13:29 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 13:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-09 22:44 . 2012-01-13 20:18 -------- d-----w- c:\users\Jared\AppData\Local\Cyberlink

2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\users\Public\CyberLink

2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\programdata\CyberLink

2012-01-09 22:44 . 2012-01-09 22:44 -------- d-----w- c:\users\Jared\AppData\Roaming\CyberLink

2012-01-08 16:42 . 2007-02-27 18:36 974848 ----a-w- c:\windows\SysWow64\mfc70.dll

2012-01-08 16:42 . 2007-02-27 18:36 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll

2012-01-08 15:53 . 2012-01-08 15:54 -------- d-----w- c:\users\Jared\AppData\Roaming\tiger-k

2012-01-08 15:53 . 2012-01-08 15:53 -------- d-----w- c:\users\Jared\AppData\Roaming\Leawo

2012-01-08 15:53 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll

2012-01-08 15:53 . 2008-10-28 10:10 139264 ----a-w- c:\windows\SysWow64\xvid.ax

2012-01-08 15:53 . 2008-10-08 09:45 606208 ----a-w- c:\windows\SysWow64\xvidcore.dll

2012-01-08 15:49 . 2012-01-08 15:49 -------- d-----w- c:\users\Jared\AppData\Roaming\AVS4YOU

2012-01-08 15:47 . 2012-01-11 13:03 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2012-01-08 15:47 . 2012-01-11 13:03 -------- d-----w- c:\program files (x86)\AVS4YOU

2012-01-08 15:47 . 2012-01-08 15:49 -------- d-----w- c:\programdata\AVS4YOU

2012-01-08 15:47 . 2011-08-22 16:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll

2012-01-08 15:35 . 2012-01-08 15:35 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes

2012-01-08 15:35 . 2012-01-08 15:35 -------- d-----w- c:\programdata\Malwarebytes

2012-01-08 15:35 . 2012-02-03 00:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-08 15:35 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-08 12:09 . 2012-01-08 15:26 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2012-01-08 09:47 . 2012-01-30 00:13 -------- d-----w- c:\users\Jared\AppData\Roaming\Applian FLV and Media Player

2012-01-08 09:40 . 2012-01-08 09:40 -------- d-----w- c:\program files (x86)\Applian Technologies

2012-01-08 09:39 . 2012-02-02 19:25 -------- d-----w- c:\users\Jared\AppData\Local\Linkury

2012-01-08 09:39 . 2012-01-25 12:44 -------- d-----w- c:\programdata\Linkury

2012-01-08 09:39 . 2012-01-25 12:44 -------- d-----w- c:\program files (x86)\Linkury

2012-01-08 09:39 . 2012-01-08 09:44 -------- d-----w- c:\programdata\Computer Updater

2012-01-08 09:39 . 2012-01-08 09:39 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com

2012-01-08 09:38 . 2012-01-08 09:38 9216 ----a-r- c:\users\Jared\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe

2012-01-07 18:10 . 2012-01-07 18:10 -------- d-----w- c:\users\Public\OEM

2012-01-05 18:43 . 2012-01-08 01:34 -------- d-----w- c:\programdata\VirtualizedApplications

2012-01-05 16:41 . 2012-01-05 16:41 -------- d-----r- C:\MSOCache

2012-01-05 16:31 . 2012-02-01 19:44 -------- d-----w- c:\users\Jared\AppData\Roaming\SoftGrid Client

2012-01-05 16:31 . 2012-01-05 16:31 -------- d-----w- c:\users\Jared\AppData\Local\SoftGrid Client

2012-01-05 16:30 . 2012-01-06 04:27 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-01-05 16:30 . 2012-01-05 16:31 -------- d-----w- c:\users\Jared\AppData\Roaming\TP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2011-12-26 23:21 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 05:15 . 2011-12-28 17:48 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-28 17:57 . 2011-12-28 17:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-12-27 04:45 . 2011-12-27 04:45 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F66BA7D9-1CB2-439A-928E-FC9E2AA4B230}\gapaengine.dll

2011-12-27 02:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-12-27 02:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-12-27 01:22 . 2011-12-27 01:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-12-27 01:22 . 2011-12-27 01:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-12-27 01:22 . 2011-12-27 01:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-12-27 01:22 . 2011-12-27 01:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-12-27 01:22 . 2011-12-27 01:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-12-27 01:22 . 2011-12-27 01:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-12-27 01:22 . 2011-12-27 01:22 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-12-27 01:22 . 2011-12-27 01:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-12-27 01:22 . 2011-12-27 01:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-12-27 01:22 . 2011-12-27 01:22 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-12-27 01:22 . 2011-12-27 01:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-12-27 01:22 . 2011-12-27 01:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-12-27 01:22 . 2011-12-27 01:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-27 01:22 . 2011-12-27 01:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-12-27 01:22 . 2011-12-27 01:22 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-12-27 01:22 . 2011-12-27 01:22 222208 ----a-w- c:\windows\system32\msls31.dll

2011-12-27 01:22 . 2011-12-27 01:22 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-12-27 01:22 . 2011-12-27 01:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-12-27 01:22 . 2011-12-27 01:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-12-27 01:22 . 2011-12-27 01:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-12-27 01:22 . 2011-12-27 01:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-12-27 01:22 . 2011-12-27 01:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-12-27 01:22 . 2011-12-27 01:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-12-27 01:22 . 2011-12-27 01:22 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-12-27 01:22 . 2011-12-27 01:22 12288 ----a-w- c:\windows\system32\mshta.exe

2011-12-27 01:22 . 2011-12-27 01:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-12-27 01:22 . 2011-12-27 01:22 114176 ----a-w- c:\windows\system32\admparse.dll

2011-12-27 01:22 . 2011-12-27 01:22 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-12-27 01:22 . 2011-12-27 01:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-12-27 01:22 . 2011-12-27 01:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-27 01:22 . 2011-12-27 01:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-12-27 01:22 . 2011-12-27 01:22 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-12-27 01:22 . 2011-12-27 01:22 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-12-27 01:22 . 2011-12-27 01:22 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-12-27 01:22 . 2011-12-27 01:22 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-12-27 01:22 . 2011-12-27 01:22 448512 ----a-w- c:\windows\system32\html.iec

2011-12-27 01:22 . 2011-12-27 01:22 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-27 01:22 . 2011-12-27 01:22 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-12-27 01:22 . 2011-12-27 01:22 160256 ----a-w- c:\windows\system32\wextract.exe

2011-12-27 01:22 . 2011-12-27 01:22 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-27 01:22 . 2011-12-27 01:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-12-27 01:22 . 2011-12-27 01:22 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-11-30 02:21 . 2011-12-26 23:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C051B66-E169-4583-953A-912B09F480F6}\mpengine.dll

2011-11-24 04:52 . 2011-12-27 01:35 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-15 03:38 . 2011-11-15 03:38 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx

2011-11-15 03:38 . 2011-11-15 03:38 425984 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx

2011-11-15 03:38 . 2011-11-15 03:38 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-03_17.09.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-04 11:33 . 2012-02-04 11:33 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-02-03 17:08 . 2012-02-03 17:08 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-08-30 08:59 . 2012-02-04 11:01 45540 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-04 11:01 30272 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-12-29 23:29 . 2012-02-03 20:39 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-12-26 22:46 . 2012-02-04 11:01 9866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2548204430-3489653281-3508443478-1000_UserData.bin

- 2012-02-03 17:09 . 2012-02-03 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-04 11:34 . 2012-02-04 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-03 17:09 . 2012-02-03 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-04 11:34 . 2012-02-04 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-02-03 17:08 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-04 11:33 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-12-27 01:33 . 2012-02-03 17:08 1405626 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2548204430-3489653281-3508443478-1000-12288.dat

+ 2011-12-27 01:33 . 2012-02-04 11:33 1405626 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2548204430-3489653281-3508443478-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2011-08-24 18:21 1299248 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-31 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job

- c:\users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 00:39]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job

- c:\users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 00:39]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://isearch.whitesmoke.com/?isid=9860

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-02-04 11:38:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-04 11:38

ComboFix2.txt 2012-02-03 17:13

.

Pre-Run: 419,803,287,552 bytes free

Post-Run: 419,741,270,016 bytes free

.

- - End Of File - - B99623A4AC8ED106FE358716D8D3EE23

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.04.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jared :: JARED-PC [administrator]

04/02/2012 11:44:45

mbam-log-2012-02-04 (11-44-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 184227

Time elapsed: 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Yes it still appears :(

Link to post
Share on other sites

No worries about, we will find and kill it :D

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Please post in your next reply

OTL.txt

Extras.txt

Link to post
Share on other sites

When I first open Chrome it comes up with google as it should but then if I open a new tab and search in that then I get isearch.whitesmoke but here are the scans.

OTL logfile created on: 05/02/2012 16:30:11 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jared\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.68 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 77.74% Memory free

11.36 Gb Paging File | 9.80 Gb Available in Paging File | 86.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 583.07 Gb Total Space | 390.80 Gb Free Space | 67.02% Space Free | Partition Type: NTFS

Drive D: | 7.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe

PRC - [2012/01/31 02:22:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/08/17 07:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe

PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/08/10 09:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010/08/10 09:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010/06/28 22:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2010/05/27 02:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

PRC - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/04/13 16:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/03/11 05:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2010/03/11 05:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/31 02:24:35 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/01/31 02:24:34 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll

MOD - [2012/01/31 02:24:34 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/01/31 02:24:34 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll

MOD - [2012/01/31 02:24:34 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll

MOD - [2012/01/02 01:04:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll

MOD - [2011/12/27 04:22:35 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4c06d1921304530c04615a2edd127484\IAStorUtil.ni.dll

MOD - [2011/12/27 04:19:19 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/12/27 04:19:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/12/27 04:18:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll

MOD - [2011/12/27 04:18:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/12/27 04:18:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/12/27 04:18:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/12/27 04:18:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010/06/28 22:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2009/05/20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/12/27 21:21:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/05/27 02:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)

SRV - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/31 02:06:31 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011/10/21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2010/07/09 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010/06/21 09:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/06/17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/06/03 19:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/05/15 12:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2010/04/20 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2010/04/13 16:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/04/13 10:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/02/26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/03 02:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/03 02:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/03 02:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.whitesmoke.com/?isid=9860

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2011/12/27 13:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions

[2011/12/27 13:20:43 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/12/27 13:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: WhiteSmoke Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jared\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: WinZip Courier = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\

O1 HOSTS File: ([2012/02/04 11:34:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/armhelper.ocx (ArmHelper Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/07/03 15:20:01 | 000,000,039 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]

O32 - AutoRun File - [2011/10/31 14:16:33 | 000,000,069 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Jared\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 16:29:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe

[2012/02/05 15:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Test Success - All Tests (2009)

[2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Driving Test Success

[2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driving Test Success - All Tests (2009)

[2012/02/05 00:31:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/02/04 11:27:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/02/03 17:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/02/03 17:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/02/03 17:03:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/02/03 16:59:24 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/02/02 23:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab

[2012/02/02 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\PlayFirst

[2012/02/02 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\My Games

[2012/02/01 00:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Chromium

[2012/02/01 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\SKIDROW

[2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive

[2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Sports Interactive

[2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Sports Interactive

[2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Sports Interactive

[2012/01/31 23:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA

[2012/01/31 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA

[2012/01/31 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Football.Manager.2012-SKIDROW

[2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2012/01/31 02:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2012/01/31 02:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro

[2012/01/31 02:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro

[2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro

[2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2012/01/28 23:33:38 | 000,064,000 | ---- | C] (Valve Corporation) -- C:\Windows\SysWow64\steam_api.dll

[2012/01/28 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\WinZip

[2012/01/28 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\WinZip

[2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC

[2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Courier

[2012/01/28 23:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Courier

[2012/01/28 23:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

[2012/01/28 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip

[2012/01/28 23:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2012/01/28 23:01:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\ImgBurn

[2012/01/28 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2012/01/28 22:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2012/01/28 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\Jared\Tracing

[2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM

[2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM

[2012/01/27 15:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2012/01/19 12:40:44 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Microsoft Help

[2012/01/19 12:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012/01/14 16:53:04 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\WinFF

[2012/01/14 16:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF

[2012/01/14 16:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinFF

[2012/01/09 22:44:28 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Cyberlink

[2012/01/09 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\CyberLink

[2012/01/09 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\CyberLink

[2012/01/09 22:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink

[2012/01/08 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\tiger-k

[2012/01/08 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Leawo

[2012/01/08 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Leawo

[2012/01/08 15:53:23 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll

[2012/01/08 15:53:23 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax

[2012/01/08 15:49:07 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\AVS4YOU

[2012/01/08 15:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2012/01/08 15:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2012/01/08 15:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU

[2012/01/08 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Malwarebytes

[2012/01/08 15:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/08 15:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/08 15:35:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/01/08 15:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/01/08 12:09:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin

[2012/01/08 09:47:32 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Applian FLV and Media Player

[2012/01/08 09:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies

[2012/01/08 09:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies

[2012/01/08 09:39:24 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Linkury

[2012/01/08 09:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Linkury

[2012/01/08 09:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkury

[2012/01/08 09:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Computer Updater

[2012/01/08 09:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com

[2012/01/08 01:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe

[2012/02/05 15:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job

[2012/02/05 15:19:54 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk

[2012/02/05 15:19:20 | 000,730,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/05 15:19:20 | 000,631,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/05 15:19:20 | 000,111,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/05 15:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/05 00:38:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/05 00:38:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/05 00:31:14 | 277,905,407 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/04 11:34:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/02/03 00:19:54 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/02 22:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job

[2012/01/31 23:11:49 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk

[2012/01/31 02:06:31 | 000,526,392 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2012/01/28 22:56:03 | 000,001,897 | ---- | M] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2012/01/28 22:56:03 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2012/01/26 12:47:25 | 000,002,405 | ---- | M] () -- C:\Users\Jared\Desktop\Google Chrome.lnk

[2012/01/08 09:40:23 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 15:19:54 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk

[2012/02/03 17:03:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/02/03 17:03:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/02/03 17:03:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/02/03 17:03:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/02/03 17:03:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/02/03 00:19:54 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/31 23:11:49 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk

[2012/01/31 02:22:34 | 000,000,921 | ---- | C] () -- C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk

[2012/01/31 02:06:29 | 000,526,392 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys

[2012/01/28 22:56:03 | 000,001,897 | ---- | C] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2012/01/28 22:56:03 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2012/01/08 15:53:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/01/08 09:40:23 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk

[2011/12/28 01:48:12 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011/12/27 04:42:05 | 000,738,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/21 17:27:54 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011/10/21 17:27:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011/10/21 17:27:54 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/08/30 08:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll

[2010/08/30 08:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/05/30 04:42:00 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2009/03/12 01:01:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll

========== LOP Check ==========

[2012/01/30 00:13:02 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Applian FLV and Media Player

[2011/12/27 11:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Blender Foundation

[2012/02/02 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro

[2011/12/28 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\DriverCure

[2012/01/28 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\ImgBurn

[2012/01/08 15:53:53 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Leawo

[2011/12/27 06:02:50 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PACE Anti-Piracy

[2011/12/28 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PC Unleashed Online

[2012/02/02 22:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PlayFirst

[2012/02/01 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\SoftGrid Client

[2011/12/26 23:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\SpinTop

[2012/02/03 02:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Sports Interactive

[2012/01/08 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\tiger-k

[2012/01/05 16:31:32 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\TP

[2011/12/27 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Unity

[2012/01/26 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinFF

[2012/01/28 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinZip

[2012/01/07 17:35:51 | 000,020,474 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2012/02/05 00:31:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2011/12/27 01:30:43 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache

[2010/12/27 20:57:12 | 000,000,000 | ---D | M] -- C:\book

[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010/12/27 20:50:54 | 000,000,000 | ---D | M] -- C:\Intel

[2012/01/05 16:41:18 | 000,000,000 | R--D | M] -- C:\MSOCache

[2011/12/26 22:45:41 | 000,000,000 | ---D | M] -- C:\OEM

[2009/07/14 03:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012/01/28 23:18:13 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/02/05 15:19:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012/02/05 15:19:40 | 000,000,000 | ---D | M] -- C:\ProgramData

[2012/02/04 11:38:50 | 000,000,000 | ---D | M] -- C:\Qoobox

[2011/12/26 22:44:26 | 000,000,000 | ---D | M] -- C:\Recovery

[2012/02/05 16:31:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011/12/26 22:44:32 | 000,000,000 | R--D | M] -- C:\Users

[2012/02/04 11:35:04 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: EXPLORER.EXE >

[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2010/07/17 19:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe

[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2010/02/04 10:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/07/17 19:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2010/02/04 10:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2010/07/17 19:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2010/02/04 10:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2010/07/17 19:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2010/02/04 10:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >

[2009/07/14 01:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe

[2009/07/14 01:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009/07/14 01:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009/07/14 01:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009/07/14 01:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >

[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe

[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe

[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010/07/17 19:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010/07/17 19:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:92EB0F35

@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

@Alternate Data Stream - 1140 bytes -> C:\ProgramData\Microsoft:cHNCBpWF477tL6UkfKRlr

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CB0FEE2B

@Alternate Data Stream - 1015 bytes -> C:\ProgramData\Microsoft:xgn3RAFkUowBSNEj5maJiajQb3Rgq

< End of report >

OTL Extras logfile created on: 05/02/2012 16:30:11 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jared\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.68 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 77.74% Memory free

11.36 Gb Paging File | 9.80 Gb Available in Paging File | 86.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 583.07 Gb Total Space | 390.80 Gb Free Space | 67.02% Space Free | Partition Type: NTFS

Drive D: | 7.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0

"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Blender" = Blender

"CCleaner" = CCleaner

"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online

"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2

"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12

"DAEMON Tools Pro" = DAEMON Tools Pro

"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009)

"Football Manager 2012_is1" = Football Manager 2012

"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online

"Identity Card" = Identity Card

"ImgBurn" = ImgBurn

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Unity" = Unity

"WinFF_is1" = WinFF 1.4.0

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 29/01/2012 14:02:50 | Computer Name = Jared-PC | Source = Application Virtualization Client | ID = 6001

Description = {tid=56C:usr=Jared} Unable to CreateProcess (rc 0C701533-000006BA)

Error - 29/01/2012 14:02:50 | Computer Name = Jared-PC | Source = Application Virtualization Client | ID = 3079

Description = {hap=13:app=OfficeVirt 9014006604090000:tid=56C:usr=Jared} The client

could not launch C:\Program Files (x86)\Common Files\microsoft shared\virtualization

handler\OfficeVirt.exe (rc 0C701533-000006BA, last error 87).

Error - 29/01/2012 18:22:25 | Computer Name = Jared-PC | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):

DownloadLatest Failed:

Error - 29/01/2012 20:31:34 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 29/01/2012 20:31:53 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 29/01/2012 20:32:50 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 30/01/2012 22:06:10 | Computer Name = Jared-PC | Source = VSS | ID = 8194

Description =

Error - 30/01/2012 23:41:13 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 30/01/2012 23:41:32 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 30/01/2012 23:42:29 | Computer Name = Jared-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

[ System Events ]

Error - 28/01/2012 18:31:44 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7024

Description = The Windows Search service terminated with service-specific error

%%-1073473535.

Error - 28/01/2012 18:31:44 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

Error - 28/01/2012 18:41:30 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.119.772.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 28/01/2012 19:51:51 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 28/01/2012 19:51:52 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7024

Description = The Windows Search service terminated with service-specific error

%%-1073473535.

Error - 28/01/2012 19:51:52 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

Error - 28/01/2012 19:52:22 | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Windows Search service, but

this action failed with the following error: %%1056

Error - 29/01/2012 11:17:26 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 29/01/2012 18:02:49 | Computer Name = Jared-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 19:48:54 on ?29/?01/?2012 was unexpected.

Error - 30/01/2012 18:13:50 | Computer Name = Jared-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

< End of report >

Link to post
Share on other sites

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:otl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.white....com/?isid=9860
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.white...&as=0&isid=9860
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.white...&as=0&isid=9860
CHR - default_search_provider: WhiteSmoke Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.white...&as=0&isid=9860
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:92EB0F35
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 1140 bytes -> C:\ProgramData\Microsoft:cHNCBpWF477tL6UkfKRlr
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CB0FEE2B
@Alternate Data Stream - 1015 bytes -> C:\ProgramData\Microsoft:xgn3RAFkUowBSNEj5maJiajQb3Rgq
:commands
[emptytemp]
[resethosts]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Let me know if whitesmoke still appears :)

Link to post
Share on other sites

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

ADS C:\ProgramData\Temp:92EB0F35 deleted successfully.

ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.

ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.

ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.

ADS C:\ProgramData\Temp:93EB7685 deleted successfully.

ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.

ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.

ADS C:\ProgramData\Temp:1A60DE96 deleted successfully.

ADS C:\ProgramData\Temp:E3C56885 deleted successfully.

ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.

ADS C:\ProgramData\Temp:798A3728 deleted successfully.

ADS C:\ProgramData\Microsoft:cHNCBpWF477tL6UkfKRlr deleted successfully.

ADS C:\ProgramData\Temp:CB0FEE2B deleted successfully.

ADS C:\ProgramData\Microsoft:xgn3RAFkUowBSNEj5maJiajQb3Rgq deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Jared

->Temp folder emptied: 9601 bytes

->Temporary Internet Files folder emptied: 259490 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 348096351 bytes

->Flash cache emptied: 2017 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 19238 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 332.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02062012_002335

Files\Folders moved on Reboot...

C:\Users\Jared\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Yep it does :( not on first open of the browser but if I search in another tab it does.

Link to post
Share on other sites

I have already got it as my default search engine and got google as my default search browser. I know all that stuff, but when I open up a tab in Chrome then go an type something in the search bar isearch.whitesmoke comes up. It only comes up though if i type in something that is not the whole address of the website. For instance if I typed in www.facebook.com then facebook would come up with no isearch, but if I only typed in facebook then it would. Do you understand what I mean?

Link to post
Share on other sites

Please try to open IE and let me know if it is also there.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    WhiteSmoke
    :filefind
    *WhiteSmoke*
    :folderfind
    WhiteSmoke


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Please post in your next reply

Systemlook.txt

Link to post
Share on other sites

I opened IE and looked in the opening page bit and isearch.whitesmoke was there so I deleted it. I then did the test as normal with everything off other then system look, I then did it with whitesmoke in the search browser and both said the same.

SystemLook 30.07.11 by jpshortstuff

Log created at 23:00 on 07/02/2012 by Jared

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "WhiteSmoke"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]

"DisplayName"="WhiteSmoke Search"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]

"URL"="http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860"

[HKEY_USERS\S-1-5-21-2548204430-3489653281-3508443478-1000\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860"

========== filefind ==========

Searching for "*WhiteSmoke*"

No files found.

========== folderfind ==========

Searching for "WhiteSmoke"

No folders found.

-= EOF =-

Not sure what is going on with it, but thanks for your help so far :) Really appreciate it.

Link to post
Share on other sites

Hy there,

Something set the toolbar back and we need to find out which programm/ file do that. Could you remember if you have installed any kind of freeware software before whitesmokes comes up ?

Link to post
Share on other sites

I downloaded a few things before like ITunes, malwarebytes, win FF and things like that but when iv'e downloaded things like that I do it one big go. Almost like I have a list, I don't in case your wondering so most of it was all within a small period of time then after a couple of days it popped up. At first I thought nothing off it because when you download things they always asks to set up this and that with toolbars ect. I went on a week or so and then thought hang on it keeps reinstalling itself onto my computer and I have no toolbars and things installed as I uninstalled any toolbars I had on IE as I keep none on Chrome. That came to of no avail so researched into what it is then came here.

What free software/ Programme would have got this virus type thing?

Link to post
Share on other sites

Thanks, I had more than luck ;)

Reboot your System in Safe Mode.

  • Restart the computer. The computer begins processing a set of instructions known as BIOS.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
  • Instead of Windows loading as normal, a menu should appear
  • Use the arrow key to highlight Safe Mode with Networking and press Enter.

Please navigate to your topic.

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:otl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.white....com/?isid=9860
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.white...&as=0&isid=9860
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.white...&as=0&isid=9860
CHR - default_search_provider: WhiteSmoke Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.white...&as=0&isid=9860
:commands
[reboot]

  • Please close all other programs now.
    Make sure that Chrome and IE are closed.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked and boot in normal mode
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Double click on the OTL icon to run it.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button.
  • When the scan completes, it will create a logfile ( OTL.txt ). This is saved in the same location as OTL.

Please post this in your next reply.

Please post in your next reply

OTL FIx log

OTL.txt

Link to post
Share on other sites

Ye I'm still here... Sorry my internet cut out but is back up now. Here are the logs

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 02142012_014540

OTL logfile created on: 14/02/2012 02:01:39 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jared\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.68 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 71.18% Memory free

11.36 Gb Paging File | 9.60 Gb Available in Paging File | 84.56% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 583.07 Gb Total Space | 393.82 Gb Free Space | 67.54% Space Free | Partition Type: NTFS

Drive E: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe

PRC - [2012/01/31 02:22:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/08/17 07:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe

PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/08/10 09:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010/08/10 09:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010/06/28 22:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2010/05/27 02:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

PRC - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/04/13 16:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/03/11 05:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2010/03/11 05:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/14 01:47:02 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/02/14 01:47:02 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll

MOD - [2012/02/14 01:47:02 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/02/14 01:47:02 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll

MOD - [2012/02/14 01:47:02 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll

MOD - [2012/01/20 05:35:35 | 000,411,120 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll

MOD - [2012/01/20 05:35:34 | 003,767,792 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll

MOD - [2012/01/20 05:34:10 | 000,122,880 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll

MOD - [2012/01/20 05:34:09 | 000,222,208 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll

MOD - [2012/01/20 05:34:07 | 001,746,432 | ---- | M] () -- C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll

MOD - [2012/01/02 01:04:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll

MOD - [2011/12/27 04:22:35 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4c06d1921304530c04615a2edd127484\IAStorUtil.ni.dll

MOD - [2011/12/27 04:19:19 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/12/27 04:19:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/12/27 04:18:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll

MOD - [2011/12/27 04:18:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/12/27 04:18:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/12/27 04:18:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/12/27 04:18:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010/06/28 22:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2009/05/20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/12/27 21:21:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/08/10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/06/28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/05/27 02:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)

SRV - [2010/04/13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/31 02:06:31 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011/10/21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2010/07/09 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010/06/21 09:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/06/17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/06/03 19:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/05/15 12:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2010/04/20 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2010/04/13 16:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/04/13 10:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/02/26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/03 02:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/03 02:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/03 02:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jared\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2011/12/27 13:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions

[2011/12/27 13:20:43 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/12/27 13:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: WhiteSmoke Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jared\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jared\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: WinZip Courier = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\

O1 HOSTS File: ([2012/02/06 00:23:50 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Farm%20Frenzy%202/Images/armhelper.ocx (ArmHelper Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 139.222.131.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B69274-1755-4F24-A17D-EA5633B929CF}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/10/31 14:16:33 | 000,000,069 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 00:23:35 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/02/05 16:29:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe

[2012/02/05 15:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Test Success - All Tests (2009)

[2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Driving Test Success

[2012/02/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driving Test Success - All Tests (2009)

[2012/02/05 00:31:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/02/04 11:27:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/02/03 17:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/02/03 17:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/02/03 17:03:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/02/03 16:59:24 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/02/02 23:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab

[2012/02/02 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\PlayFirst

[2012/02/02 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\My Games

[2012/02/01 00:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Chromium

[2012/02/01 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\SKIDROW

[2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive

[2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Sports Interactive

[2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Sports Interactive

[2012/01/31 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Sports Interactive

[2012/01/31 23:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA

[2012/01/31 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA

[2012/01/31 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jared\Documents\Football.Manager.2012-SKIDROW

[2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/01/31 02:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2012/01/31 02:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2012/01/31 02:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro

[2012/01/31 02:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro

[2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro

[2012/01/31 02:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2012/01/28 23:33:38 | 000,064,000 | ---- | C] (Valve Corporation) -- C:\Windows\SysWow64\steam_api.dll

[2012/01/28 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\WinZip

[2012/01/28 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\WinZip

[2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC

[2012/01/28 23:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Courier

[2012/01/28 23:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Courier

[2012/01/28 23:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

[2012/01/28 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip

[2012/01/28 23:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2012/01/28 23:01:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\ImgBurn

[2012/01/28 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2012/01/28 22:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2012/01/28 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\Jared\Tracing

[2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM

[2012/01/28 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM

[2012/01/27 15:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2012/01/19 12:40:44 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Microsoft Help

[2012/01/19 12:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

========== Files - Modified Within 30 Days ==========

[2012/02/14 02:01:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/14 02:01:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/14 01:53:34 | 000,730,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/14 01:53:34 | 000,631,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/14 01:53:34 | 000,111,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/14 01:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/14 01:46:10 | 277,905,407 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/14 01:26:42 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000UA.job

[2012/02/12 22:41:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2548204430-3489653281-3508443478-1000Core.job

[2012/02/08 01:26:25 | 065,721,766 | ---- | M] () -- C:\Users\Jared\Documents\The.Hills.Have.Eyes.II.2007.UNRATED.BrRip.500MB.avi

[2012/02/07 22:48:26 | 000,139,264 | ---- | M] () -- C:\Users\Jared\Desktop\SystemLook.exe

[2012/02/06 00:23:50 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2012/02/05 16:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe

[2012/02/05 15:19:54 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk

[2012/02/03 00:19:54 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/31 23:11:49 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk

[2012/01/31 02:06:31 | 000,526,392 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2012/01/28 22:56:03 | 000,001,897 | ---- | M] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2012/01/28 22:56:03 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2012/01/26 12:47:25 | 000,002,405 | ---- | M] () -- C:\Users\Jared\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/02/08 01:24:06 | 065,721,766 | ---- | C] () -- C:\Users\Jared\Documents\The.Hills.Have.Eyes.II.2007.UNRATED.BrRip.500MB.avi

[2012/02/07 23:01:20 | 000,139,264 | ---- | C] () -- C:\Users\Jared\Desktop\SystemLook.exe

[2012/02/05 23:49:28 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk

[2012/02/05 15:19:54 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Driving Test Success - All Tests.lnk

[2012/02/03 17:03:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/02/03 17:03:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/02/03 17:03:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/02/03 17:03:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/02/03 17:03:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/02/03 00:19:54 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/31 23:11:49 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk

[2012/01/31 02:22:34 | 000,000,921 | ---- | C] () -- C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk

[2012/01/31 02:06:29 | 000,526,392 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys

[2012/01/28 22:56:03 | 000,001,897 | ---- | C] () -- C:\Users\Jared\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2012/01/28 22:56:03 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2012/01/08 15:53:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/12/28 01:48:12 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011/12/27 04:42:05 | 000,738,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/21 17:27:54 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011/10/21 17:27:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011/10/21 17:27:54 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/08/30 08:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll

[2010/08/30 08:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/05/30 04:42:00 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2009/03/12 01:01:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll

========== LOP Check ==========

[2012/01/30 00:13:02 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Applian FLV and Media Player

[2011/12/27 11:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Blender Foundation

[2012/02/02 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\DAEMON Tools Pro

[2011/12/28 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\DriverCure

[2012/02/07 00:16:48 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\ImgBurn

[2012/01/08 15:53:53 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Leawo

[2011/12/27 06:02:50 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PACE Anti-Piracy

[2011/12/28 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PC Unleashed Online

[2012/02/02 22:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\PlayFirst

[2012/02/14 01:37:36 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\SoftGrid Client

[2011/12/26 23:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\SpinTop

[2012/02/03 02:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Sports Interactive

[2012/01/08 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\tiger-k

[2012/01/05 16:31:32 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\TP

[2011/12/27 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Unity

[2012/02/08 01:25:50 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinFF

[2012/01/28 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinZip

[2012/01/07 17:35:51 | 000,022,954 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.