Jump to content

Please help me with Trojan.Dropper.BCMiner and Trojan.Agent


Recommended Posts

Please help me get rid of trojan.dropper.bcminer and trojan.agent. i tried to follow the other guides on the forums but they didnt work. the trojan.dropper was there before but i guess its gone now. please help.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.11.02

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Patrick :: MYPCYADIG [administrator]

7/11/2012 5:21:37 AM

mbam log

Scan type: Quick scan

Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | P2P

Objects scanned: 201267

Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|58762 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msvara.cmd -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Patrick at 5:31:38 on 2012-07-11

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1203 [GMT -5:00]

.

AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Program Files (x86)\DVBLogic\DVBLink\DVBLinkSrv.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskhost.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = my.daemon-search.com

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0354z165t4822x277

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0354z165t4822x277

mStart Page =

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mExplorerRun: [58762] C:\PROGRA~3\LOCALS~1\Temp\msvara.cmd

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{25B43BE2-156C-41BE-82C5-21FD7D02B0DA} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{E09C7C2B-CFE1-4378-9FD8-962A5F1250FE} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{E09C7C2B-CFE1-4378-9FD8-962A5F1250FE}\14E64627F69646140573037353 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{E09C7C2B-CFE1-4378-9FD8-962A5F1250FE}\3686F696365613 : DhcpNameServer = 172.20.101.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO-X64: MegaIEMn - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun-x64: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yppm9cke.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage|https://mail.google.com/mail/?shva=1#|https://www.google.com/calendar/render?tab=mc&gsessionid=KyyaFjT6OOlMUBo7bbM01A|https://docs.google.com/?tab=mo&pli=1#all

FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 DVBLink Server;DVBLink Server;C:\Program Files (x86)\DVBLogic\DVBLink\DVBLinkSrv.exe [2009-7-1 135168]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-21 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-2-27 103440]

R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-12-25 359952]

R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-12-25 155456]

R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-21 240160]

R3 dvblinkcap;DVBLink Capture #1;C:\Windows\system32\DRIVERS\dvblinkcap.sys --> C:\Windows\system32\DRIVERS\dvblinkcap.sys [?]

R3 dvblinkcap2;DVBLink Capture #2;C:\Windows\system32\DRIVERS\dvblinkcap2.sys --> C:\Windows\system32\DRIVERS\dvblinkcap2.sys [?]

R3 dvblinkcap3;DVBLink Capture #3;C:\Windows\system32\DRIVERS\dvblinkcap3.sys --> C:\Windows\system32\DRIVERS\dvblinkcap3.sys [?]

R3 dvblinkcap4;DVBLink Capture #4;C:\Windows\system32\DRIVERS\dvblinkcap4.sys --> C:\Windows\system32\DRIVERS\dvblinkcap4.sys [?]

R3 dvblinktun;DVBLink Tuner #1;C:\Windows\system32\DRIVERS\dvblinktun.sys --> C:\Windows\system32\DRIVERS\dvblinktun.sys [?]

R3 dvblinktun2;DVBLink Tuner #2;C:\Windows\system32\DRIVERS\dvblinktun2.sys --> C:\Windows\system32\DRIVERS\dvblinktun2.sys [?]

R3 dvblinktun3;DVBLink Tuner #3;C:\Windows\system32\DRIVERS\dvblinktun3.sys --> C:\Windows\system32\DRIVERS\dvblinktun3.sys [?]

R3 dvblinktun4;DVBLink Tuner #4;C:\Windows\system32\DRIVERS\dvblinktun4.sys --> C:\Windows\system32\DRIVERS\dvblinktun4.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]

S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]

S3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?]

S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-12-25 606736]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-11 09:24:20 -------- d-----w- C:\32788R22FWJFW.0.tmp

2012-07-11 09:16:40 -------- d-----w- C:\Users\Patrick\AppData\Local\{AB5A1DD3-7585-4A53-8C6C-554EADD1A579}

2012-07-11 09:16:27 -------- d-----w- C:\Users\Patrick\AppData\Local\{CF68DEBC-8226-4E1E-9B54-E5D6726FEB64}

2012-07-11 09:02:09 -------- d-----w- C:\Users\Patrick\AppData\Local\{73F04097-B915-4DFF-ACE3-0A83D51AB16A}

2012-07-11 09:01:51 -------- d-----w- C:\Users\Patrick\AppData\Local\{EBB2A6AC-AC18-48FB-9CBE-41EB5D812DDB}

2012-07-11 08:50:09 -------- d-----w- C:\_OTL

2012-07-11 08:28:43 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-11 08:11:13 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 07:30:42 -------- d-----w- C:\Users\Patrick\AppData\Local\{580AA3BC-8939-44E5-A927-CA81E6D2F66C}

2012-07-11 07:30:23 -------- d-----w- C:\Users\Patrick\AppData\Local\{EEE30319-6879-4322-9711-122E1328624C}

2012-07-11 07:17:27 -------- d-----w- C:\Users\Patrick\AppData\Local\{9CA68046-8753-4102-840B-37157B95C4B3}

2012-07-11 07:17:10 -------- d-----w- C:\Users\Patrick\AppData\Local\{C4889019-5237-4FB8-ABC5-AC2F21390A1D}

2012-07-11 06:16:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-07-11 06:16:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-11 00:49:35 -------- d-----w- C:\Users\Patrick\AppData\Local\{01013834-02E5-4392-A743-464BDDBD6EF6}

2012-07-11 00:49:21 -------- d-----w- C:\Users\Patrick\AppData\Local\{0C363A0D-6181-4E36-A36C-42BD1D466D7F}

2012-07-11 00:27:36 -------- d-----w- C:\Users\Patrick\AppData\Local\{B2159F49-5536-466B-B908-2B1DF9C1162E}

2012-07-11 00:27:24 -------- d-----w- C:\Users\Patrick\AppData\Local\{A46910BB-C141-44C2-B4BB-03214CF399A3}

2012-07-10 22:15:55 -------- d-----w- C:\Users\Patrick\AppData\Local\{E3B5E006-EEBC-4D5E-A7FE-F1ECB839017A}

2012-07-10 22:15:33 -------- d-----w- C:\Users\Patrick\AppData\Local\{C439CCF2-CE02-461E-B6E3-255C0AFCD429}

2012-07-09 22:45:54 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-09 21:06:31 -------- d-----w- C:\Users\Patrick\AppData\Local\{10E73D9D-2C59-4263-95F0-FC6EDAD6A106}

2012-07-09 21:06:16 -------- d-----w- C:\Users\Patrick\AppData\Local\{5BE8095B-6571-46A0-B25E-3CBCC0CF7926}

2012-07-08 15:35:01 -------- d-----w- C:\Users\Patrick\AppData\Local\{64D5610A-8B24-4E87-A0C9-5EF1B355C842}

2012-07-08 15:34:29 -------- d-----w- C:\Users\Patrick\AppData\Local\{4478E0BF-3731-4B28-B964-EFDD224FC6A9}

2012-07-07 22:47:42 -------- d-----w- C:\Users\Patrick\AppData\Local\{14E30936-4868-4B06-8CF9-54C03D8EB650}

2012-07-07 22:47:24 -------- d-----w- C:\Users\Patrick\AppData\Local\{BE7AFDA7-1684-43E0-954B-E1E807B44BCA}

2012-07-07 00:09:59 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-07 00:05:45 -------- d-----w- C:\Users\Patrick\AppData\Local\{C37781DE-714C-4179-BFA8-B2CC70378D71}

2012-07-07 00:05:30 -------- d-----w- C:\Users\Patrick\AppData\Local\{6D0689A1-A829-4F53-839C-9775365EF412}

2012-07-06 20:54:41 -------- d-----w- C:\Users\Patrick\AppData\Local\{938D3DAE-09E6-4C55-9AB5-0003C501A52F}

2012-07-06 20:54:25 -------- d-----w- C:\Users\Patrick\AppData\Local\{2E3820BA-E625-467E-8A1C-117CD91174B8}

2012-07-06 00:34:17 -------- d-----w- C:\Users\Patrick\AppData\Local\{37D2520D-2A25-4A50-8492-BB8DE751256A}

2012-07-06 00:34:02 -------- d-----w- C:\Users\Patrick\AppData\Local\{3441BA36-36C2-4117-9E7C-1357D9882E26}

2012-07-05 22:32:38 -------- d-----w- C:\Users\Patrick\AppData\Local\{FDCA8EAA-0061-456A-AAD5-E8C253C1AC0B}

2012-07-05 22:32:25 -------- d-----w- C:\Users\Patrick\AppData\Local\{B972F97F-8A82-42E5-A24E-8993CA55F8F0}

2012-07-05 19:58:16 -------- d-----w- C:\Users\Patrick\AppData\Local\{9241D156-0379-46D1-A8B7-F8F6739E8630}

2012-07-05 19:57:39 -------- d-----w- C:\Users\Patrick\AppData\Local\{7A04AECD-7F52-4FFA-82D2-8A579457D0EC}

2012-07-04 23:29:46 -------- d-----w- C:\Users\Patrick\AppData\Local\{60607F63-6508-4423-8136-A7C88836C66C}

2012-07-04 23:29:32 -------- d-----w- C:\Users\Patrick\AppData\Local\{4FFFBF54-ED2F-4C68-9CDD-8321C0729060}

2012-07-03 22:42:03 -------- d-----w- C:\Users\Patrick\AppData\Local\{770CD80F-D25B-45E8-926A-A77892117046}

2012-07-03 22:41:49 -------- d-----w- C:\Users\Patrick\AppData\Local\{8763851A-CF20-457F-9E0B-738CD44A8090}

2012-07-02 23:36:06 -------- d-----w- C:\Users\Patrick\AppData\Local\{AF35CE74-B339-4CB5-85A7-7895E47A6F2B}

2012-07-02 23:35:48 -------- d-----w- C:\Users\Patrick\AppData\Local\{DA981DCD-7BAA-47A2-BB67-F55AAFBCC6BC}

2012-07-02 19:41:32 -------- d-----w- C:\Users\Patrick\AppData\Local\{6EF22011-3A98-41A1-876C-76F9B20FBD64}

2012-07-02 19:41:12 -------- d-----w- C:\Users\Patrick\AppData\Local\{DEBED675-4DC3-41FF-90DE-B71F63D636AA}

2012-07-02 19:20:57 -------- d-----w- C:\Users\Patrick\AppData\Local\{064D1814-1DC5-4966-8A84-432744B1D80F}

2012-07-02 19:20:24 -------- d-----w- C:\Users\Patrick\AppData\Local\{9A5409B6-867C-4E7D-94DD-20E16EC2BD8E}

2012-07-01 19:20:13 -------- d-----w- C:\Users\Patrick\AppData\Local\{5CB2CC3A-6564-4B16-88FC-2C532FB91563}

2012-07-01 19:20:00 -------- d-----w- C:\Users\Patrick\AppData\Local\{D33D7A15-1027-4DF5-BAD2-13595F41CBCF}

2012-07-01 04:52:50 -------- d-----w- C:\Users\Patrick\AppData\Local\{E490AB90-8D06-483A-81D9-4F86A7C1A22B}

2012-07-01 04:52:35 -------- d-----w- C:\Users\Patrick\AppData\Local\{7519F929-C332-4D62-A538-6916196D8236}

2012-07-01 01:10:49 -------- d-----w- C:\Users\Patrick\AppData\Local\{C7F7A059-D0D6-46D7-9497-850105A49501}

2012-07-01 01:10:36 -------- d-----w- C:\Users\Patrick\AppData\Local\{2790055B-CF0C-4D4E-B4EA-A4F6C8A578D0}

2012-06-30 08:41:14 -------- d-----w- C:\Users\Patrick\AppData\Local\{FAC85988-E4FF-4F62-98DC-2A5299454832}

2012-06-30 08:40:59 -------- d-----w- C:\Users\Patrick\AppData\Local\{29BECB78-8DD7-47D4-ACE1-B38D7FB78DE0}

2012-06-30 08:30:24 -------- d-----w- C:\Users\Patrick\AppData\Local\{1D2939C0-B286-44FA-B093-5E25681F8FAB}

2012-06-30 08:29:52 -------- d-----w- C:\Users\Patrick\AppData\Local\{0F582AAD-C748-45AF-B8F5-8C156D3CA722}

2012-06-29 22:35:48 -------- d-----w- C:\Users\Patrick\AppData\Local\{08DB040D-09D4-4E6D-B6FB-B8505D57CC97}

2012-06-29 22:35:28 -------- d-----w- C:\Users\Patrick\AppData\Local\{F77D8AAB-7B07-4121-9020-5840ABA60885}

2012-06-27 00:32:13 -------- d-----w- C:\Users\Patrick\AppData\Local\{9041B08F-A188-437C-B9D1-67F20ED73008}

2012-06-27 00:31:57 -------- d-----w- C:\Users\Patrick\AppData\Local\{168D3202-B300-41CA-B986-D69357CBEECA}

2012-06-26 22:28:11 -------- d-----w- C:\Users\Patrick\AppData\Local\{D27A1578-8B41-4DD8-A0E4-1E7BBDA479F8}

2012-06-26 22:27:56 -------- d-----w- C:\Users\Patrick\AppData\Local\{602C18A7-F480-40E5-8B06-43B734ED9CB9}

2012-06-26 21:40:12 -------- d-----w- C:\Users\Patrick\AppData\Local\{18AB0261-A29B-468F-94F9-E86E5A70CBF4}

2012-06-26 21:39:47 -------- d-----w- C:\Users\Patrick\AppData\Local\{4A00B971-4CC8-4835-BBCF-1F258BF57287}

2012-06-25 05:03:17 -------- d-----w- C:\Users\Patrick\AppData\Local\{81EA8777-7E8D-4673-B2FF-05F4EC9EF337}

2012-06-25 05:03:00 -------- d-----w- C:\Users\Patrick\AppData\Local\{E4A54573-A0F6-4D6C-95A4-5ECE97DB8E70}

2012-06-24 05:14:46 -------- d-----w- C:\Users\Patrick\AppData\Local\{4B13F648-39FB-4AC7-BE9F-513F5F8997D0}

2012-06-24 05:14:33 -------- d-----w- C:\Users\Patrick\AppData\Local\{5F5CBD1F-A142-4B2A-B395-FB66BBDCA2FA}

2012-06-24 03:14:16 -------- d-----w- C:\Users\Patrick\AppData\Local\{BA60B74D-DECF-4EFD-8CE1-315E8F28B505}

2012-06-24 03:14:00 -------- d-----w- C:\Users\Patrick\AppData\Local\{CB00734F-2A1A-4834-A967-228FD44D8BDD}

2012-06-24 01:07:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-24 01:07:03 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-24 01:06:43 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-24 01:06:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-24 00:44:09 -------- d-----w- C:\Users\Patrick\AppData\Local\{759D575A-1C09-4F2A-8654-7847A314B1B7}

2012-06-24 00:43:50 -------- d-----w- C:\Users\Patrick\AppData\Local\{8065C7BD-0C5A-4167-889C-EEFE3E686647}

2012-06-23 06:30:38 -------- d-----w- C:\Users\Patrick\AppData\Local\{96AC50F4-7D01-4415-A7C5-A937E8469714}

2012-06-23 06:30:26 -------- d-----w- C:\Users\Patrick\AppData\Local\{27B07E0B-076B-487C-8DBF-531E7D0879E6}

2012-06-23 05:06:10 -------- d-----w- C:\Users\Patrick\AppData\Local\{3B13F67D-695B-4254-9894-DBCDAA75E23E}

2012-06-23 05:05:53 -------- d-----w- C:\Users\Patrick\AppData\Local\{45137A30-3A46-4589-9901-344728756DD4}

2012-06-22 09:17:17 -------- d-----w- C:\Users\Patrick\AppData\Local\{C996B9BB-00C1-408B-8659-C3521F84331E}

2012-06-22 09:16:58 -------- d-----w- C:\Users\Patrick\AppData\Local\{293897BC-C8D5-442B-9E14-8EDE7DD8D923}

2012-06-21 01:24:24 -------- d-----w- C:\Users\Patrick\AppData\Local\{88B55AD0-985B-47FF-8750-56B8C5ACE269}

2012-06-21 01:24:07 -------- d-----w- C:\Users\Patrick\AppData\Local\{21191513-67AE-43AB-BDE5-F66276732FBB}

2012-06-20 08:51:52 -------- d-----w- C:\Users\Patrick\AppData\Local\{6EF10CFB-1362-4FF6-878B-DCEFEE576172}

2012-06-20 08:51:23 -------- d-----w- C:\Users\Patrick\AppData\Local\{7E8DDE19-7CA4-45F9-9374-FCD868D45A07}

2012-06-17 18:42:38 -------- d-----w- C:\Users\Patrick\AppData\Local\{6E3CA130-C635-43CC-8DD8-D677E3873E4D}

2012-06-16 02:32:01 -------- d-----w- C:\Users\Patrick\AppData\Local\{520CD960-C67C-450B-ADDE-1B3E4FB7A63D}

2012-06-15 05:20:00 -------- d-----w- C:\Users\Patrick\AppData\Local\{6EB89E73-8EC4-4167-AD3D-95DEF3C50D01}

2012-06-14 08:43:05 -------- d-----w- C:\Users\Patrick\AppData\Local\{D3F295A7-3FCD-4B69-834C-5DCCC883CEF3}

2012-06-14 08:42:26 -------- d-----w- C:\Users\Patrick\AppData\Local\{F4609240-5C12-47E6-A7BE-6F773E4AA01F}

2012-06-14 04:13:59 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 22:48:47 -------- d-----w- C:\Users\Patrick\AppData\Local\{29435207-862D-4087-8BB5-0CB68BF46BE7}

2012-06-13 22:48:28 -------- d-----w- C:\Users\Patrick\AppData\Local\{1B3DE8C5-8B52-4232-84A2-8CA403FED3EE}

2012-06-13 19:18:15 -------- d-----w- C:\Users\Patrick\AppData\Local\{192DBFC8-682A-4AEF-948F-FE2F960E4235}

2012-06-12 03:10:40 -------- d-----w- C:\Users\Patrick\AppData\Local\{184644B0-5C8A-4166-A64E-562E1E0229BC}

2012-06-12 03:10:27 -------- d-----w- C:\Users\Patrick\AppData\Local\{C5F50902-4E07-4AF8-9BF3-E5BA4F7C8E3E}

2012-06-11 23:17:00 -------- d-----w- C:\Users\Patrick\AppData\Local\{E6A33863-DAA4-45FF-97E1-E2ACD92F4184}

2012-06-11 23:16:22 -------- d-----w- C:\Users\Patrick\AppData\Local\{47059C92-CF74-448A-AA65-73DE5BCA2796}

2012-06-11 22:05:11 -------- d-----w- C:\Users\Patrick\AppData\Local\{E7F3122B-16F2-4F28-9EB7-F7D744F7E311}

2012-06-11 22:04:56 -------- d-----w- C:\Users\Patrick\AppData\Local\{20360F31-B906-4FCB-9A78-E8DABA3ED213}

2012-06-11 19:06:18 -------- d-----w- C:\Users\Patrick\AppData\Local\{F5605E05-3791-4899-B64D-1C34E3E62C73}

2012-06-11 19:06:05 -------- d-----w- C:\Users\Patrick\AppData\Local\{9A30AFC5-C4E5-42CF-8339-DC0ACBB18973}

.

==================== Find3M ====================

.

2012-07-07 00:09:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

.

============= FINISH: 5:32:55.18 ===============

ATTACH

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/25/2009 10:40:57 PM

System Uptime: 7/11/2012 4:15:19 AM (1 hours ago)

.

Motherboard: Acer | | Aspire 5532

Processor: AMD Athlon Processor TF-20 | Socket S1G1 | 1600/200mhz

.

==== Disk Partitions =========================

.

B: RAMDisk NTFS 137 GiB total, 46.526 GiB free.

C: is FIXED (NTFS) - 137 GiB total, 45.738 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: LogMeIn Kernel Information Provider

Device ID: ROOT\LEGACY_LMIINFO\0000

Manufacturer:

Name: LogMeIn Kernel Information Provider

PNP Device ID: ROOT\LEGACY_LMIINFO\0000

Service: LMIInfo

.

==== System Restore Points ===================

.

RP223: 6/30/2012 3:35:49 AM - Windows Live Essentials

RP224: 7/8/2012 11:48:15 AM - Scheduled Checkpoint

RP225: 7/11/2012 3:00:20 AM - Windows Update

RP226: 7/11/2012 3:55:23 AM - OTL Restore Point - 7/11/2012 3:55:23 AM

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

AC3Filter (remove only)

Acer Arcade Deluxe

Acer Assist

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer GridVista

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Media Live Encoder 3.1

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.1 MUI

Adobe Shockwave Player 11.6

AMD USB Filter Driver

Apple Application Support

Apple Software Update

ArcSoft TotalMedia Extreme

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AudibleManager

AviSynth 2.5

CadStd

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

D3DX10

DAEMON Tools Lite

DivX Web Player

DVBLink for HDPVR

DVBLink Server

eBay Worldwide

eSobi v2

Google Chrome

Google Update Helper

Hauppauge WinTV IR Blaster

Hauppauge WinTV Scheduler

Identity Card

Java 6 Update 29

Java SE Development Kit 6 Update 21

Junk Mail filter update

Launch Manager

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee Security Scan Plus

McAfee SecurityCenter

Mega Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mobile Mouse Server

Mozilla Firefox 4.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

Near Reality

Norton Online Backup

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

NVIDIA PhysX v8.10.29

Octoshape Streaming Services

Project64 1.6

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Soldier Front

TeamSpeak 2 RC2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.762

Ventrilo Client

VLC media player 2.0.1

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

7/4/2012 6:29:33 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

7/11/2012 5:06:41 AM, Error: Service Control Manager [7034] - The McAfee SystemGuards service terminated unexpectedly. It has done this 3 time(s).

7/11/2012 4:44:43 AM, Error: atikmdag [43029] - Display is not active

7/11/2012 4:44:10 AM, Error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/11/2012 4:28:32 AM, Error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/11/2012 4:18:29 AM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

7/11/2012 4:16:29 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/11/2012 4:16:29 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/11/2012 4:15:56 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/11/2012 4:15:50 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/11/2012 4:15:50 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.

7/11/2012 4:15:47 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/11/2012 4:15:37 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

7/11/2012 3:50:10 AM, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).

7/11/2012 2:30:21 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831

.

==== End Of File ===========================

Link to post
Share on other sites

Well i just restarted and i did a MBAM scan and it found the bcminer. symptons are random pop ups and redirects on links.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.11.02

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Patrick :: MYPCYADIG [administrator]

7/11/2012 5:46:19 AM

mbam2

Scan type: Quick scan

Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | P2P

Objects scanned: 200769

Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|58762 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msvara.cmd -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)

Link to post
Share on other sites

Hello Blacksbane and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Before i posted on the forums i used other guides so i used otl before. this leads me to my next thing. i just did as you requested and downloaded otl and ran it twice. only the OTL.txt popped up. the extras.txt did not. I looked back and i still have the extras from the first run.

OTL.txt

OTL logfile created on: 7/11/2012 1:48:57 PM - Run 3

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Patrick\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 57.60% Memory free

5.49 Gb Paging File | 4.20 Gb Available in Paging File | 76.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 136.95 Gb Total Space | 45.56 Gb Free Space | 33.27% Space Free | Partition Type: NTFS

Computer Name: MYPCYADIG | User Name: Patrick | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/11 13:48:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Downloads\OTL.exe

PRC - [2011/08/08 13:12:44 | 000,039,080 | ---- | M] (RPA Technology) -- C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe

PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe

PRC - [2009/08/06 12:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

PRC - [2009/08/06 12:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

PRC - [2009/08/05 00:45:00 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

PRC - [2009/07/31 20:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

PRC - [2009/07/27 19:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2009/07/01 00:24:40 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\DVBLogic\DVBLink\DVBLinkSrv.exe

PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 18:06:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll

MOD - [2012/06/14 03:46:59 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll

MOD - [2012/06/14 03:46:19 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll

MOD - [2012/05/11 04:11:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll

MOD - [2012/05/11 04:11:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll

MOD - [2012/05/11 04:10:59 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll

MOD - [2012/05/11 04:10:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV:64bit: - [2009/10/28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/03/31 15:29:00 | 003,534,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)

SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe -- (MSK80Service)

SRV - [2009/08/06 12:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/07/01 00:24:40 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DVBLogic\DVBLink\DVBLinkSrv.exe -- (DVBLink Server)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/06 16:33:18 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2011/07/04 23:49:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2010/06/03 10:07:18 | 000,015,160 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)

DRV:64bit: - [2010/04/24 11:05:17 | 000,189,440 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr)

DRV:64bit: - [2009/11/04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2009/11/04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2009/11/04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)

DRV:64bit: - [2009/11/04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)

DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/08/09 22:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)

DRV:64bit: - [2009/07/16 06:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)

DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/05/03 23:54:56 | 000,020,784 | ---- | M] (DVBLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvblinktun4.sys -- (dvblinktun4)

DRV:64bit: - [2009/05/03 23:54:48 | 000,020,784 | ---- | M] (DVBLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvblinktun3.sys -- (dvblinktun3)

DRV:64bit: - [2009/05/03 23:54:38 | 000,020,784 | ---- | M] (DVBLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvblinktun2.sys -- (dvblinktun2)

DRV:64bit: - [2009/05/03 23:54:32 | 000,020,784 | ---- | M] (DVBLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvblinktun.sys -- (dvblinktun)

DRV:64bit: - [2009/05/03 23:54:26 | 000,018,608 | ---- | M] (DVBLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvblinkcap4.sys -- (dvblinkcap4)

DRV:64bit: - [2009/05/03 23:54:20 | 000,018,608 | ---- | M] (DVBLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvblinkcap3.sys -- (dvblinkcap3)

DRV:64bit: - [2009/05/03 23:54:14 | 000,018,608 | ---- | M] (DVBLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvblinkcap2.sys -- (dvblinkcap2)

DRV:64bit: - [2009/05/03 23:54:06 | 000,018,608 | ---- | M] (DVBLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvblinkcap.sys -- (dvblinkcap)

DRV:64bit: - [2009/04/09 16:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)

DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2008/07/26 16:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2008/07/26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV:64bit: - [2008/07/26 16:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0354z165t4822x277

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0354z165t4822x277

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0354z165t4822x277

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0354z165t4822x277

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS359US359

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\..\SearchScopes\{9FAB8033-C0CE-46CF-B0C4-EA901A3E1345}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,6901,0,8,0

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mydtzone.com/startpage|https://mail.google.com/mail/?shva=1#|https://www.google.com/calendar/render?tab=mc&gsessionid=KyyaFjT6OOlMUBo7bbM01A|https://docs.google.com/?tab=mo&pli=1#all"

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Patrick\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/27 19:22:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/27 23:46:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/27 23:46:12 | 000,000,000 | ---D | M]

[2010/02/17 20:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Extensions

[2012/07/10 17:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yppm9cke.default\extensions

[2012/05/19 20:12:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yppm9cke.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011/07/04 23:46:46 | 000,002,055 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yppm9cke.default\searchplugins\daemon-search.xml

[2011/11/22 11:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/07/15 14:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/02 17:28:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/02/01 15:18:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/15 09:22:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/06 08:25:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/11/22 11:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012/02/27 19:22:57 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

[2011/04/29 06:40:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/04/16 15:39:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Patrick\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: SiteAdvisor = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

CHR - Extension: ICE Quick Stream = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.4_0\

CHR - Extension: Gmail = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/11 03:55:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-3794066387-2219636134-70439330-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-3794066387-2219636134-70439330-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 58762 = C:\PROGRA~3\LOCALS~1\Temp\msvara.cmd

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Justin.tv Publisher http://www.justin.tv/plugins/justintv_publisher.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25B43BE2-156C-41BE-82C5-21FD7D02B0DA}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E09C7C2B-CFE1-4378-9FD8-962A5F1250FE}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{3998c0dd-a16e-11e1-8baa-002622769529}\Shell - "" = AutoRun

O33 - MountPoints2\{3998c0dd-a16e-11e1-8baa-002622769529}\Shell\AutoRun\command - "" = F:\ToolLauncher-Bootstrap.exe

O33 - MountPoints2\{c3ec291c-63d6-11e0-b923-002622769529}\Shell - "" = AutoRun

O33 - MountPoints2\{c3ec291c-63d6-11e0-b923-002622769529}\Shell\AutoRun\command - "" = E:\Launcher.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 13:19:34 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C0F4C81C-4B43-4D02-9FC8-EEBF8B45A1D3}

[2012/07/11 13:19:20 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{789956D4-0C83-42DF-A079-D55706C97942}

[2012/07/11 05:44:40 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9037F0A1-59F3-41C6-9153-479AD39E8A01}

[2012/07/11 05:44:21 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{D79EF15C-DE3D-4C42-ADFB-CCFEFDD6E16D}

[2012/07/11 05:22:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Patrick\Desktop\dds.com

[2012/07/11 05:19:27 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/07/11 04:28:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/11 04:28:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/11 04:16:40 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{AB5A1DD3-7585-4A53-8C6C-554EADD1A579}

[2012/07/11 04:16:27 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{CF68DEBC-8226-4E1E-9B54-E5D6726FEB64}

[2012/07/11 04:02:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{73F04097-B915-4DFF-ACE3-0A83D51AB16A}

[2012/07/11 04:01:51 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{EBB2A6AC-AC18-48FB-9CBE-41EB5D812DDB}

[2012/07/11 03:50:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/07/11 03:28:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/11 02:30:42 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{580AA3BC-8939-44E5-A927-CA81E6D2F66C}

[2012/07/11 02:30:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{EEE30319-6879-4322-9711-122E1328624C}

[2012/07/11 02:17:27 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9CA68046-8753-4102-840B-37157B95C4B3}

[2012/07/11 02:17:10 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C4889019-5237-4FB8-ABC5-AC2F21390A1D}

[2012/07/11 01:16:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2012/07/11 01:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/11 01:16:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/10 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{01013834-02E5-4392-A743-464BDDBD6EF6}

[2012/07/10 19:49:21 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{0C363A0D-6181-4E36-A36C-42BD1D466D7F}

[2012/07/10 19:27:36 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{B2159F49-5536-466B-B908-2B1DF9C1162E}

[2012/07/10 19:27:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{A46910BB-C141-44C2-B4BB-03214CF399A3}

[2012/07/10 17:15:55 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E3B5E006-EEBC-4D5E-A7FE-F1ECB839017A}

[2012/07/10 17:15:33 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C439CCF2-CE02-461E-B6E3-255C0AFCD429}

[2012/07/09 17:45:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/09 17:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings

[2012/07/09 16:06:31 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{10E73D9D-2C59-4263-95F0-FC6EDAD6A106}

[2012/07/09 16:06:16 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{5BE8095B-6571-46A0-B25E-3CBCC0CF7926}

[2012/07/08 10:35:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{64D5610A-8B24-4E87-A0C9-5EF1B355C842}

[2012/07/08 10:34:29 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4478E0BF-3731-4B28-B964-EFDD224FC6A9}

[2012/07/07 17:47:42 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{14E30936-4868-4B06-8CF9-54C03D8EB650}

[2012/07/07 17:47:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{BE7AFDA7-1684-43E0-954B-E1E807B44BCA}

[2012/07/06 19:05:45 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C37781DE-714C-4179-BFA8-B2CC70378D71}

[2012/07/06 19:05:30 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6D0689A1-A829-4F53-839C-9775365EF412}

[2012/07/06 15:54:41 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{938D3DAE-09E6-4C55-9AB5-0003C501A52F}

[2012/07/06 15:54:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{2E3820BA-E625-467E-8A1C-117CD91174B8}

[2012/07/05 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{37D2520D-2A25-4A50-8492-BB8DE751256A}

[2012/07/05 19:34:02 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{3441BA36-36C2-4117-9E7C-1357D9882E26}

[2012/07/05 17:32:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{FDCA8EAA-0061-456A-AAD5-E8C253C1AC0B}

[2012/07/05 17:32:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{B972F97F-8A82-42E5-A24E-8993CA55F8F0}

[2012/07/05 14:58:16 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9241D156-0379-46D1-A8B7-F8F6739E8630}

[2012/07/05 14:57:39 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{7A04AECD-7F52-4FFA-82D2-8A579457D0EC}

[2012/07/04 18:29:46 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{60607F63-6508-4423-8136-A7C88836C66C}

[2012/07/04 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4FFFBF54-ED2F-4C68-9CDD-8321C0729060}

[2012/07/03 17:42:03 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{770CD80F-D25B-45E8-926A-A77892117046}

[2012/07/03 17:41:49 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{8763851A-CF20-457F-9E0B-738CD44A8090}

[2012/07/02 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{AF35CE74-B339-4CB5-85A7-7895E47A6F2B}

[2012/07/02 18:35:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{DA981DCD-7BAA-47A2-BB67-F55AAFBCC6BC}

[2012/07/02 14:41:32 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6EF22011-3A98-41A1-876C-76F9B20FBD64}

[2012/07/02 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{DEBED675-4DC3-41FF-90DE-B71F63D636AA}

[2012/07/02 14:20:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{064D1814-1DC5-4966-8A84-432744B1D80F}

[2012/07/02 14:20:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9A5409B6-867C-4E7D-94DD-20E16EC2BD8E}

[2012/07/01 14:20:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{5CB2CC3A-6564-4B16-88FC-2C532FB91563}

[2012/07/01 14:20:00 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{D33D7A15-1027-4DF5-BAD2-13595F41CBCF}

[2012/06/30 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E490AB90-8D06-483A-81D9-4F86A7C1A22B}

[2012/06/30 23:52:35 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{7519F929-C332-4D62-A538-6916196D8236}

[2012/06/30 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C7F7A059-D0D6-46D7-9497-850105A49501}

[2012/06/30 20:10:36 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{2790055B-CF0C-4D4E-B4EA-A4F6C8A578D0}

[2012/06/30 03:41:14 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{FAC85988-E4FF-4F62-98DC-2A5299454832}

[2012/06/30 03:40:59 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{29BECB78-8DD7-47D4-ACE1-B38D7FB78DE0}

[2012/06/30 03:30:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{1D2939C0-B286-44FA-B093-5E25681F8FAB}

[2012/06/30 03:29:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{0F582AAD-C748-45AF-B8F5-8C156D3CA722}

[2012/06/29 17:35:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{08DB040D-09D4-4E6D-B6FB-B8505D57CC97}

[2012/06/29 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{F77D8AAB-7B07-4121-9020-5840ABA60885}

[2012/06/26 19:32:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9041B08F-A188-437C-B9D1-67F20ED73008}

[2012/06/26 19:31:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{168D3202-B300-41CA-B986-D69357CBEECA}

[2012/06/26 17:28:11 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{D27A1578-8B41-4DD8-A0E4-1E7BBDA479F8}

[2012/06/26 17:27:56 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{602C18A7-F480-40E5-8B06-43B734ED9CB9}

[2012/06/26 16:40:12 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{18AB0261-A29B-468F-94F9-E86E5A70CBF4}

[2012/06/26 16:39:47 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4A00B971-4CC8-4835-BBCF-1F258BF57287}

[2012/06/25 00:03:17 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{81EA8777-7E8D-4673-B2FF-05F4EC9EF337}

[2012/06/25 00:03:00 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E4A54573-A0F6-4D6C-95A4-5ECE97DB8E70}

[2012/06/24 00:14:46 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4B13F648-39FB-4AC7-BE9F-513F5F8997D0}

[2012/06/24 00:14:33 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{5F5CBD1F-A142-4B2A-B395-FB66BBDCA2FA}

[2012/06/23 22:14:16 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{BA60B74D-DECF-4EFD-8CE1-315E8F28B505}

[2012/06/23 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{CB00734F-2A1A-4834-A967-228FD44D8BDD}

[2012/06/23 19:44:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{759D575A-1C09-4F2A-8654-7847A314B1B7}

[2012/06/23 19:43:50 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{8065C7BD-0C5A-4167-889C-EEFE3E686647}

[2012/06/23 01:30:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{96AC50F4-7D01-4415-A7C5-A937E8469714}

[2012/06/23 01:30:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{27B07E0B-076B-487C-8DBF-531E7D0879E6}

[2012/06/23 00:06:10 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{3B13F67D-695B-4254-9894-DBCDAA75E23E}

[2012/06/23 00:05:53 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{45137A30-3A46-4589-9901-344728756DD4}

[2012/06/22 04:17:17 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C996B9BB-00C1-408B-8659-C3521F84331E}

[2012/06/22 04:16:58 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{293897BC-C8D5-442B-9E14-8EDE7DD8D923}

[2012/06/20 20:24:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{88B55AD0-985B-47FF-8750-56B8C5ACE269}

[2012/06/20 20:24:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{21191513-67AE-43AB-BDE5-F66276732FBB}

[2012/06/20 03:51:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6EF10CFB-1362-4FF6-878B-DCEFEE576172}

[2012/06/20 03:51:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{7E8DDE19-7CA4-45F9-9374-FCD868D45A07}

[2012/06/17 13:42:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6E3CA130-C635-43CC-8DD8-D677E3873E4D}

[2012/06/15 21:32:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{520CD960-C67C-450B-ADDE-1B3E4FB7A63D}

[2012/06/15 00:20:00 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6EB89E73-8EC4-4167-AD3D-95DEF3C50D01}

[2012/06/14 03:43:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{D3F295A7-3FCD-4B69-834C-5DCCC883CEF3}

[2012/06/14 03:42:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{F4609240-5C12-47E6-A7BE-6F773E4AA01F}

[2012/06/13 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{29435207-862D-4087-8BB5-0CB68BF46BE7}

[2012/06/13 17:48:28 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{1B3DE8C5-8B52-4232-84A2-8CA403FED3EE}

[2012/06/13 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{192DBFC8-682A-4AEF-948F-FE2F960E4235}

[2012/06/11 22:10:40 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{184644B0-5C8A-4166-A64E-562E1E0229BC}

[2012/06/11 22:10:27 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C5F50902-4E07-4AF8-9BF3-E5BA4F7C8E3E}

[2012/06/11 18:17:00 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E6A33863-DAA4-45FF-97E1-E2ACD92F4184}

[2012/06/11 18:16:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{47059C92-CF74-448A-AA65-73DE5BCA2796}

[2012/06/11 17:05:11 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E7F3122B-16F2-4F28-9EB7-F7D744F7E311}

[2012/06/11 17:04:56 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{20360F31-B906-4FCB-9A78-E8DABA3ED213}

[2012/06/11 14:06:18 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{F5605E05-3791-4899-B64D-1C34E3E62C73}

[2012/06/11 14:06:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9A30AFC5-C4E5-42CF-8339-DC0ACBB18973}

[2010/04/11 20:21:25 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Patrick\gotomypc_438.exe

[2010/04/11 12:14:12 | 509,708,424 | ---- | C] (Macrovision Corporation) -- C:\Users\Patrick\U_SFInstaller.exe

[2010/03/17 21:07:55 | 000,721,912 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Patrick\gotomypc_428.exe

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/11 13:35:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3794066387-2219636134-70439330-1000UA.job

[2012/07/11 13:35:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/11 13:26:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/11 13:26:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/11 13:18:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/11 13:18:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/11 13:18:11 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/11 05:53:45 | 000,002,202 | ---- | M] () -- C:\Users\Patrick\Desktop\mbam2

[2012/07/11 05:26:50 | 000,002,030 | ---- | M] () -- C:\Users\Patrick\Desktop\mbam log

[2012/07/11 05:22:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Patrick\Desktop\dds.com

[2012/07/11 03:59:19 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/11 03:55:44 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2012/07/11 01:23:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/09 20:09:54 | 000,009,737 | ---- | M] () -- C:\Windows\SysNative\Config.MPF

[2012/07/08 14:35:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3794066387-2219636134-70439330-1000Core.job

[2012/07/08 03:00:02 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Patrick.job

[2012/07/02 19:53:45 | 000,002,373 | ---- | M] () -- C:\Users\Patrick\Desktop\Google Chrome.lnk

[2012/07/01 01:00:07 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

[2012/06/16 05:31:25 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/16 05:31:25 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/16 05:31:25 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/15 02:58:48 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/11 05:53:44 | 000,002,202 | ---- | C] () -- C:\Users\Patrick\Desktop\mbam2

[2012/07/11 05:26:50 | 000,002,030 | ---- | C] () -- C:\Users\Patrick\Desktop\mbam log

[2012/07/11 05:24:40 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000032.@

[2012/07/11 05:24:35 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000064.@

[2012/07/11 05:24:32 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000000.@

[2012/07/11 05:24:30 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\00000004.@

[2012/07/11 05:24:30 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\000000cb.@

[2012/07/11 05:24:30 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\L\00000004.@

[2012/07/11 01:23:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/11 04:01:22 | 000,002,048 | -HS- | C] () -- C:\Users\Patrick\AppData\Local\{52a689ea-4d72-da20-a8af-379893955118}\@

[2011/12/10 23:19:47 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/06/29 23:36:41 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2011/06/29 23:36:41 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2011/06/29 23:36:41 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2010/04/11 12:14:12 | 000,000,254 | -H-- | C] () -- C:\Users\Patrick\U_SFInstaller.exe.bfi

[2010/04/02 14:09:00 | 000,000,051 | ---- | C] () -- C:\Users\Patrick\jagex__preferences3.dat

[2010/01/17 01:38:07 | 000,000,099 | ---- | C] () -- C:\Users\Patrick\jagex_runescape_preferences2.dat

[2010/01/17 01:37:13 | 000,000,046 | ---- | C] () -- C:\Users\Patrick\jagex_runescape_preferences.dat

========== LOP Check ==========

[2009/12/25 09:54:12 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Acer

[2011/07/04 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite

[2010/11/21 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro

[2010/04/11 12:29:56 | 000,000,000 | -H-D | M] -- C:\Users\Patrick\AppData\Roaming\ijjigame

[2009/12/25 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech

[2011/12/10 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leawo

[2009/12/27 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Megaupload

[2010/06/05 21:22:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Octoshape

[2012/02/27 10:47:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\PowerCinema

[2009/12/26 15:08:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SoftDMA

[2011/12/10 23:26:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\tiger-k

[2010/08/07 16:44:25 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TS3Client

[2011/07/05 18:07:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Windows Live Writer

[2012/06/15 02:58:48 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2012/07/01 01:00:07 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2012/07/08 03:00:02 | 000,000,360 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - Patrick.job

[2012/07/02 18:34:40 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:D06A4C76

< End of report >

extras from run 1

OTL Extras logfile created on: 7/11/2012 3:32:34 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Patrick\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 49.04% Memory free

5.49 Gb Paging File | 3.73 Gb Available in Paging File | 67.96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 136.95 Gb Total Space | 40.21 Gb Free Space | 29.36% Space Free | Partition Type: NTFS

Computer Name: MYPCYADIG | User Name: Patrick | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29

"{287E69C3-ABB0-4F47-907C-15961FC7C832}" = DVBLink Server

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing

"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish

"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java SE Development Kit 6 Update 21

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1

"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager

"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek

"{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager

"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian

"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional

"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian

"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy

"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai

"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian

"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian

"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B3CBD2E0-6F6B-49C2-B72B-0391A76DCDE4}" = Near Reality

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BAC8C2FD-1FF8-4615-B827-9042248121CB}" = Mobile Mouse Server

"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard

"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"AC3Filter" = AC3Filter (remove only)

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AudibleManager" = AudibleManager

"AviSynth" = AviSynth 2.5

"CadStd" = CadStd

"DAEMON Tools Lite" = DAEMON Tools Lite

"DVBLink for HDPVR" = DVBLink for HDPVR

"GridVista" = Acer GridVista

"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster

"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Identity Card" = Identity Card

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)

"MSC" = McAfee SecurityCenter

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"VLC media player" = VLC media player 2.0.1

"WildTangent acer Master Uninstall" = Acer Games

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3794066387-2219636134-70439330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/1/2012 7:27:23 PM | Computer Name = mypcyadig | Source = Application Hang | ID = 1002

Description = The program iTunes.exe version 10.5.3.3 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: d58 Start Time:

01cd4009d6fffde1 Termination Time: 47 Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report

Id:

Error - 6/2/2012 4:07:57 AM | Computer Name = mypcyadig | Source = Application Error | ID = 1000

Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp:

0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec

Exception

code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0xa70 Faulting application

start time: 0x01cd4096c8196390 Faulting application path: C:\Program Files (x86)\Common

Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program

Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id:

0f588aab-ac8a-11e1-9699-002622769529

Error - 6/2/2012 5:23:39 AM | Computer Name = mypcyadig | Source = Application Error | ID = 1000

Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp:

0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec

Exception

code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0xc7c Faulting application

start time: 0x01cd40a15a15df70 Faulting application path: C:\Program Files (x86)\Common

Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program

Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id:

a2c335c5-ac94-11e1-8a82-002622769529

Error - 6/2/2012 5:22:01 PM | Computer Name = mypcyadig | Source = Application Error | ID = 1000

Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp:

0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec

Exception

code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x9b8 Faulting application

start time: 0x01cd4105b43b69e3 Faulting application path: C:\Program Files (x86)\Common

Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program

Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id:

fdbacb51-acf8-11e1-be9b-002622769529

Error - 6/2/2012 7:03:37 PM | Computer Name = mypcyadig | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 6/2/2012 7:05:33 PM | Computer Name = mypcyadig | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/2/2012 7:05:34 PM | Computer Name = mypcyadig | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/2/2012 7:05:34 PM | Computer Name = mypcyadig | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/2/2012 7:05:34 PM | Computer Name = mypcyadig | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/3/2012 1:02:21 PM | Computer Name = mypcyadig | Source = Application Error | ID = 1000

Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp:

0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec

Exception

code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0xd10 Faulting application

start time: 0x01cd41aa9f0abbd4 Faulting application path: C:\Program Files (x86)\Common

Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program

Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id:

e1704f4b-ad9d-11e1-9043-002622769529

[ Media Center Events ]

Error - 6/13/2011 9:55:41 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 8:55:41 PM - Failed to retrieve MCEClientUX (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 6/13/2011 9:55:41 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 8:55:41 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 6/13/2011 9:55:41 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 8:55:41 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 6/13/2011 9:55:55 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 8:55:41 PM - Failed to retrieve Broadband (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 6/14/2011 6:47:10 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 5:47:10 PM - Failed to retrieve Directory (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 6/14/2011 6:47:11 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 5:47:10 PM - Failed to retrieve NetTV (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 6/14/2011 6:47:11 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 5:47:11 PM - Failed to retrieve MCEClientUX (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 6/14/2011 6:47:11 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 5:47:11 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 6/14/2011 6:47:11 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 5:47:11 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 6/14/2011 6:47:26 PM | Computer Name = mypcyadig | Source = MCUpdate | ID = 0

Description = 5:47:11 PM - Failed to retrieve Broadband (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

[ System Events ]

Error - 7/11/2012 3:30:23 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 7/11/2012 3:30:47 AM | Computer Name = mypcyadig | Source = DCOM | ID = 10010

Description =

Error - 7/11/2012 3:32:23 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 7/11/2012 3:32:26 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 7/11/2012 3:32:29 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 7/11/2012 4:07:31 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 7/11/2012 4:07:31 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 7/11/2012 4:18:30 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 7/11/2012 4:18:35 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 7/11/2012 4:18:35 AM | Computer Name = mypcyadig | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-3794066387-2219636134-70439330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    [2012/07/11 05:24:40 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000032.@
    [2012/07/11 05:24:35 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000064.@
    [2012/07/11 05:24:32 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000000.@
    [2012/07/11 05:24:30 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\00000004.@
    [2012/07/11 05:24:30 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\000000cb.@
    [2012/07/11 05:24:30 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\L\00000004.@
    [2012/01/11 04:01:22 | 000,002,048 | -HS- | C] () -- C:\Users\Patrick\AppData\Local\{52a689ea-4d72-da20-a8af-379893955118}\@

    :files
    C:\Program Files (x86)\DAEMON Tools Toolbar
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

All processes killed

========== OTL ==========

HKU\S-1-5-21-3794066387-2219636134-70439330-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000032.@ moved successfully.

C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000064.@ moved successfully.

C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000000.@ moved successfully.

C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\00000004.@ moved successfully.

C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\L\00000004.@ moved successfully.

C:\Users\Patrick\AppData\Local\{52a689ea-4d72-da20-a8af-379893955118}\@ moved successfully.

========== FILES ==========

C:\Program Files (x86)\DAEMON Tools Toolbar folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Patrick\Downloads\cmd.bat deleted successfully.

C:\Users\Patrick\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Patrick

->Temp folder emptied: 5894456 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 32896046 bytes

->Flash cache emptied: 1066 bytes

User: Public

%systemdrive% .tmp files removed: 412201 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 395115 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 1570576 bytes

Total Files Cleaned = 39.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07112012_155322

Files\Folders moved on Reboot...

C:\Users\Patrick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\mcmsc_8KTy2YxdKvXxRYS not found!

File\Folder C:\Windows\temp\mcmsc_FzeDIp9GT5WswD9 not found!

File\Folder C:\Windows\temp\sqlite_g1ad6MZkL8Pt1tc not found!

File\Folder C:\Windows\temp\sqlite_KH7Z1c6PtzMvFZI not found!

File\Folder C:\Windows\temp\sqlite_yZShPqzBj5HlOKQ not found!

File\Folder C:\Windows\temp\sqlite_z6IPVodIwAcmitP not found!

PendingFileRenameOperations files...

File C:\Users\Patrick\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Windows\temp\mcmsc_8KTy2YxdKvXxRYS not found!

File C:\Windows\temp\mcmsc_FzeDIp9GT5WswD9 not found!

File C:\Windows\temp\sqlite_g1ad6MZkL8Pt1tc not found!

File C:\Windows\temp\sqlite_KH7Z1c6PtzMvFZI not found!

File C:\Windows\temp\sqlite_yZShPqzBj5HlOKQ not found!

File C:\Windows\temp\sqlite_z6IPVodIwAcmitP not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Very good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ok i went on internet explorer and i downloaded combofix and saved it as combofix.exe. i quit everything and dbl clicked it. i clicked run and the after that a warning came up and said do not run in compatibility mode doing it could damage your cpu. I clicked ok. i waited for a while and nothing came up. Please what should i do?

Link to post
Share on other sites

ok i figured it out. heres the log.

ComboFix 12-07-11.03 - Patrick 07/11/2012 16:37:15.1.1 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1970 [GMT -5:00]

Running from: c:\users\Patrick\Desktop\ComboFix.exe

AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\@

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\L\00000004.@

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\L\1afb2d56

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\L\201d3dde

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\00000004.@

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\00000008.@

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\000000cb.@

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000000.@

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000032.@

c:\windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000064.@

.

.

((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))

.

.

2012-07-11 21:46 . 2012-07-11 21:46 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-07-11 21:46 . 2012-07-11 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-11 08:50 . 2012-07-11 08:50 -------- d-----w- C:\_OTL

2012-07-11 08:28 . 2012-07-11 08:28 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-11 08:11 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 06:16 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-07-11 06:16 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-09 22:45 . 2012-07-09 22:45 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-09 22:01 . 2012-07-09 22:01 -------- d-----w- c:\programdata\Local Settings

2012-07-07 00:09 . 2012-07-07 00:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-24 01:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 01:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 01:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 01:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 01:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-24 01:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 01:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 01:06 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 01:06 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-14 04:13 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-07 00:09 . 2011-06-18 20:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-28 1157128]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480]

"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2011-9-3 1106432]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DVBLink Server;DVBLink Server;c:\program files (x86)\DVBLogic\DVBLink\DVBLinkSrv.exe [2009-07-01 135168]

R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]

R2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]

R2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]

R3 dvblinkcap;DVBLink Capture 39A16CF1D2D85F6F7A968981EE9B99511F32CC46;c:\windows\system32\DRIVERS\dvblinkcap.sys [2009-05-04 18608]

R3 dvblinkcap2;DVBLink Capture 454A65853766664A35602CB9F5C0D12CAE31EA2F37D729C7360EE9AB;c:\windows\system32\DRIVERS\dvblinkcap2.sys [2009-05-04 18608]

R3 dvblinkcap3;DVBLink Capture A7BD1C44C58FD1378C13AA43CB1B848B1302D908598A62281224518D10373E70;c:\windows\system32\DRIVERS\dvblinkcap3.sys [2009-05-04 18608]

R3 dvblinkcap4;DVBLink Capture B28D17A1EBD894FCA3AFB1EA0EC40D9AD7BBB02E97C180E2FED7CFDC89BBBB0073E3D79F5FDE39EE80A7E060B6211843;c:\windows\system32\DRIVERS\dvblinkcap4.sys [2009-05-04 18608]

R3 dvblinktun;DVBLink Tuner B80EC7464A7658949D5BFD306EE25AF644FCFE67;c:\windows\system32\DRIVERS\dvblinktun.sys [2009-05-04 20784]

R3 dvblinktun2;DVBLink Tuner 13E436F7285F837B06C484A7CDC45FEAA0D50C11A1EC92DE192BC201;c:\windows\system32\DRIVERS\dvblinktun2.sys [2009-05-04 20784]

R3 dvblinktun3;DVBLink Tuner 22E8A099F6626A869E8B3F08F1B728E9623E08FFA775B78513EE17E5C8080678;c:\windows\system32\DRIVERS\dvblinktun3.sys [2009-05-04 20784]

R3 dvblinktun4;DVBLink Tuner 64113C0133109F21D4F8C5E284FAF7865AFB3EB7A6FFA3D1C536FB414753D37991117EF0B0D24DC8A021A0F52A5CD08D;c:\windows\system32\DRIVERS\dvblinktun4.sys [2009-05-04 20784]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]

R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2010-04-24 189440]

R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 15160]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]

R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-05 254528]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 05:33]

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 05:33]

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3794066387-2219636134-70439330-1000Core.job

- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 05:33]

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3794066387-2219636134-70439330-1000UA.job

- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 05:33]

.

2012-06-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-12-25 18:22]

.

2012-07-01 c:\windows\Tasks\McQcTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-12-25 18:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page =

uLocal Page = c:\windows\system32\blank.htm

mStart Page =

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB

FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\yppm9cke.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage|https://mail.google.com/mail/?shva=1#|https://www.google.com/calendar/render?tab=mc&gsessionid=KyyaFjT6OOlMUBo7bbM01A|https://docs.google.com/?tab=mo&pli=1#all

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Explorer_Run-58762 - c:\progra~3\LOCALS~1\Temp\msvara.cmd

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe

AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3794066387-2219636134-70439330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3794066387-2219636134-70439330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-11 16:51:06

ComboFix-quarantined-files.txt 2012-07-11 21:51

.

Pre-Run: 48,632,557,568 bytes free

Post-Run: 48,064,548,864 bytes free

.

- - End Of File - - B443427C8A559AA28EE47765F7550763

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

<p>ok it is done. here is the log.</p>

<p> </p>

<p> </p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

<div># version=7</div>

<div># iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)</div>

<div># OnlineScanner.ocx=1.0.0.6583</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=2952fc9b8a32ce4ebc753d59ba13da0c</div>

<div># end=finished</div>

<div># remove_checked=true</div>

<div># archives_checked=false</div>

<div># unwanted_checked=true</div>

<div># unsafe_checked=false</div>

<div># antistealth_checked=true</div>

<div># utc_time=2012-07-11 11:33:30</div>

<div># local_time=2012-07-11 06:33:30 (-0600, Central Daylight Time)</div>

<div># country="United States"</div>

<div># lang=1033</div>

<div># osver=6.1.7600 NT </div>

<div># compatibility_mode=5121 16776893 100 82 80184802 94045973 0 0</div>

<div># compatibility_mode=5893 16776574 66 85 93572982 93587899 0 0</div>

<div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div>

<div># scanned=198864</div>

<div># found=9</div>

<div># cleaned=9</div>

<div># scan_time=5161</div>

<div>C:\Qoobox\Quarantine\C\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\00000008.@.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Agent.BA trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Qoobox\Quarantine\C\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000000.@.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AE trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Qoobox\Quarantine\C\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000032.@.vir<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Qoobox\Quarantine\C\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000064.@.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AN trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Patched.B.Gen trojan (deleted - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Users\Patrick\Downloads\reginout_setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>multiple threats (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\_OTL\MovedFiles\07112012_155322\C_Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000000.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AE trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\_OTL\MovedFiles\07112012_155322\C_Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000032.@<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\_OTL\MovedFiles\07112012_155322\C_Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000064.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AN trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div> </div>

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2952fc9b8a32ce4ebc753d59ba13da0c

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-11 11:33:30

# local_time=2012-07-11 06:33:30 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5121 16776893 100 82 80184802 94045973 0 0

# compatibility_mode=5893 16776574 66 85 93572982 93587899 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=198864

# found=9

# cleaned=9

# scan_time=5161

C:\Qoobox\Quarantine\C\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\00000008.@.vir Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000000.@.vir Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000064.@.vir Win64/Sirefef.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick\Downloads\reginout_setup.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07112012_155322\C_Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07112012_155322\C_Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07112012_155322\C_Windows\Installer\{52a689ea-4d72-da20-a8af-379893955118}\U\80000064.@ Win64/Sirefef.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.