Jump to content

Trojans, Backdoor exploits, redirect issues etc.


Recommended Posts

Hi,

I'm running Windows 7. Original warning came from Microsoft Essentials, which found, blocked and removed/quarantined the following unwelcome items:

Trojan:Win32/Cleaman.B

Backdoor:Win32/Kelihos.B

TrojanDownloader:Win32/Waledac.C

Backdoor:Win32/Kelihos.B

Backdoor:Win32/Kelihos.A

Exploit:Win32/CplLnk.B

Backdoor:Win32/Kelihos.A

Exploit:Win32/CplLnk.B

Thus far I've ran the following:

------------------------

MALWAREBYTES ANTI-MALWARE:

FIRST SCAN:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.27.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

CF :: CF-PC [administrator]

27.2.2012 8:34:26

mbam-log-2012-02-27 (08-34-26).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 337974

Time elapsed: 53 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaAgent (Trojan.Agent.PE5) -> Data: C:\Windows\Temp\_ex-68.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Windows\Temp\_ex-68.exe (Trojan.Agent.PE5) -> Quarantined and deleted successfully.

C:\Users\CF\AppData\Local\Temp\E7A2.tmp (Trojan.Agent.PE5) -> Quarantined and deleted successfully.

C:\Users\CF\AppData\Local\dplaysvr.exe (Trojan.Agent) -> Delete on reboot.

C:\Users\CF\Local Settings\Application Data\dplaysvr.exe (Trojan.Agent) -> Delete on reboot.

(end)

SECOND SCAN:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.27.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

CF :: CF-PC [administrator]

27.2.2012 13:03:34

mbam-log-2012-02-27 (13-03-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 185114

Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\CF\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\CF\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

THIRD SCAN:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.27.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

CF :: CF-PC [administrator]

27.2.2012 13:10:45

mbam-log-2012-02-27 (13-10-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 184640

Time elapsed: 5 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Fourth scan came up clean. But later on, something came up again:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.28.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

CF :: CF-PC [administrator]

27.2.2012 22:37:17

mbam-log-2012-02-27 (22-37-17).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 184776

Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\CF\Downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.

(end)

------

I've ran the online ESET scanning tool, which found three items and deleted them. Don't have the log for that. Further ESET scans found nothing.

-----------------------------------------------

Installed and ran Housecall: found nothing

------------------------------------------------

RogueKiller:

FIRST SCAN:

RogueKiller V7.2.0 [02/27/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: CF [Admin rights]

Mode: Scan -- Date: 02/27/2012 19:53:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

67.215.245.19 www.google-analytics.com.

67.215.245.19 ad-emea.doubleclick.net.

67.215.245.19 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 +++++

--- User ---

[MBR] 1731cef5151afadbca2de9f52db2509f

[bSP] 6da9bd5eb665de5d5a8f20ea2c8e4e69 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

SECOND SCAN + HOSTS FIX:

RogueKiller V7.2.0 [02/27/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: CF [Admin rights]

Mode: HOSTSFix -- Date: 02/27/2012 19:54:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

67.215.245.19 www.google-analytics.com.

67.215.245.19 ad-emea.doubleclick.net.

67.215.245.19 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ Resetted HOSTS: ¤¤¤

127.0.0.1 localhost

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

THIRD SCAN:

RogueKiller V7.2.0 [02/27/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: CF [Admin rights]

Mode: Scan -- Date: 02/27/2012 19:57:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 +++++

--- User ---

[MBR] 1731cef5151afadbca2de9f52db2509f

[bSP] 6da9bd5eb665de5d5a8f20ea2c8e4e69 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

-----------

Ran Kaspersky TdSS Killer: found nothing.

-------------

Ran SuperAnti Spyware. Found nothing.

-------------

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:31:24, on 27.2.2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...68z1i5t49n1h62r

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...68z1i5t49n1h62r

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...68z1i5t49n1h62r

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...68z1i5t49n1h62r

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu')

O4 - Startup: AutorunsDisabled

O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://snl.bydeluxe.com

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://zool.piralda...ries/vpnweb.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 23185 bytes

----------------------------------

Currently all scans come up clear, but I'm concerned about the amout of O23 entries in that Hijackthis log, especially the "file missing" ones, and those two O10 unknown file entries. I'm not on that laptop right now, and don't have it connected to the internet due to the nature of those trojans. I'd rather not do a full reinstall, but is there any other way to clean up this mess?

I need help, and it's much appreciated!

C.

Link to post
Share on other sites

Hi MrC,

Thanks for your response, it's very much appreciated.

I ran DDS as required. Here are the two logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by CF at 9:00:11 on 2012-02-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4091.2641 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: AutorunsDisabled - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\CF\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: bydeluxe.com\snl

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://zool.piralda.com/CACHE/stc/1/binaries/vpnweb.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{AE3FEB77-5F62-46F7-A218-E9295E362423} : DhcpNameServer = 192.168.0.4

TCP: Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}\7596070796563784F6D656 : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: AutorunsDisabled - No File

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

TB-X64: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{30F9B915-B755-4826-820B-08FBA6BD249D}

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\nithyg5v.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-28 44768]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-12-16 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]

R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]

R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952]

R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-28 240160]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-7-25 370872]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoftin verkkotarkastus;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]

S3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys --> C:\Windows\system32\DRIVERS\Spyder3.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-24 62720]

.

=============== Created Last 30 ================

.

2012-02-29 13:36:32 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8BBFE770-88B6-4A9A-8497-5F1B4B6825E3}\mpengine.dll

2012-02-28 21:31:45 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-02-28 21:31:44 817496 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-02-28 21:31:44 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-02-28 21:31:08 41184 ----a-w- C:\Windows\avastSS.scr

2012-02-28 21:30:52 -------- d-----w- C:\ProgramData\AVAST Software

2012-02-28 21:30:52 -------- d-----w- C:\Program Files\AVAST Software

2012-02-28 17:15:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-02-28 00:45:14 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-02-28 00:18:54 388096 ----a-r- C:\Users\CF\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-28 00:18:53 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-02-27 18:17:14 -------- d-----w- C:\Program Files (x86)\ESET

2012-02-27 13:33:45 -------- d-----w- C:\Users\CF\AppData\Roaming\Malwarebytes

2012-02-27 13:33:36 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-27 13:33:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-27 13:33:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-22 23:04:16 -------- d-----w- C:\ProgramData\Cisco

2012-02-22 23:04:14 -------- d-----w- C:\Program Files (x86)\Cisco

2012-02-20 20:02:43 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-20 20:01:21 77312 ----a-w- C:\Windows\System32\packager.dll

2012-02-20 20:01:21 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-02-10 17:03:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0F4C34A-7ACB-4582-ADDD-AF64A6011E3A}\gapaengine.dll

.

==================== Find3M ====================

.

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-29 14:16:00 632423 ----a-w- C:\Windows\SysWow64\MetrePlus.dll

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 9:00:35,46 ===============

-----------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 5.4.2010 8:40:59

System Uptime: 29.2.2012 8:25:14 (1 hours ago)

.

Motherboard: Acer | | JV50

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 302,121 GiB free.

D: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP463: 19.2.2012 13:02:54 - Windows Update

RP464: 20.2.2012 15:02:48 - Windows Update

RP465: 22.2.2012 18:03:52 - Installed Cisco AnyConnect VPN Client

RP466: 24.2.2012 12:31:01 - Windows Update

RP467: 27.2.2012 19:11:39 - Windows Update

RP468: 27.2.2012 19:18:32 - Installed HiJackThis

RP469: 28.2.2012 16:30:25 - avast! Free Antivirus Asennus

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Office Systemin yhteensopivuuspaketti

Acer Arcade Deluxe

Acer Backup Manager

Acer Crystal Eye webcam Ver:1.1.124.1120

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer GridVista

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.5.0 MUI

Alice Greenfingers

Amazonia

Apple Application Support

Apple Software Update

avast! Free Antivirus

Backup Manager Basic

BitTorrent

BitTorrentBar Toolbar

BookSmart® 2.9.1 2.9.1

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chicken Invaders 2

Cisco AnyConnect VPN Client

CommonComponents

Conduit Engine

ConvertXtoDVD 4.0.12.327

D3DX10

DAEMON Tools Lite

Dairy Dash

DigiDelivery

Dream Day First Home

DVD43 Plug-in v1.0.0.5

Eddie

ESET Online Scanner v3

eSobi v2

Farm Frenzy 2

First Class Flurry

Google Toolbar for Internet Explorer

Google Update Helper

Granny In Paradise

GTS

Heroes of Hellas

HiJackThis

Identity Card

ifolor Tilausohjelma 3.7

Java Auto Updater

Java™ 6 Update 26

Java™ 6 Update 30

Junk Mail filter update

Launch Manager

Malwarebytes Anti-Malware version 1.60.1.1000

Merriam Websters Spell Jam

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Finnish) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (Finnish) 2007

Microsoft Office Groove MUI (Finnish) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (Finnish) 2007

Microsoft Office Language Pack 2007 - Finnish/suomi

Microsoft Office O MUI (Finnish) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (Finnish) 2007

Microsoft Office Outlook MUI (Finnish) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (Finnish) 2007

Microsoft Office PowerPoint Viewer 2007 (Finnish)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (Finnish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Finnish) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (Finnish) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

Microsoft Office SharePoint Designer MUI (Finnish) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (Finnish) 2007

Microsoft Office X MUI (Finnish) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 10.0.2 (x86 fi)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

Norton Online Backup

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

Ohjelman Microsoft Office Excel 2007 Help päivitys (KB963678)

Ohjelman Microsoft Office Powerpoint 2007 Help päivitys (KB963669)

Ohjelman Microsoft Office Word 2007 Help päivitys (KB963665)

OpenOffice.org 3.1

OverDrive Media Console

PDF Settings CS5

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2518870)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Sentinel Protection Installer 7.6.1

Skype™ 5.5

SNLClient 2.3.37

SoulSeek 157 NS 13e

Spyder3Pro

The Settlers IV

UNSTools

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Welcome Center

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

WinRAR archiver

VLC media player 1.1.4

.

==== End Of File ===========================

Cheers,

C.

Link to post
Share on other sites

No, the problems I was having (redirecting, loss of Internet connection) have disappeared after cleaning out a bunch of malware with all those scans I mentioned in my original post. I was only concerned because of what the Hijackthis log was showing up.

But if you think the machine has no malware, I'll probably just clean up the clutter?

C.

Link to post
Share on other sites

OK, we'll use OTL to do that......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Here are the two OTL logs:

OTL logfile created on: 2/29/2012 9:55:51 AM - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\CF\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

4.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.59% Memory free

7.99 Gb Paging File | 6.24 Gb Available in Paging File | 78.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453.94 Gb Total Space | 302.11 Gb Free Space | 66.55% Space Free | Partition Type: NTFS

Computer Name: CF-PC | User Name: CF | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 09:49:22 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\CF\Desktop\OTL.exe

PRC - [2012/02/23 11:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/18 13:25:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/12/16 17:52:28 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2009/11/01 18:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2009/09/24 17:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2009/09/17 06:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

PRC - [2009/09/17 00:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

PRC - [2009/09/17 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/05/16 04:58:20 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2009/05/16 04:58:16 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2009/04/16 20:41:34 | 000,304,128 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe

PRC - [2008/07/25 00:05:33 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2008/03/19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

PRC - [2004/03/17 01:32:26 | 001,536,000 | ---- | M] (Kielikone Oy) -- C:\MOT\motpro.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/18 13:25:09 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/01/03 12:45:07 | 000,016,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2011/11/23 09:31:50 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2009/12/16 17:52:28 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

MOD - [2009/05/16 04:56:42 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\nsldap32v50.dll

MOD - [2009/05/15 13:56:54 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2009/04/16 20:41:34 | 000,304,128 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe

MOD - [2009/04/16 12:03:22 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\libxslt.dll

MOD - [2009/02/02 19:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2008/03/19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

MOD - [2008/03/19 15:54:46 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\CGamma.dll

MOD - [2008/03/19 14:37:20 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\CSensor.dll

MOD - [2004/03/17 01:05:40 | 000,237,568 | ---- | M] () -- C:\MOT\motocr.dll

MOD - [2003/11/07 01:33:14 | 000,032,768 | ---- | M] () -- C:\MOT\mothook.dll

MOD - [2002/07/12 10:48:18 | 000,126,976 | ---- | M] () -- C:\MOT\libexpat.dll

MOD - [1999/09/29 04:39:12 | 000,096,256 | ---- | M] () -- C:\MOT\morfo32.dll

MOD - [1998/12/09 07:33:58 | 000,375,296 | ---- | M] () -- C:\MOT\textmo32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009/11/12 01:33:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 05:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/09/17 06:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)

SRV - [2009/09/17 00:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)

SRV - [2009/09/17 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)

SRV - [2009/09/11 00:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/07/25 00:05:33 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/23 11:12:43 | 000,817,496 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/02/23 11:12:42 | 000,335,704 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/02/23 11:11:04 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/02/23 11:10:43 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/02/23 11:10:38 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/02/23 11:10:19 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/10/01 10:02:32 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/20 15:26:30 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2009/10/05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/09/17 06:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)

DRV:64bit: - [2009/09/17 06:05:02 | 000,058,792 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)

DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/06/02 22:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/02 22:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/02 22:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/03/23 07:57:54 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2008/07/24 23:35:12 | 000,018,944 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2007/12/12 12:11:06 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

IE - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&m=aspire_7736&r=273604103816l0368z1i5t49n1h62r

IE - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found

IE - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/28 16:31:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 13:25:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/27 19:10:05 | 000,000,000 | ---D | M]

[2010/04/07 05:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\Extensions

[2012/01/05 22:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CF\AppData\Roaming\mozilla\Firefox\Profiles\nithyg5v.default\extensions

[2010/07/07 10:52:14 | 000,001,449 | ---- | M] () -- C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\nithyg5v.default\searchplugins\100-search-engines.xml

[2010/07/07 10:51:34 | 000,001,504 | ---- | M] () -- C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\nithyg5v.default\searchplugins\imdb.xml

[2010/07/07 10:51:53 | 000,001,032 | ---- | M] () -- C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\nithyg5v.default\searchplugins\wikipedia-eng.xml

[2012/02/01 09:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\CF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NITHYG5V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/02/18 13:25:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2011/08/19 10:37:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/08/19 10:37:06 | 000,002,062 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bookplus-fi.xml

[2011/04/30 10:53:21 | 000,001,069 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons-fi.xml

[2011/08/19 10:37:06 | 000,000,972 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-fi.xml

[2011/04/30 10:53:21 | 000,002,677 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\huuto-fi.xml

[2011/08/19 10:37:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fi.xml

[2011/08/19 10:37:06 | 000,001,100 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-fi.xml

O1 HOSTS File: ([2012/02/27 19:54:52 | 000,000,726 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/02/27 21:20:45 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\..Trusted Domains: bydeluxe.com ([snl] http in Trusted sites)

O15 - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\..Trusted Domains: bydeluxe.com ([snl] https in Trusted sites)

O15 - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\..Trusted Ranges: RangeSNL172 ([http] in Trusted sites)

O15 - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\..Trusted Ranges: RangeSNL208 ([http] in Trusted sites)

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://zool.piralda.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3FEB77-5F62-46F7-A218-E9295E362423}: DhcpNameServer = 192.168.0.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{f0eb80b0-3ec3-11e1-9f93-00262d73cf5e}\Shell - "" = AutoRun

O33 - MountPoints2\{f0eb80b0-3ec3-11e1-9f93-00262d73cf5e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 09:49:18 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\CF\Desktop\OTL.exe

[2012/02/28 16:31:47 | 000,335,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/02/28 16:31:47 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/02/28 16:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/02/28 16:31:45 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012/02/28 16:31:45 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012/02/28 16:31:44 | 000,817,496 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/02/28 16:31:44 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/02/28 16:31:44 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/02/28 16:31:08 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/02/28 16:31:07 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/02/28 16:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/02/28 16:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/02/28 12:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/02/28 00:47:30 | 000,000,000 | ---D | C] -- C:\Users\CF\AppData\Roaming\U3

[2012/02/27 21:20:45 | 000,000,000 | -H-D | C] -- C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

[2012/02/27 19:45:14 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys

[2012/02/27 19:18:55 | 000,000,000 | ---D | C] -- C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/02/27 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/02/27 13:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/02/27 08:33:45 | 000,000,000 | ---D | C] -- C:\Users\CF\AppData\Roaming\Malwarebytes

[2012/02/27 08:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/27 08:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/27 08:33:35 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/02/27 08:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/02/22 18:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

[2012/02/22 18:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco

[2012/02/22 18:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2010/12/20 15:26:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\CF\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/02/29 09:49:22 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\CF\Desktop\OTL.exe

[2012/02/29 09:22:21 | 000,001,409 | ---- | M] () -- C:\Windows\kochi-mincho.fot

[2012/02/29 09:22:21 | 000,001,409 | ---- | M] () -- C:\Windows\ipaunir.fot

[2012/02/29 09:22:21 | 000,001,409 | ---- | M] () -- C:\Windows\gbsn00lp.fot

[2012/02/29 08:34:35 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/29 08:34:35 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/29 08:25:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/29 08:25:22 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/28 16:31:48 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/02/28 16:31:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/02/28 11:53:31 | 001,245,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/28 11:53:31 | 000,618,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/28 11:53:31 | 000,443,902 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat

[2012/02/28 11:53:31 | 000,107,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/28 11:53:31 | 000,083,540 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat

[2012/02/27 23:20:36 | 000,187,410 | ---- | M] () -- C:\Users\CF\AppData\Local\census.cache

[2012/02/27 23:20:36 | 000,107,366 | ---- | M] () -- C:\Users\CF\AppData\Local\ars.cache

[2012/02/27 23:08:31 | 000,025,230 | ---- | M] () -- C:\Users\CF\Documents\hijackthis.odt

[2012/02/27 20:15:20 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/02/27 19:54:52 | 000,000,726 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/02/27 19:44:11 | 000,000,036 | ---- | M] () -- C:\Users\CF\AppData\Local\housecall.guid.cache

[2012/02/27 19:29:11 | 000,001,278 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new

[2012/02/27 19:18:55 | 000,002,961 | ---- | M] () -- C:\Users\CF\Desktop\HiJackThis.lnk

[2012/02/27 19:10:06 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/02/27 08:33:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/26 11:47:17 | 000,092,672 | ---- | M] () -- C:\Users\CF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/23 11:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/02/23 11:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/02/23 11:23:10 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/02/23 11:12:43 | 000,817,496 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/02/23 11:12:42 | 000,335,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/02/23 11:11:04 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012/02/23 11:10:43 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012/02/23 11:10:38 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/02/23 11:10:19 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/02/22 18:32:57 | 000,000,000 | -H-- | M] () -- C:\Users\CF\Documents\Default.rdp

[2012/02/22 01:31:49 | 000,013,884 | ---- | M] () -- C:\Users\CF\Desktop\land.odt

[2012/02/20 15:38:07 | 004,944,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/02/05 22:32:15 | 000,001,077 | ---- | M] () -- C:\Users\CF\Desktop\The curve.pdf – Pikakuvake.lnk

[2012/02/05 22:30:05 | 000,001,284 | ---- | M] () -- C:\Users\CF\Desktop\List of things to do after death.pdf – Pikakuvake.lnk

[2012/02/01 09:52:04 | 000,002,048 | ---- | M] () -- C:\Users\CF\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/02/29 09:22:21 | 000,001,409 | ---- | C] () -- C:\Windows\kochi-mincho.fot

[2012/02/29 09:22:21 | 000,001,409 | ---- | C] () -- C:\Windows\ipaunir.fot

[2012/02/29 09:22:21 | 000,001,409 | ---- | C] () -- C:\Windows\gbsn00lp.fot

[2012/02/28 16:31:48 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/02/28 16:31:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2012/02/27 23:08:30 | 000,025,230 | ---- | C] () -- C:\Users\CF\Documents\hijackthis.odt

[2012/02/27 20:15:20 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/02/27 19:51:17 | 000,187,410 | ---- | C] () -- C:\Users\CF\AppData\Local\census.cache

[2012/02/27 19:51:12 | 000,107,366 | ---- | C] () -- C:\Users\CF\AppData\Local\ars.cache

[2012/02/27 19:44:11 | 000,000,036 | ---- | C] () -- C:\Users\CF\AppData\Local\housecall.guid.cache

[2012/02/27 19:18:55 | 000,002,961 | ---- | C] () -- C:\Users\CF\Desktop\HiJackThis.lnk

[2012/02/27 08:33:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/22 18:32:57 | 000,000,000 | -H-- | C] () -- C:\Users\CF\Documents\Default.rdp

[2012/02/22 01:31:48 | 000,013,884 | ---- | C] () -- C:\Users\CF\Desktop\land.odt

[2012/02/05 22:32:15 | 000,001,077 | ---- | C] () -- C:\Users\CF\Desktop\The curve.pdf – Pikakuvake.lnk

[2012/02/05 22:30:05 | 000,001,284 | ---- | C] () -- C:\Users\CF\Desktop\List of things to do after death.pdf – Pikakuvake.lnk

[2011/09/05 08:53:40 | 000,000,052 | ---- | C] () -- C:\Windows\QC_Image.INI

[2011/09/05 08:45:11 | 000,745,472 | ---- | C] () -- C:\Windows\SysWow64\perl58.dll

[2011/08/31 19:39:17 | 000,001,456 | ---- | C] () -- C:\Users\CF\AppData\Local\Adobe Tallenna Webiä varten 12.0 Prefs

[2011/04/28 18:22:24 | 000,007,597 | ---- | C] () -- C:\Users\CF\AppData\Local\Resmon.ResmonCfg

[2011/01/27 09:22:31 | 001,264,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/12/20 15:27:54 | 000,001,057 | ---- | C] () -- C:\Users\CF\AppData\Roaming\vso_ts_preview.xml

[2010/12/20 15:26:30 | 000,099,384 | ---- | C] () -- C:\Users\CF\AppData\Roaming\inst.exe

[2010/12/20 15:26:30 | 000,007,859 | ---- | C] () -- C:\Users\CF\AppData\Roaming\pcouffin.cat

[2010/12/20 15:26:30 | 000,001,167 | ---- | C] () -- C:\Users\CF\AppData\Roaming\pcouffin.inf

[2010/07/11 13:31:40 | 000,611,840 | ---- | C] () -- C:\Windows\SysWow64\DVD43.dll

[2010/06/21 07:18:21 | 000,092,672 | ---- | C] () -- C:\Users\CF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/20 22:05:05 | 000,000,000 | ---- | C] () -- C:\Users\CF\AppData\Roaming\wklnhst.dat

[2010/06/19 12:27:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010/04/07 05:35:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2011/03/12 17:27:33 | 000,000,000 | -HSD | M] -- C:\Users\CF\AppData\Roaming\.#

[2012/02/27 07:59:18 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\BitTorrent

[2010/07/02 21:09:52 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/12/01 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/02/27 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\DAEMON Tools Lite

[2012/02/28 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\DigiDelivery

[2011/03/12 17:26:48 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\GameConsole

[2011/11/01 08:03:26 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\GTS

[2010/08/15 10:10:04 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\ifolor

[2010/06/22 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\OpenOffice.org

[2010/11/20 21:25:00 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\OverDrive

[2010/11/28 01:00:41 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/02/27 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Vso

[2011/06/18 11:07:38 | 000,000,000 | ---D | M] -- C:\Users\CF\AppData\Roaming\Windows Live Writer

[2012/01/24 19:10:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

-----

OTL Extras logfile created on: 2/29/2012 9:55:51 AM - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\CF\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

4.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.59% Memory free

7.99 Gb Paging File | 6.24 Gb Available in Paging File | 78.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453.94 Gb Total Space | 302.11 Gb Free Space | 66.55% Space Free | Partition Type: NTFS

Computer Name: CF-PC | User Name: CF | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-268533707-1958389649-1601823398-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{3D4BCAF1-DDA5-3E92-9143-1133D125B071}" = Microsoft .NET Framework 4 Client Profile FIN Language Pack

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{69D65833-4A83-267A-7DB4-9FCBBE72675D}" = ATI Catalyst Install Manager

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-002A-040B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Finnish) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller

"{A269F383-3E55-DAFF-F948-655FDB3DB58A}" = ccc-utility64

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D80C85CD-B007-4B8E-9C35-1EF837C555ED}" = Microsoft Antimalware Service FI-FI Language Pack

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FI-FI Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"LSI Soft Modem" = LSI HDA Modem

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FIN Language Pack" = Microsoft .NET Framework 4 Client Profilen suomen kielipaketti

"Microsoft Security Client" = Microsoft Security Essentials

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024DE942-267A-4B60-A1C0-70C1163E0355}" = CCC Help Korean

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21E2508C-D5F4-44C6-C224-456DDA341BBB}" = CCC Help Turkish

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216026F0}" = Java 6 Update 26

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 30

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2B63FF9E-7EFD-4680-845E-327492D6C165}" = GTS

"{32D2E8C3-452A-69E9-21CF-C55E0612C974}" = CCC Help Chinese Traditional

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger

"{3B27F4EF-23C4-4D9F-871C-B284E8CDA97A}" = Windows Live Sync

"{3D64E1C5-6EFA-4487-A07C-FA71D256BE04}" = Eddie

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{4453AA9B-867A-17DB-C429-E9A64F0FB77F}" = CCC Help Finnish

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English

"{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All

"{494B767D-144F-4B15-8E58-859CA3B19DDD}" = GTS

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50C1A63E-4653-9DBE-E8E4-28DF2778BED0}" = CCC Help Polish

"{5725E5CA-A91D-C903-99DB-F8C010E0B637}" = Catalyst Control Center InstallProxy

"{593A6D1B-DC94-38F5-3158-A3861F7360C9}" = Catalyst Control Center InstallProxy

"{5A89BFD5-12DB-038F-DBCE-58832B82D824}" = CCC Help Norwegian

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{6A289949-B35C-4023-8E23-A10A25B30E41}" = GTS

"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78AF6CAC-43EC-47B6-93B1-38C6119166E7}" = GTS

"{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}" = Sentinel Protection Installer 7.6.1

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7D9EF8C1-1B76-44AF-A918-86CBA6FD24C8}" = Microsoft Works

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{81A075BA-D267-4866-88AC-1602CEFD0194}" = DigiDelivery

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{85D10697-A1D4-472A-2114-E07A77019BE1}" = CCC Help Japanese

"{87909077-445C-976C-0D23-D6C367B422D6}" = CCC Help Danish

"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD0171B-2ED1-311C-882E-AD3EC3A77A7E}" = CCC Help Czech

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console

"{90120000-0015-040B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Finnish) 2007

"{90120000-0015-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-040B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Finnish) 2007

"{90120000-0016-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0017-040B-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Finnish) 2007

"{90120000-0017-040B-0000-0000000FF1CE}_OMUI.fi-fi_{5965840A-F2CD-4F73-A00D-9955EB75D7A6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-040B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Finnish) 2007

"{90120000-0018-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Finnish) 2007

"{90120000-0019-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Finnish) 2007

"{90120000-001A-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-040B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Finnish) 2007

"{90120000-001B-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fi-fi_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007

"{90120000-001F-040B-0000-0000000FF1CE}_OMUI.fi-fi_{8C00DF3E-E8BD-4C6A-B86F-0135E11DAF1C}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007

"{90120000-001F-041D-0000-0000000FF1CE}_OMUI.fi-fi_{43722AA8-ACEA-4F54-9B83-2467D376EF8A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0020-040B-0000-0000000FF1CE}" = 2007 Office Systemin yhteensopivuuspaketti

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-040B-1000-0000000FF1CE}_OMUI.fi-fi_{06921DF8-773B-45F8-9464-6BB1C56FEF21}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-040B-0000-0000000FF1CE}" = Microsoft Office Proofing (Finnish) 2007

"{90120000-0044-040B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Finnish) 2007

"{90120000-0044-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-040B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Finnish) 2007

"{90120000-006E-040B-0000-0000000FF1CE}_OMUI.fi-fi_{06921DF8-773B-45F8-9464-6BB1C56FEF21}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-040B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Finnish) 2007

"{90120000-00A1-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-040B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Finnish) 2007

"{90120000-00BA-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0100-040B-0000-0000000FF1CE}" = Microsoft Office O MUI (Finnish) 2007

"{90120000-0100-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0101-040B-0000-0000000FF1CE}" = Microsoft Office X MUI (Finnish) 2007

"{90120000-0101-040B-0000-0000000FF1CE}_OMUI.fi-fi_{DCB679BA-7B0C-4D8C-B443-79701F6FA01C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{9087C601-4B52-C0F0-D4EF-4C98DEC1D6B0}" = CCC Help Portuguese

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91B82CC7-F33E-211B-DFD6-0A91B637B455}" = CCC Help Greek

"{925A0B4E-F885-997B-8A74-E8E7A2FAC049}" = CCC Help French

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-040B-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Finnish)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{96B7FD92-0D96-7C04-5D1C-D6CF70202403}" = CCC Help Hungarian

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A18E4E3A-5013-E319-AB36-4FDE7483AA5D}" = CCC Help Spanish

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96D580D-00C3-43BF-BFDD-F701E779E5CB}" = Cisco AnyConnect VPN Client

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB7D24EC-BB5A-E746-C5D2-526BBE6C36AD}" = Catalyst Control Center Graphics Previews Vista

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI

"{BB0030F2-DA47-FABF-D3F2-903FA253D56D}" = CCC Help Thai

"{BE7CD87D-BC9E-4350-9A8E-2EF4A65A2437}" = OpenOffice.org 3.1

"{C1F1C7E5-CF16-4D76-A77B-8FAC62AB189C}" = CommonComponents

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{CB8ABF7D-B3F7-D774-645B-0DCD0297D9FA}" = CCC Help German

"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common

"{CD9A1574-197A-156D-9D8C-39D68AE9B7A6}" = CCC Help Russian

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console

"{D7C73761-237A-2B01-6DB5-E76276223C3B}" = CCC Help Italian

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327

"{DD082978-011E-7058-8252-15E2E1AAFABB}" = CCC Help Dutch

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1453337-55CF-47FA-903B-D3E118FCB8B0}" = UNSTools

"{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack

"{FA3B4B32-D753-672D-842C-946644FEFC0A}" = CCC Help Swedish

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FF6FA054-25B9-1CA2-D22A-DFD87735E9F6}" = CCC Help Chinese Standard

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"BitTorrent" = BitTorrent

"BitTorrentBar Toolbar" = BitTorrentBar Toolbar

"BookSmart® 2.9.1 2.9.1" = BookSmart® 2.9.1 2.9.1

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"conduitEngine" = Conduit Engine

"DAEMON Tools Lite" = DAEMON Tools Lite

"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5

"ESET Online Scanner" = ESET Online Scanner v3

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Identity Card" = Identity Card

"ifolor-OrderClient" = ifolor Tilausohjelma 3.7

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Mozilla Firefox 10.0.2 (x86 fi)" = Mozilla Firefox 10.0.2 (x86 fi)

"OMUI.fi-fi" = Microsoft Office Language Pack 2007 - Finnish/suomi

"S4Uninst" = The Settlers IV

"SNLCLIENT_is1" = SNLClient 2.3.37

"Soulseek2" = SoulSeek 157 NS 13e

"Spyder3Pro" = Spyder3Pro

"VLC media player" = VLC media player 1.1.4

"Winamp" = Winamp

"WinLiveSuite" = Windows Liven asennustyökalu

"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-268533707-1958389649-1601823398-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/27/2011 10:08:47 PM | Computer Name = CF-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä

Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Virhe: Vaadittu varmenne ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun

tiedoston aikamerkinnän mukaan. .

Error - 7/27/2011 10:08:47 PM | Computer Name = CF-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä

Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Virhe: Vaadittu varmenne ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun

tiedoston aikamerkinnän mukaan. .

Error - 7/27/2011 10:09:11 PM | Computer Name = CF-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä

Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Virhe: Vaadittu varmenne ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun

tiedoston aikamerkinnän mukaan. .

Error - 7/27/2011 10:09:15 PM | Computer Name = CF-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä

Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Virhe: Vaadittu varmenne ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun

tiedoston aikamerkinnän mukaan. .

Error - 7/27/2011 10:09:15 PM | Computer Name = CF-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä

Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Virhe: Vaadittu varmenne ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun

tiedoston aikamerkinnän mukaan. .

Error - 7/27/2011 10:09:15 PM | Computer Name = CF-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä

Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Virhe: Vaadittu varmenne ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun

tiedoston aikamerkinnän mukaan. .

Error - 7/27/2011 10:09:15 PM | Computer Name = CF-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä

Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Virhe: Vaadittu varmenne ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun

tiedoston aikamerkinnän mukaan. .

Error - 7/27/2011 10:09:15 PM | Computer Name = CF-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä

Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Virhe: Vaadittu varmenne ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun

tiedoston aikamerkinnän mukaan. .

Error - 7/29/2011 4:48:39 PM | Computer Name = CF-PC | Source = SideBySide | ID = 16842824

Description = Aktivointikontekstin luonti epäonnistui (c:\program files\microsoft

security client\MSESysprep.dll). Virhe luettelo- tai käytäntötiedoston c:\program

files\microsoft security client\MSESysprep.dll rivillä 10. Elementti imaging on

alisteinen elementille urn:schemas-microsoft-com:asm.v1^assembly, mitä ei sallita

tässä Windows-versiossa.

Error - 7/29/2011 4:48:57 PM | Computer Name = CF-PC | Source = SideBySide | ID = 16842815

Description = Aktivointikontekstin luonti epäonnistui (C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä

3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR)

ei kelpaa elementissä assemblyIdentity.

[ Cisco AnyConnect VPN Client Events ]

Error - 2/22/2012 7:30:52 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331669

Description = Failed Route change: Action: DelRoute Destination: 192.168.2.255 Netmask:

255.255.255.255 Gateway: 192.168.2.13 Interface: 192.168.2.13 Metric: 256

Error - 2/22/2012 7:30:52 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331649

Description = Function: AddRouteChange Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp

Line:

231 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 2/23/2012 1:38:05 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331649

Description = Function: CertAddEncodedCertificateToStore Return code: 0x80093102 File:

.\Certificates\CapiCertificate.cpp Line: 1968 Description: ASN1: odottamaton tietojen

loppu.

Error - 2/23/2012 1:38:05 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331649

Description = Function: CCapiCertificate::openMemStoreCert Return code: 0xFE22000A

File:

.\Certificates\CapiCertificate.cpp Line: 493 Description: CERTIFICATE_ERROR_PROVIDER_ERROR

Error - 2/23/2012 1:38:10 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331649

Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp

Line:

1285 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 2/23/2012 1:38:10 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331669

Description = Failed Route change: Action: AddRoute Destination: 0.0.0.0 Netmask:

0.0.0.0 Gateway: 10.10.220.1 Interface: 10.10.220.120 Metric: 1

Error - 2/23/2012 1:38:10 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331649

Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp

Line:

212 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 2/23/2012 1:38:10 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331649

Description = Function: AddRouteChange Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp

Line:

1285 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 2/23/2012 1:38:10 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331669

Description = Failed Route change: Action: DelRoute Destination: 192.168.2.255 Netmask:

255.255.255.255 Gateway: 192.168.2.13 Interface: 192.168.2.13 Metric: 256

Error - 2/23/2012 1:38:10 PM | Computer Name = CF-PC | Source = vpnagent | ID = 50331649

Description = Function: AddRouteChange Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp

Line:

231 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

[ System Events ]

Error - 2/28/2012 6:04:50 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:04:51 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:04:51 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:04:51 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:04:51 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:04:51 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:04:51 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:04:58 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:07:27 PM | Computer Name = CF-PC | Source = Service Control Manager | ID = 7001

Description = Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus

(Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:

%%1068

Error - 2/28/2012 6:36:49 PM | Computer Name = CF-PC | Source = DCOM | ID = 10010

Description =

< End of report >

---

Let me know if you need me to translate any of the Finnish, if the ID# are not enough.

Thanks,

C.

Link to post
Share on other sites

I'm intrigued by this, if you care share OK, if not that's OK too.

C:\Users\CF\Desktop\List of things to do after death.pdf – Pikakuvake.lnk

---------------------------------------------------------------------

Please do this: (will require a reboot)

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKU\S-1-5-21-268533707-1958389649-1601823398-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-------------------

I would also like you run TDSSKiller:

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

The "List of things..." pdf is a poem, a work in progress I'd rather not share. But rest assured, it's not a suicide note. :)

Here are the OTL log and the TDSSKiller log:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

Registry value HKEY_USERS\S-1-5-21-268533707-1958389649-1601823398-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CF

->Temp folder emptied: 179939003 bytes

->Temporary Internet Files folder emptied: 4550055 bytes

->Java cache emptied: 2308608 bytes

->FireFox cache emptied: 83590376 bytes

->Flash cache emptied: 57209 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1195303 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50499 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 259.00 mb

OTL by OldTimer - Version 3.2.33.2 log created on 02292012_105033

Files\Folders moved on Reboot...

C:\Users\CF\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.

File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

------

10:56:12.0218 4812 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24

10:56:12.0617 4812 ============================================================

10:56:12.0617 4812 Current date / time: 2012/02/29 10:56:12.0616

10:56:12.0617 4812 SystemInfo:

10:56:12.0617 4812

10:56:12.0617 4812 OS Version: 6.1.7601 ServicePack: 1.0

10:56:12.0617 4812 Product type: Workstation

10:56:12.0617 4812 ComputerName: CF-PC

10:56:12.0617 4812 UserName: CF

10:56:12.0618 4812 Windows directory: C:\Windows

10:56:12.0618 4812 System windows directory: C:\Windows

10:56:12.0618 4812 Running under WOW64

10:56:12.0618 4812 Processor architecture: Intel x64

10:56:12.0618 4812 Number of processors: 2

10:56:12.0618 4812 Page size: 0x1000

10:56:12.0618 4812 Boot type: Normal boot

10:56:12.0618 4812 ============================================================

10:56:14.0005 4812 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:56:14.0035 4812 \Device\Harddisk0\DR0:

10:56:14.0035 4812 MBR used

10:56:14.0035 4812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000

10:56:14.0035 4812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030

10:56:14.0060 4812 Initialize success

10:56:14.0060 4812 ============================================================

10:56:33.0619 4896 ============================================================

10:56:33.0619 4896 Scan started

10:56:33.0619 4896 Mode: Manual; SigCheck; TDLFS;

10:56:33.0619 4896 ============================================================

10:56:34.0051 4896 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:56:34.0196 4896 1394ohci - ok

10:56:34.0297 4896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:56:34.0333 4896 ACPI - ok

10:56:34.0414 4896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:56:34.0479 4896 AcpiPmi - ok

10:56:34.0576 4896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:56:34.0628 4896 adp94xx - ok

10:56:34.0728 4896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:56:34.0762 4896 adpahci - ok

10:56:34.0866 4896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:56:34.0897 4896 adpu320 - ok

10:56:35.0023 4896 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:56:35.0086 4896 AFD - ok

10:56:35.0233 4896 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys

10:56:35.0349 4896 AgereSoftModem - ok

10:56:35.0464 4896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:56:35.0487 4896 agp440 - ok

10:56:35.0592 4896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:56:35.0619 4896 aliide - ok

10:56:35.0707 4896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:56:35.0730 4896 amdide - ok

10:56:35.0827 4896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:56:35.0881 4896 AmdK8 - ok

10:56:35.0924 4896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:56:35.0989 4896 AmdPPM - ok

10:56:36.0043 4896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:56:36.0060 4896 amdsata - ok

10:56:36.0122 4896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:56:36.0141 4896 amdsbs - ok

10:56:36.0163 4896 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:56:36.0177 4896 amdxata - ok

10:56:36.0251 4896 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:56:36.0332 4896 AppID - ok

10:56:36.0385 4896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:56:36.0402 4896 arc - ok

10:56:36.0412 4896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:56:36.0429 4896 arcsas - ok

10:56:36.0486 4896 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys

10:56:36.0646 4896 aswFsBlk - ok

10:56:36.0750 4896 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys

10:56:36.0772 4896 aswMonFlt - ok

10:56:36.0838 4896 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys

10:56:36.0858 4896 aswRdr - ok

10:56:36.0908 4896 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys

10:56:36.0932 4896 aswSnx - ok

10:56:36.0975 4896 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys

10:56:36.0992 4896 aswSP - ok

10:56:37.0011 4896 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys

10:56:37.0024 4896 aswTdi - ok

10:56:37.0074 4896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:56:37.0150 4896 AsyncMac - ok

10:56:37.0196 4896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:56:37.0222 4896 atapi - ok

10:56:37.0293 4896 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

10:56:37.0371 4896 athr - ok

10:56:37.0550 4896 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys

10:56:37.0742 4896 atikmdag - ok

10:56:37.0874 4896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:56:37.0934 4896 b06bdrv - ok

10:56:38.0000 4896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:56:38.0050 4896 b57nd60a - ok

10:56:38.0114 4896 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

10:56:38.0214 4896 BCM43XX - ok

10:56:38.0242 4896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:56:38.0304 4896 Beep - ok

10:56:38.0355 4896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:56:38.0394 4896 blbdrive - ok

10:56:38.0430 4896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:56:38.0470 4896 bowser - ok

10:56:38.0512 4896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:56:38.0569 4896 BrFiltLo - ok

10:56:38.0580 4896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:56:38.0602 4896 BrFiltUp - ok

10:56:38.0632 4896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:56:38.0671 4896 Brserid - ok

10:56:38.0690 4896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:56:38.0726 4896 BrSerWdm - ok

10:56:38.0748 4896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:56:38.0787 4896 BrUsbMdm - ok

10:56:38.0812 4896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:56:38.0848 4896 BrUsbSer - ok

10:56:38.0870 4896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:56:38.0908 4896 BTHMODEM - ok

10:56:38.0952 4896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:56:39.0017 4896 cdfs - ok

10:56:39.0077 4896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:56:39.0138 4896 cdrom - ok

10:56:39.0176 4896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:56:39.0216 4896 circlass - ok

10:56:39.0253 4896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:56:39.0275 4896 CLFS - ok

10:56:39.0349 4896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:56:39.0385 4896 CmBatt - ok

10:56:39.0424 4896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:56:39.0440 4896 cmdide - ok

10:56:39.0487 4896 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:56:39.0516 4896 CNG - ok

10:56:39.0553 4896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:56:39.0567 4896 Compbatt - ok

10:56:39.0595 4896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:56:39.0635 4896 CompositeBus - ok

10:56:39.0670 4896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:56:39.0688 4896 crcdisk - ok

10:56:39.0732 4896 dc3d (4e95f8736ec2285ba8981c8ca67de3b8) C:\Windows\system32\DRIVERS\dc3d.sys

10:56:39.0768 4896 dc3d - ok

10:56:39.0827 4896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:56:39.0902 4896 DfsC - ok

10:56:39.0937 4896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:56:39.0994 4896 discache - ok

10:56:40.0048 4896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:56:40.0076 4896 Disk - ok

10:56:40.0086 4896 DKbFltr - ok

10:56:40.0135 4896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:56:40.0187 4896 drmkaud - ok

10:56:40.0282 4896 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

10:56:40.0302 4896 dtsoftbus01 - ok

10:56:40.0372 4896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:56:40.0412 4896 DXGKrnl - ok

10:56:40.0510 4896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:56:40.0632 4896 ebdrv - ok

10:56:40.0707 4896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:56:40.0742 4896 elxstor - ok

10:56:40.0788 4896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:56:40.0828 4896 ErrDev - ok

10:56:40.0876 4896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:56:40.0942 4896 exfat - ok

10:56:40.0969 4896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:56:41.0030 4896 fastfat - ok

10:56:41.0070 4896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:56:41.0106 4896 fdc - ok

10:56:41.0139 4896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:56:41.0155 4896 FileInfo - ok

10:56:41.0168 4896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:56:41.0232 4896 Filetrace - ok

10:56:41.0262 4896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:56:41.0296 4896 flpydisk - ok

10:56:41.0335 4896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:56:41.0368 4896 FltMgr - ok

10:56:41.0399 4896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:56:41.0414 4896 FsDepends - ok

10:56:41.0432 4896 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:56:41.0447 4896 Fs_Rec - ok

10:56:41.0485 4896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:56:41.0507 4896 fvevol - ok

10:56:41.0538 4896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:56:41.0555 4896 gagp30kx - ok

10:56:41.0588 4896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:56:41.0628 4896 hcw85cir - ok

10:56:41.0675 4896 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:56:41.0712 4896 HdAudAddService - ok

10:56:41.0745 4896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:56:41.0779 4896 HDAudBus - ok

10:56:41.0812 4896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:56:41.0831 4896 HidBatt - ok

10:56:41.0841 4896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:56:41.0879 4896 HidBth - ok

10:56:41.0889 4896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:56:41.0914 4896 HidIr - ok

10:56:41.0959 4896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:56:41.0989 4896 HidUsb - ok

10:56:42.0022 4896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:56:42.0039 4896 HpSAMD - ok

10:56:42.0096 4896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:56:42.0172 4896 HTTP - ok

10:56:42.0199 4896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:56:42.0214 4896 hwpolicy - ok

10:56:42.0252 4896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:56:42.0272 4896 i8042prt - ok

10:56:42.0318 4896 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

10:56:42.0336 4896 iaStor - ok

10:56:42.0379 4896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:56:42.0402 4896 iaStorV - ok

10:56:42.0567 4896 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:56:42.0760 4896 igfx - ok

10:56:42.0783 4896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:56:42.0800 4896 iirsp - ok

10:56:42.0878 4896 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys

10:56:42.0920 4896 IntcAzAudAddService - ok

10:56:42.0948 4896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:56:42.0963 4896 intelide - ok

10:56:43.0012 4896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:56:43.0040 4896 intelppm - ok

10:56:43.0103 4896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:56:43.0163 4896 IpFilterDriver - ok

10:56:43.0197 4896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:56:43.0231 4896 IPMIDRV - ok

10:56:43.0288 4896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:56:43.0341 4896 IPNAT - ok

10:56:43.0362 4896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:56:43.0387 4896 IRENUM - ok

10:56:43.0405 4896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:56:43.0421 4896 isapnp - ok

10:56:43.0471 4896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:56:43.0491 4896 iScsiPrt - ok

10:56:43.0584 4896 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys

10:56:43.0602 4896 k57nd60a - ok

10:56:43.0722 4896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:56:43.0748 4896 kbdclass - ok

10:56:43.0822 4896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:56:43.0930 4896 kbdhid - ok

10:56:44.0020 4896 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:56:44.0047 4896 KSecDD - ok

10:56:44.0094 4896 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:56:44.0123 4896 KSecPkg - ok

10:56:44.0162 4896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:56:44.0217 4896 ksthunk - ok

10:56:44.0250 4896 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys

10:56:44.0285 4896 L1E - ok

10:56:44.0336 4896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:56:44.0398 4896 lltdio - ok

10:56:44.0444 4896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:56:44.0461 4896 LSI_FC - ok

10:56:44.0472 4896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:56:44.0489 4896 LSI_SAS - ok

10:56:44.0500 4896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:56:44.0516 4896 LSI_SAS2 - ok

10:56:44.0539 4896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:56:44.0556 4896 LSI_SCSI - ok

10:56:44.0587 4896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:56:44.0643 4896 luafv - ok

10:56:44.0666 4896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:56:44.0685 4896 megasas - ok

10:56:44.0707 4896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:56:44.0727 4896 MegaSR - ok

10:56:44.0754 4896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:56:44.0796 4896 Modem - ok

10:56:44.0808 4896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:56:44.0841 4896 monitor - ok

10:56:44.0887 4896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:56:44.0903 4896 mouclass - ok

10:56:44.0932 4896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:56:44.0952 4896 mouhid - ok

10:56:44.0980 4896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:56:44.0997 4896 mountmgr - ok

10:56:45.0033 4896 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

10:56:45.0051 4896 MpFilter - ok

10:56:45.0092 4896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:56:45.0110 4896 mpio - ok

10:56:45.0128 4896 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

10:56:45.0142 4896 MpNWMon - ok

10:56:45.0168 4896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:56:45.0221 4896 mpsdrv - ok

10:56:45.0271 4896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:56:45.0315 4896 MRxDAV - ok

10:56:45.0358 4896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:56:45.0390 4896 mrxsmb - ok

10:56:45.0440 4896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:56:45.0496 4896 mrxsmb10 - ok

10:56:45.0532 4896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:56:45.0552 4896 mrxsmb20 - ok

10:56:45.0579 4896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:56:45.0595 4896 msahci - ok

10:56:45.0629 4896 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:56:45.0647 4896 msdsm - ok

10:56:45.0698 4896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:56:45.0739 4896 Msfs - ok

10:56:45.0760 4896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:56:45.0822 4896 mshidkmdf - ok

10:56:45.0842 4896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:56:45.0857 4896 msisadrv - ok

10:56:45.0884 4896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:56:45.0942 4896 MSKSSRV - ok

10:56:45.0991 4896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:56:46.0062 4896 MSPCLOCK - ok

10:56:46.0089 4896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:56:46.0150 4896 MSPQM - ok

10:56:46.0190 4896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:56:46.0212 4896 MsRPC - ok

10:56:46.0238 4896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:56:46.0254 4896 mssmbios - ok

10:56:46.0273 4896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:56:46.0328 4896 MSTEE - ok

10:56:46.0337 4896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:56:46.0373 4896 MTConfig - ok

10:56:46.0405 4896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:56:46.0420 4896 Mup - ok

10:56:46.0448 4896 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

10:56:46.0460 4896 mwlPSDFilter - ok

10:56:46.0473 4896 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

10:56:46.0485 4896 mwlPSDNServ - ok

10:56:46.0500 4896 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

10:56:46.0512 4896 mwlPSDVDisk - ok

10:56:46.0595 4896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:56:46.0647 4896 NativeWifiP - ok

10:56:46.0714 4896 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:56:46.0755 4896 NDIS - ok

10:56:46.0787 4896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:56:46.0840 4896 NdisCap - ok

10:56:46.0873 4896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:56:46.0917 4896 NdisTapi - ok

10:56:46.0984 4896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:56:47.0042 4896 Ndisuio - ok

10:56:47.0079 4896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:56:47.0134 4896 NdisWan - ok

10:56:47.0168 4896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:56:47.0227 4896 NDProxy - ok

10:56:47.0277 4896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:56:47.0322 4896 NetBIOS - ok

10:56:47.0370 4896 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:56:47.0423 4896 NetBT - ok

10:56:47.0501 4896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:56:47.0516 4896 nfrd960 - ok

10:56:47.0542 4896 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

10:56:47.0557 4896 NisDrv - ok

10:56:47.0589 4896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:56:47.0641 4896 Npfs - ok

10:56:47.0665 4896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:56:47.0716 4896 nsiproxy - ok

10:56:47.0779 4896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:56:47.0843 4896 Ntfs - ok

10:56:47.0927 4896 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

10:56:47.0939 4896 NTIDrvr - ok

10:56:47.0974 4896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:56:48.0045 4896 Null - ok

10:56:48.0087 4896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:56:48.0105 4896 nvraid - ok

10:56:48.0132 4896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:56:48.0151 4896 nvstor - ok

10:56:48.0198 4896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:56:48.0215 4896 nv_agp - ok

10:56:48.0234 4896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:56:48.0266 4896 ohci1394 - ok

10:56:48.0320 4896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:56:48.0357 4896 Parport - ok

10:56:48.0393 4896 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:56:48.0410 4896 partmgr - ok

10:56:48.0438 4896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:56:48.0456 4896 pci - ok

10:56:48.0475 4896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:56:48.0491 4896 pciide - ok

10:56:48.0512 4896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:56:48.0531 4896 pcmcia - ok

10:56:48.0584 4896 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

10:56:48.0636 4896 pcouffin - ok

10:56:48.0668 4896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:56:48.0683 4896 pcw - ok

10:56:48.0720 4896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:56:48.0794 4896 PEAUTH - ok

10:56:48.0888 4896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:56:48.0943 4896 PptpMiniport - ok

10:56:48.0972 4896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:56:49.0006 4896 Processor - ok

10:56:49.0093 4896 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:56:49.0168 4896 Psched - ok

10:56:49.0298 4896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:56:49.0391 4896 ql2300 - ok

10:56:49.0421 4896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:56:49.0438 4896 ql40xx - ok

10:56:49.0474 4896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:56:49.0507 4896 QWAVEdrv - ok

10:56:49.0526 4896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:56:49.0569 4896 RasAcd - ok

10:56:49.0605 4896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:56:49.0666 4896 RasAgileVpn - ok

10:56:49.0710 4896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:56:49.0752 4896 Rasl2tp - ok

10:56:49.0790 4896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:56:49.0844 4896 RasPppoe - ok

10:56:49.0878 4896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:56:49.0922 4896 RasSstp - ok

10:56:49.0965 4896 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:56:50.0028 4896 rdbss - ok

10:56:50.0053 4896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:56:50.0093 4896 rdpbus - ok

10:56:50.0117 4896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:56:50.0171 4896 RDPCDD - ok

10:56:50.0191 4896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:56:50.0250 4896 RDPENCDD - ok

10:56:50.0275 4896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:56:50.0334 4896 RDPREFMP - ok

10:56:50.0373 4896 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:56:50.0433 4896 RDPWD - ok

10:56:50.0486 4896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:56:50.0506 4896 rdyboost - ok

10:56:50.0595 4896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:56:50.0650 4896 rspndr - ok

10:56:50.0710 4896 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys

10:56:50.0751 4896 RSUSBSTOR - ok

10:56:50.0771 4896 RtsUIR - ok

10:56:50.0805 4896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:56:50.0822 4896 sbp2port - ok

10:56:50.0864 4896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:56:50.0915 4896 scfilter - ok

10:56:50.0962 4896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:56:51.0035 4896 secdrv - ok

10:56:51.0100 4896 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys

10:56:51.0124 4896 Sentinel64 - ok

10:56:51.0188 4896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:56:51.0225 4896 Serenum - ok

10:56:51.0259 4896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:56:51.0279 4896 Serial - ok

10:56:51.0333 4896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:56:51.0384 4896 sermouse - ok

10:56:51.0446 4896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:56:51.0481 4896 sffdisk - ok

10:56:51.0504 4896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:56:51.0541 4896 sffp_mmc - ok

10:56:51.0550 4896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:56:51.0578 4896 sffp_sd - ok

10:56:51.0616 4896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:56:51.0658 4896 sfloppy - ok

10:56:51.0700 4896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:56:51.0716 4896 SiSRaid2 - ok

10:56:51.0736 4896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:56:51.0753 4896 SiSRaid4 - ok

10:56:51.0776 4896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:56:51.0828 4896 Smb - ok

10:56:51.0879 4896 SNTUSB64 (2d5576c01c8a34aa614870e745fe8f19) C:\Windows\system32\DRIVERS\SNTUSB64.SYS

10:56:51.0894 4896 SNTUSB64 - ok

10:56:51.0915 4896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:56:51.0931 4896 spldr - ok

10:56:51.0996 4896 Spyder3 (d8b882c520fc83547e22014ff5ec66d7) C:\Windows\system32\DRIVERS\Spyder3.sys

10:56:52.0035 4896 Spyder3 - ok

10:56:52.0077 4896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:56:52.0132 4896 srv - ok

10:56:52.0163 4896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:56:52.0204 4896 srv2 - ok

10:56:52.0242 4896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:56:52.0272 4896 srvnet - ok

10:56:52.0328 4896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:56:52.0344 4896 stexstor - ok

10:56:52.0389 4896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:56:52.0404 4896 swenum - ok

10:56:52.0472 4896 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys

10:56:52.0488 4896 SynTP - ok

10:56:52.0582 4896 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:56:52.0668 4896 Tcpip - ok

10:56:52.0719 4896 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:56:52.0762 4896 TCPIP6 - ok

10:56:52.0807 4896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:56:52.0859 4896 tcpipreg - ok

10:56:52.0889 4896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:56:52.0943 4896 TDPIPE - ok

10:56:52.0969 4896 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:56:53.0012 4896 TDTCP - ok

10:56:53.0047 4896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:56:53.0097 4896 tdx - ok

10:56:53.0129 4896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:56:53.0145 4896 TermDD - ok

10:56:53.0208 4896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:56:53.0281 4896 tssecsrv - ok

10:56:53.0336 4896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:56:53.0366 4896 TsUsbFlt - ok

10:56:53.0429 4896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:56:53.0506 4896 tunnel - ok

10:56:53.0526 4896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:56:53.0542 4896 uagp35 - ok

10:56:53.0582 4896 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

10:56:53.0593 4896 UBHelper - ok

10:56:53.0640 4896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:56:53.0697 4896 udfs - ok

10:56:53.0756 4896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:56:53.0782 4896 uliagpkx - ok

10:56:53.0817 4896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:56:53.0847 4896 umbus - ok

10:56:53.0881 4896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:56:53.0921 4896 UmPass - ok

10:56:53.0984 4896 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

10:56:54.0008 4896 usbaudio - ok

10:56:54.0051 4896 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:56:54.0082 4896 usbccgp - ok

10:56:54.0103 4896 USBCCID - ok

10:56:54.0124 4896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:56:54.0160 4896 usbcir - ok

10:56:54.0187 4896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:56:54.0221 4896 usbehci - ok

10:56:54.0262 4896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:56:54.0295 4896 usbhub - ok

10:56:54.0331 4896 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

10:56:54.0370 4896 usbohci - ok

10:56:54.0396 4896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:56:54.0437 4896 usbprint - ok

10:56:54.0469 4896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:56:54.0499 4896 USBSTOR - ok

10:56:54.0530 4896 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

10:56:54.0548 4896 usbuhci - ok

10:56:54.0601 4896 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:56:54.0644 4896 usbvideo - ok

10:56:54.0680 4896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:56:54.0696 4896 vdrvroot - ok

10:56:54.0728 4896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:56:54.0751 4896 vga - ok

10:56:54.0769 4896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:56:54.0812 4896 VgaSave - ok

10:56:54.0839 4896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:56:54.0859 4896 vhdmp - ok

10:56:54.0892 4896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:56:54.0908 4896 viaide - ok

10:56:54.0927 4896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:56:54.0943 4896 volmgr - ok

10:56:54.0993 4896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:56:55.0015 4896 volmgrx - ok

10:56:55.0032 4896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:56:55.0052 4896 volsnap - ok

10:56:55.0123 4896 vpnva (67d62d30f4688d5cfe7c26db3f98da1e) C:\Windows\system32\DRIVERS\vpnva64.sys

10:56:55.0142 4896 vpnva - ok

10:56:55.0183 4896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:56:55.0201 4896 vsmraid - ok

10:56:55.0228 4896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:56:55.0258 4896 vwifibus - ok

10:56:55.0284 4896 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:56:55.0307 4896 vwififlt - ok

10:56:55.0323 4896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:56:55.0354 4896 WacomPen - ok

10:56:55.0395 4896 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:56:55.0452 4896 WANARP - ok

10:56:55.0467 4896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:56:55.0509 4896 Wanarpv6 - ok

10:56:55.0577 4896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:56:55.0602 4896 Wd - ok

10:56:55.0635 4896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:56:55.0673 4896 Wdf01000 - ok

10:56:55.0715 4896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:56:55.0757 4896 WfpLwf - ok

10:56:55.0786 4896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:56:55.0802 4896 WIMMount - ok

10:56:55.0874 4896 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:56:55.0898 4896 WinUsb - ok

10:56:55.0933 4896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:56:55.0963 4896 WmiAcpi - ok

10:56:56.0016 4896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:56:56.0077 4896 ws2ifsl - ok

10:56:56.0126 4896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:56:56.0179 4896 WudfPf - ok

10:56:56.0231 4896 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:56:56.0294 4896 WUDFRd - ok

10:56:56.0336 4896 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

10:56:56.0524 4896 \Device\Harddisk0\DR0 - ok

10:56:56.0529 4896 Boot (0x1200) (83ee4fc18c74298171d2e63263edbb10) \Device\Harddisk0\DR0\Partition0

10:56:56.0531 4896 \Device\Harddisk0\DR0\Partition0 - ok

10:56:56.0569 4896 Boot (0x1200) (72e5f636abe102a2ae9b976cc63c31b8) \Device\Harddisk0\DR0\Partition1

10:56:56.0571 4896 \Device\Harddisk0\DR0\Partition1 - ok

10:56:56.0571 4896 ============================================================

10:56:56.0571 4896 Scan finished

10:56:56.0571 4896 ============================================================

10:56:56.0599 4888 Detected object count: 0

10:56:56.0599 4888 Actual detected object count: 0

10:57:11.0533 4748 Deinitialize success

Thanks,

C.

Link to post
Share on other sites

I didn't mean to insinuate that you're going to "check out", but it got my attention.....if it's a private work of yours....I understand.

--------------------------------

Looks Good......No rootkits

-----------------------------------

If everything is OK....a little clean-up to do.

You have old and out dated Java on the system.

Older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall > Java™ 6 Update 26.

Then.....in the control panel > Java > Update Tab > Update Now

Java™ 6 Update 30<---should be 31

http://www.java.com/...d/installed.jsp <---verify your Java

------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.