Jump to content

Any assistance would be greatly appreciated


Recommended Posts

Hello there. I have been having issues for a while now. I keep being redirected to different sites about a third of the time while I'm using the search bar and even the address bar on some occasions. It's extremely nerve wrenching. At first it's just a minor annoyance that leads me to a random site. Eventually, it closes my browser and starts a fake virus scan. From there, I usually ran a system restore to the most recent update, restarted in safe mode, and ran a legit virus scan using Malwarebytes Anti-Malware and/or Hitman Pro. Both would detect malicious files and then remove them. The problem then repeats itself. I have not found the core to this problem. I have tried a few things but have yet to succeed. I have all the logs that were requested for this post as well as the log after running HijackThis. If anything else is needed, let me know. Thank you very much for your time and any help you can provide.

Here is the log file from Malwarebytes.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7037

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

7/6/2011 8:47:07 PM

mbam-log-2011-07-06 (20-47-07).txt

Scan type: Quick scan

Objects scanned: 172446

Time elapsed: 22 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Log from DDS

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.0.0

Run by Aimee at 21:56:22 on 2011-07-06

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.110 [GMT -5:00]

.

AV: c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: deactivation_date *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Acer\ALaunch\ALaunchSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Windows\system32\PSIService.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\Dwm.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Windows\Explorer.EXE

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k netsvcs

c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://nimrodonline.dhs.org

mStart Page = hxxp://en.us.acer.yahoo.com

mDefault_Page_URL = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100715230219.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun

mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide

mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe

mRun: [eDataSecurity Loader] "c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe"

mRun: [LManager] "c:\progra~1\launch~1\LManager.exe"

mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"

mRun: [eRecoveryService]

mRun: [Acer Assist Launcher] "c:\program files\acer\acer assist\launcher.exe"

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Copy to &Lightning Note - c:\program files\wordperfect lightning\programs\WPLightningCopyToNote.hta

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165

TCP: Interfaces\{E8DEBD18-7B16-4314-9022-43BD03388EDD} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FB77B81F-8C18-4DE3-BD9A-B974CF6F576D} : DhcpNameServer = 97.64.168.12 97.64.183.165

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\aimee\appdata\roaming\mozilla\firefox\profiles\w88z95pt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 53086

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\mozilla firefox\components\Scriptff.dll

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\java\jre7\bin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\npjpi170.dll

FF - plugin: c:\program files\java\jre7\bin\npoji610.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: XULRunner: {4F8B1260-26B4-4D99-B2BB-0F06991F6E5C} - c:\users\aimee\appdata\local\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-21 385880]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-7-7 64304]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-7-7 160720]

R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-21 51200]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-7 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-7 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-7 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-7 170144]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-7 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-7 141792]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-21 180736]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-7 55456]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-21 152320]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-21 51688]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-7 312616]

R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-9-23 543064]

R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-9-23 190312]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-9-23 21848]

R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-9-23 14680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-8 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-8 135664]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-7 83496]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-21 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-21 40552]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

.

=============== Created Last 30 ================

.

2011-07-06 16:16:06 -------- d-----w- c:\users\aimee\appdata\roaming\Beat Hazard

2011-07-06 16:13:17 -------- d-----w- c:\program files\Beat Hazard

2011-07-02 14:46:00 80384 ----a-w- c:\windows\gamedelete.exe

2011-06-27 08:29:59 -------- d-----w- C:\hospital

2011-06-23 02:59:08 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-23 02:59:04 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-06-23 02:41:43 -------- d-----w- c:\programdata\Hitman Pro

2011-06-08 23:46:59 611224 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-06-08 23:46:59 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-08 22:56:19 -------- d-----w- c:\users\aimee\appdata\roaming\.minecraft

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 21:58:33.65 ===============

Log from hijack this

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:22:20 PM, on 7/6/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Aimee\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nimrodonline.dhs.org

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100715230219.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"

O4 - HKLM\..\Run: [LManager] "C:\PROGRA~1\LAUNCH~1\LManager.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files\Acer\Acer Assist\launcher.exe"

O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9239 bytes

The log from GMER Rootkit Scanner and the second log from DDS are attached. Once again, thank you for any help you can provide. :D

Attach.zip

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan bot paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Things I would like to see in your reply:

  • TDSSKiller log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

Thank you for the reply. Here are the logs you wanted.

TDSSKiller log

2011/07/07 22:39:53.0858 2820 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/07 22:39:55.0886 2820 ================================================================================

2011/07/07 22:39:55.0886 2820 SystemInfo:

2011/07/07 22:39:55.0886 2820

2011/07/07 22:39:55.0886 2820 OS Version: 6.0.6001 ServicePack: 1.0

2011/07/07 22:39:55.0886 2820 Product type: Workstation

2011/07/07 22:39:55.0886 2820 ComputerName: AIMEE-PC

2011/07/07 22:39:55.0886 2820 UserName: Aimee

2011/07/07 22:39:55.0886 2820 Windows directory: C:\Windows

2011/07/07 22:39:55.0886 2820 System windows directory: C:\Windows

2011/07/07 22:39:55.0886 2820 Processor architecture: Intel x86

2011/07/07 22:39:55.0886 2820 Number of processors: 1

2011/07/07 22:39:55.0886 2820 Page size: 0x1000

2011/07/07 22:39:55.0886 2820 Boot type: Normal boot

2011/07/07 22:39:55.0886 2820 ================================================================================

2011/07/07 22:39:57.0259 2820 Initialize success

2011/07/07 22:40:08.0273 2244 ================================================================================

2011/07/07 22:40:08.0288 2244 Scan started

2011/07/07 22:40:08.0288 2244 Mode: Manual;

2011/07/07 22:40:08.0288 2244 ================================================================================

2011/07/07 22:40:11.0237 2244 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

2011/07/07 22:40:11.0783 2244 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/07/07 22:40:12.0048 2244 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/07/07 22:40:12.0266 2244 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/07/07 22:40:12.0360 2244 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/07/07 22:40:12.0594 2244 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

2011/07/07 22:40:12.0828 2244 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/07/07 22:40:13.0077 2244 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/07/07 22:40:13.0280 2244 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/07/07 22:40:13.0514 2244 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/07/07 22:40:13.0686 2244 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/07/07 22:40:13.0764 2244 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/07/07 22:40:13.0951 2244 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/07/07 22:40:14.0060 2244 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/07/07 22:40:14.0232 2244 ApfiltrService (0a0fbc30de483233124cdaef8e5cbcdd) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/07/07 22:40:14.0388 2244 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/07/07 22:40:14.0528 2244 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/07/07 22:40:14.0793 2244 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/07 22:40:14.0903 2244 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2011/07/07 22:40:15.0090 2244 athr (d5abeb24a3a3138b35f88931fb04e100) C:\Windows\system32\DRIVERS\athr.sys

2011/07/07 22:40:15.0355 2244 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/07 22:40:15.0605 2244 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/07/07 22:40:15.0745 2244 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/07/07 22:40:15.0932 2244 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/07 22:40:16.0057 2244 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/07/07 22:40:16.0213 2244 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/07/07 22:40:16.0353 2244 Bridge (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys

2011/07/07 22:40:16.0400 2244 BridgeMP (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys

2011/07/07 22:40:16.0634 2244 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/07/07 22:40:16.0853 2244 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/07/07 22:40:16.0993 2244 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/07/07 22:40:17.0102 2244 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/07/07 22:40:17.0383 2244 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/07/07 22:40:17.0757 2244 Cam5607 (bb04cb2f027d8de7d3bdaea147a706cb) C:\Windows\system32\Drivers\BisonC07.sys

2011/07/07 22:40:17.0960 2244 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/07 22:40:18.0054 2244 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/07 22:40:18.0241 2244 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\Windows\system32\drivers\cfwids.sys

2011/07/07 22:40:18.0459 2244 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/07/07 22:40:18.0647 2244 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

2011/07/07 22:40:18.0959 2244 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/07 22:40:19.0068 2244 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/07/07 22:40:19.0193 2244 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/07 22:40:19.0395 2244 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/07/07 22:40:19.0458 2244 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/07/07 22:40:19.0739 2244 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

2011/07/07 22:40:19.0863 2244 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\Windows\system32\Drivers\CVPNDRVA.sys

2011/07/07 22:40:20.0160 2244 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

2011/07/07 22:40:20.0456 2244 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2011/07/07 22:40:20.0565 2244 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

2011/07/07 22:40:20.0737 2244 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys

2011/07/07 22:40:20.0924 2244 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

2011/07/07 22:40:21.0111 2244 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/07/07 22:40:21.0221 2244 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/07 22:40:21.0392 2244 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/07/07 22:40:21.0501 2244 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2011/07/07 22:40:21.0735 2244 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/07/07 22:40:22.0125 2244 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/07/07 22:40:22.0437 2244 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2011/07/07 22:40:22.0531 2244 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2011/07/07 22:40:22.0843 2244 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/07 22:40:23.0030 2244 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/07/07 22:40:23.0108 2244 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/07/07 22:40:23.0327 2244 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/07 22:40:23.0483 2244 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2011/07/07 22:40:23.0576 2244 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/07 22:40:23.0654 2244 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/07 22:40:23.0997 2244 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/07/07 22:40:24.0169 2244 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/07 22:40:24.0278 2244 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/07/07 22:40:24.0419 2244 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/07/07 22:40:24.0621 2244 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/07 22:40:24.0840 2244 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/07/07 22:40:24.0996 2244 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/07/07 22:40:25.0167 2244 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/07/07 22:40:25.0401 2244 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/07/07 22:40:25.0511 2244 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys

2011/07/07 22:40:25.0713 2244 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/07/07 22:40:25.0932 2244 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/07 22:40:26.0041 2244 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/07/07 22:40:26.0447 2244 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/07/07 22:40:26.0743 2244 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/07/07 22:40:27.0024 2244 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys

2011/07/07 22:40:27.0351 2244 IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys

2011/07/07 22:40:27.0570 2244 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/07/07 22:40:27.0648 2244 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/07 22:40:27.0851 2244 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/07 22:40:27.0991 2244 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/07/07 22:40:28.0069 2244 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/07/07 22:40:28.0241 2244 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/07/07 22:40:28.0475 2244 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/07/07 22:40:28.0631 2244 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/07 22:40:28.0833 2244 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/07/07 22:40:29.0021 2244 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/07/07 22:40:29.0130 2244 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/07 22:40:29.0286 2244 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/07 22:40:29.0411 2244 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/07 22:40:29.0691 2244 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/07 22:40:29.0879 2244 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/07 22:40:30.0019 2244 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/07 22:40:30.0128 2244 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/07 22:40:30.0253 2244 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/07/07 22:40:30.0596 2244 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/07/07 22:40:30.0721 2244 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/07/07 22:40:30.0846 2244 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/07/07 22:40:31.0049 2244 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\Windows\system32\drivers\mfeapfk.sys

2011/07/07 22:40:31.0220 2244 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\Windows\system32\drivers\mfeavfk.sys

2011/07/07 22:40:32.0094 2244 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\Windows\system32\drivers\mfebopk.sys

2011/07/07 22:40:32.0546 2244 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\Windows\system32\drivers\mfefirek.sys

2011/07/07 22:40:32.0765 2244 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\Windows\system32\drivers\mfehidk.sys

2011/07/07 22:40:32.0983 2244 mfenlfk (738ea065c00112c46a64ecf7f6d81902) C:\Windows\system32\DRIVERS\mfenlfk.sys

2011/07/07 22:40:33.0186 2244 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\Windows\system32\drivers\mferkdet.sys

2011/07/07 22:40:33.0357 2244 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys

2011/07/07 22:40:33.0529 2244 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys

2011/07/07 22:40:33.0779 2244 mfewfpk (53ed75f57e87831d3651ff32cb3d5648) C:\Windows\system32\drivers\mfewfpk.sys

2011/07/07 22:40:34.0028 2244 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/07/07 22:40:34.0200 2244 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/07 22:40:34.0387 2244 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/07 22:40:34.0527 2244 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/07 22:40:34.0668 2244 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/07/07 22:40:34.0839 2244 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/07/07 22:40:34.0964 2244 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/07 22:40:35.0105 2244 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/07/07 22:40:35.0229 2244 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2011/07/07 22:40:35.0339 2244 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/07 22:40:35.0463 2244 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/07 22:40:35.0588 2244 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/07 22:40:35.0713 2244 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2011/07/07 22:40:35.0838 2244 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/07/07 22:40:36.0009 2244 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/07/07 22:40:36.0150 2244 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/07/07 22:40:36.0399 2244 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/07 22:40:36.0524 2244 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/07 22:40:36.0665 2244 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/07/07 22:40:36.0789 2244 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2011/07/07 22:40:36.0945 2244 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/07 22:40:37.0133 2244 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/07/07 22:40:37.0320 2244 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2011/07/07 22:40:37.0554 2244 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/07 22:40:37.0741 2244 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

2011/07/07 22:40:37.0944 2244 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/07 22:40:38.0100 2244 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/07 22:40:38.0225 2244 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/07 22:40:38.0349 2244 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/07/07 22:40:38.0505 2244 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/07 22:40:38.0630 2244 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/07 22:40:38.0989 2244 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/07/07 22:40:39.0176 2244 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2011/07/07 22:40:39.0317 2244 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/07 22:40:39.0488 2244 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2011/07/07 22:40:39.0675 2244 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2011/07/07 22:40:39.0831 2244 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/07/07 22:40:39.0972 2244 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/07/07 22:40:40.0175 2244 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/07/07 22:40:40.0315 2244 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/07/07 22:40:40.0471 2244 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/07/07 22:40:40.0814 2244 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/07/07 22:40:41.0095 2244 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/07/07 22:40:41.0220 2244 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

2011/07/07 22:40:41.0329 2244 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/07/07 22:40:41.0485 2244 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2011/07/07 22:40:41.0610 2244 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/07/07 22:40:41.0781 2244 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/07/07 22:40:41.0922 2244 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

2011/07/07 22:40:42.0203 2244 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/07/07 22:40:42.0577 2244 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/07 22:40:42.0749 2244 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/07/07 22:40:42.0998 2244 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/07 22:40:43.0107 2244 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys

2011/07/07 22:40:43.0232 2244 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys

2011/07/07 22:40:43.0357 2244 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys

2011/07/07 22:40:43.0560 2244 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/07/07 22:40:43.0794 2244 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/07/07 22:40:43.0997 2244 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/07 22:40:44.0168 2244 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/07 22:40:44.0324 2244 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/07 22:40:44.0465 2244 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/07 22:40:44.0605 2244 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/07 22:40:44.0730 2244 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/07 22:40:44.0855 2244 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/07 22:40:45.0026 2244 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/07/07 22:40:45.0213 2244 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/07 22:40:45.0385 2244 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2011/07/07 22:40:45.0619 2244 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/07 22:40:45.0837 2244 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/07/07 22:40:46.0087 2244 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/07 22:40:46.0321 2244 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/07/07 22:40:46.0430 2244 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/07/07 22:40:46.0586 2244 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/07/07 22:40:46.0773 2244 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/07/07 22:40:46.0898 2244 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/07 22:40:47.0007 2244 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/07 22:40:47.0257 2244 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/07/07 22:40:47.0397 2244 sftfs (fcd8208f6a4717726b8ee6943fe70a02) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys

2011/07/07 22:40:47.0553 2244 sftplay (55aada41c4dfe59eeabee1bff1563ec5) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys

2011/07/07 22:40:47.0741 2244 Sftredir (5b31ea26bfad7053224534d31501d4fc) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2011/07/07 22:40:47.0850 2244 sftvol (a933b21cd2e0a340a7056f7dbc1c096a) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys

2011/07/07 22:40:48.0084 2244 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/07/07 22:40:48.0255 2244 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/07/07 22:40:48.0365 2244 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/07/07 22:40:48.0552 2244 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2011/07/07 22:40:48.0801 2244 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/07/07 22:40:49.0067 2244 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys

2011/07/07 22:40:49.0254 2244 srv (ce5e5d07bcda842d3f417a8333f91440) C:\Windows\system32\DRIVERS\srv.sys

2011/07/07 22:40:49.0441 2244 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/07 22:40:49.0581 2244 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/07 22:40:49.0878 2244 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/07 22:40:50.0096 2244 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/07/07 22:40:50.0205 2244 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/07/07 22:40:50.0377 2244 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/07/07 22:40:50.0673 2244 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys

2011/07/07 22:40:50.0907 2244 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/07 22:40:51.0079 2244 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/07 22:40:51.0235 2244 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/07/07 22:40:51.0360 2244 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/07/07 22:40:51.0485 2244 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/07 22:40:51.0687 2244 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/07 22:40:52.0015 2244 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/07 22:40:52.0124 2244 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/07/07 22:40:52.0311 2244 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/07 22:40:52.0467 2244 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/07/07 22:40:52.0592 2244 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/07 22:40:52.0795 2244 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/07 22:40:52.0935 2244 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/07/07 22:40:53.0091 2244 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/07/07 22:40:53.0263 2244 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/07/07 22:40:53.0388 2244 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/07 22:40:53.0559 2244 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/07 22:40:53.0684 2244 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/07/07 22:40:53.0887 2244 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/07 22:40:54.0105 2244 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/07 22:40:54.0371 2244 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/07/07 22:40:54.0605 2244 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2011/07/07 22:40:54.0901 2244 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/07 22:40:55.0135 2244 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/07 22:40:55.0463 2244 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/07 22:40:55.0681 2244 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/07/07 22:40:55.0915 2244 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/07/07 22:40:56.0118 2244 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/07/07 22:40:56.0321 2244 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/07/07 22:40:56.0633 2244 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/07/07 22:40:56.0867 2244 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2011/07/07 22:40:57.0179 2244 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2011/07/07 22:40:57.0413 2244 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/07/07 22:40:57.0771 2244 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/07/07 22:40:57.0990 2244 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/07 22:40:58.0130 2244 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/07 22:40:58.0427 2244 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/07/07 22:40:58.0832 2244 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/07 22:40:59.0347 2244 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/07/07 22:40:59.0909 2244 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/07/07 22:41:00.0330 2244 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/07/07 22:41:00.0626 2244 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/07 22:41:01.0079 2244 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/07 22:41:01.0375 2244 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys

2011/07/07 22:41:01.0749 2244 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys

2011/07/07 22:41:01.0952 2244 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0

2011/07/07 22:41:02.0295 2244 Boot (0x1200) (1e10536badbc246ac103a0739640eb09) \Device\Harddisk0\DR0\Partition0

2011/07/07 22:41:02.0358 2244 Boot (0x1200) (a31fcc897b13ba1141e486ba085b23e7) \Device\Harddisk0\DR0\Partition1

2011/07/07 22:41:02.0389 2244 ================================================================================

2011/07/07 22:41:02.0389 2244 Scan finished

2011/07/07 22:41:02.0389 2244 ================================================================================

2011/07/07 22:41:02.0420 5364 Detected object count: 0

2011/07/07 22:41:02.0420 5364 Actual detected object count: 0

Link to post
Share on other sites

OTL log

OTL logfile created on: 7/7/2011 10:43:52 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Aimee\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.25 Mb Total Physical Memory | 351.54 Mb Available Physical Memory | 34.69% Memory free

2.47 Gb Paging File | 1.10 Gb Available in Paging File | 44.34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 68.77 Gb Total Space | 10.17 Gb Free Space | 14.79% Space Free | Partition Type: NTFS

Drive D: | 68.56 Gb Total Space | 68.46 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

PRC - [2010/04/21 11:20:06 | 001,155,256 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe

PRC - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

PRC - [2008/03/05 08:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

PRC - [2008/02/04 19:43:08 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2008/01/25 15:25:40 | 000,114,793 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

PRC - [2008/01/25 15:25:38 | 000,254,059 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

PRC - [2008/01/25 15:24:54 | 001,076,832 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

PRC - [2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2008/01/04 12:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2007/12/20 13:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

PRC - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe

PRC - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007/09/06 14:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2008/01/20 21:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [unknown | Stopped] -- -- (getPlusHelper)

SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008/01/25 15:25:40 | 000,114,793 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2008/01/25 15:25:38 | 000,254,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2008/01/25 15:24:54 | 001,076,832 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)

SRV - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2010/05/31 20:32:58 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/05/31 20:32:58 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/12/06 04:38:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)

DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)

DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/06/19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007/12/11 04:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/07/30 09:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/07/26 11:25:46 | 000,974,248 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2007/07/03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007/03/09 01:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007/01/30 00:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nimrodonline.dhs.org

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..extensions.enabledItems: {4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}:1.9.1

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 53086

FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Aimee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 23:03:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/15 01:28:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 18:46:59 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}: C:\Users\Aimee\AppData\Local\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C} [2011/03/25 17:24:17 | 000,000,000 | ---D | M]

[2008/09/15 16:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Extensions

[2011/07/07 20:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\extensions

[2011/07/03 05:16:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\searchplugins\MySpace.xml

[2011/06/08 18:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/08 18:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

[2011/05/24 23:03:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2011/03/25 17:24:17 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\AIMEE\APPDATA\LOCAL\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}

[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

[2011/06/08 18:46:23 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100715230219.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [ALaunch] File not found

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{39f244f1-8e6e-11dd-9661-eaf15c4c77e7}\Shell - "" = AutoRun

O33 - MountPoints2\{39f244f1-8e6e-11dd-9661-eaf15c4c77e7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{39f244fd-8e6e-11dd-9661-bfbbd64af6ae}\Shell - "" = AutoRun

O33 - MountPoints2\{39f244fd-8e6e-11dd-9661-bfbbd64af6ae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{943edfa6-81ec-11dd-8866-ec57676dd463}\Shell - "" = AutoRun

O33 - MountPoints2\{943edfa6-81ec-11dd-8866-ec57676dd463}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 22:41:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

[2011/07/07 22:39:29 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\tdsskiller

[2011/07/07 16:41:58 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\Unity

[2011/07/07 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Local\Unity

[2011/07/06 21:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011/07/06 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\Log help

[2011/07/06 20:24:13 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\My logs

[2011/07/06 20:23:14 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr

[2011/07/06 19:55:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Aimee\Desktop\HijackThis.exe

[2011/07/06 11:16:06 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\Beat Hazard

[2011/07/06 11:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Beat Hazard

[2011/06/29 05:13:53 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\showthread.php_files

[2011/06/27 03:29:59 | 000,000,000 | ---D | C] -- C:\hospital

[2011/06/22 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5

[2011/06/22 21:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2011/06/22 21:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/06/22 21:25:04 | 006,556,992 | ---- | C] (SurfRight B.V.) -- C:\Users\Aimee\Desktop\HitmanPro35.exe

[2011/06/12 06:43:18 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire_files

[2011/06/08 18:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/06/08 18:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/06/08 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011/06/08 17:56:19 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\.minecraft

[2009/10/23 05:08:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Aimee\AppData\Roaming\pcouffin.sys

[2008/06/04 10:56:20 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[3 C:\Users\Aimee\Documents\*.tmp files -> C:\Users\Aimee\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 22:50:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B1479C4-1501-436A-B24F-297D683837FE}.job

[2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

[2011/07/07 22:15:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/07 21:01:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/07 21:01:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/07 14:15:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/06 21:02:08 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

[2011/07/06 21:01:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/06 20:58:36 | 000,000,020 | ---- | M] () -- C:\Users\Aimee\defogger_reenable

[2011/07/06 20:23:19 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr

[2011/07/06 20:19:52 | 000,302,592 | ---- | M] () -- C:\Users\Aimee\Desktop\lpbtzwp8.exe

[2011/07/06 20:19:08 | 000,050,477 | ---- | M] () -- C:\Users\Aimee\Desktop\Defogger.exe

[2011/07/06 20:02:23 | 000,000,043 | ---- | M] () -- C:\Windows\wininit.ini

[2011/07/06 19:55:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Aimee\Desktop\HijackThis.exe

[2011/07/06 19:35:12 | 000,009,778 | -HS- | M] () -- C:\Users\Aimee\AppData\Local\bw52mhcyw1t2ljbudg4qdjf

[2011/07/06 19:35:12 | 000,009,778 | -HS- | M] () -- C:\ProgramData\bw52mhcyw1t2ljbudg4qdjf

[2011/06/29 05:14:01 | 000,126,284 | ---- | M] () -- C:\Users\Aimee\Desktop\showthread.php.htm

[2011/06/29 04:17:01 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011/06/22 22:14:50 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/06/22 22:04:52 | 000,000,260 | ---- | M] () -- C:\Windows\System32\bootdelete.lst

[2011/06/22 21:43:19 | 006,556,992 | ---- | M] (SurfRight B.V.) -- C:\Users\Aimee\Desktop\HitmanPro35.exe

[2011/06/22 20:46:03 | 000,004,964 | -HS- | M] () -- C:\Users\Aimee\AppData\Local\2028ls5r42sbmtq44o1spre0b8xxa1t

[2011/06/22 20:46:03 | 000,004,964 | -HS- | M] () -- C:\ProgramData\2028ls5r42sbmtq44o1spre0b8xxa1t

[2011/06/12 06:43:32 | 000,229,597 | ---- | M] () -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire.htm

[2011/06/11 05:38:14 | 000,040,448 | ---- | M] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[3 C:\Users\Aimee\Documents\*.tmp files -> C:\Users\Aimee\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 20:58:00 | 000,000,020 | ---- | C] () -- C:\Users\Aimee\defogger_reenable

[2011/07/06 20:19:42 | 000,302,592 | ---- | C] () -- C:\Users\Aimee\Desktop\lpbtzwp8.exe

[2011/07/06 20:19:03 | 000,050,477 | ---- | C] () -- C:\Users\Aimee\Desktop\Defogger.exe

[2011/07/06 20:02:23 | 000,000,043 | ---- | C] () -- C:\Windows\wininit.ini

[2011/07/06 19:32:51 | 000,009,778 | -HS- | C] () -- C:\Users\Aimee\AppData\Local\bw52mhcyw1t2ljbudg4qdjf

[2011/07/06 19:32:51 | 000,009,778 | -HS- | C] () -- C:\ProgramData\bw52mhcyw1t2ljbudg4qdjf

[2011/07/02 09:46:00 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe

[2011/06/29 05:13:50 | 000,126,284 | ---- | C] () -- C:\Users\Aimee\Desktop\showthread.php.htm

[2011/06/22 22:04:52 | 000,000,260 | ---- | C] () -- C:\Windows\System32\bootdelete.lst

[2011/06/22 21:59:08 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/06/22 20:40:22 | 000,004,964 | -HS- | C] () -- C:\Users\Aimee\AppData\Local\2028ls5r42sbmtq44o1spre0b8xxa1t

[2011/06/22 20:40:22 | 000,004,964 | -HS- | C] () -- C:\ProgramData\2028ls5r42sbmtq44o1spre0b8xxa1t

[2011/06/12 06:43:16 | 000,229,597 | ---- | C] () -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire.htm

[2011/05/12 20:09:15 | 000,008,840 | -HS- | C] () -- C:\Users\Aimee\AppData\Local\1i1iov1aj0j32i5

[2011/05/12 20:09:15 | 000,008,840 | -HS- | C] () -- C:\ProgramData\1i1iov1aj0j32i5

[2011/05/10 19:37:35 | 000,007,476 | -HS- | C] () -- C:\Users\Aimee\AppData\Local\5162qny2ob203v1p2ryg257h14

[2011/05/10 19:37:35 | 000,007,476 | -HS- | C] () -- C:\ProgramData\5162qny2ob203v1p2ryg257h14

[2011/03/25 17:10:25 | 000,000,336 | ---- | C] () -- C:\ProgramData\43769608

[2011/03/11 20:19:32 | 000,011,940 | -HS- | C] () -- C:\Users\Aimee\AppData\Local\1799715130

[2011/03/11 20:19:32 | 000,011,940 | -HS- | C] () -- C:\ProgramData\1799715130

[2011/01/27 10:07:37 | 000,018,222 | ---- | C] () -- C:\Users\Aimee\AppData\Local\adibecerisubaca.dll

[2011/01/27 08:05:36 | 000,018,302 | ---- | C] () -- C:\Users\Aimee\AppData\Local\akevanoqiqurih.dll

[2011/01/27 06:03:34 | 000,018,981 | ---- | C] () -- C:\Users\Aimee\AppData\Local\ebatubed.dll

[2010/12/09 01:53:58 | 000,000,120 | -H-- | C] () -- C:\Users\Aimee\AppData\Local\Hsimusuyanamisu.dat

[2010/12/09 01:53:58 | 000,000,000 | -H-- | C] () -- C:\Users\Aimee\AppData\Local\Qgasaqabe.bin

[2010/09/17 17:34:19 | 000,020,992 | ---- | C] () -- C:\Windows\bw-uninstall.exe

[2010/09/10 23:56:47 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat

[2010/01/27 12:29:35 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2009/12/20 22:22:49 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat

[2009/11/25 00:11:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009/10/23 05:08:11 | 000,087,608 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\inst.exe

[2009/10/23 05:08:10 | 000,007,887 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\pcouffin.cat

[2009/10/23 05:08:10 | 000,001,144 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\pcouffin.inf

[2009/04/03 15:39:05 | 000,003,350 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2009/04/03 15:39:05 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\E5A9499AF1.sys

[2009/03/16 14:35:38 | 000,027,503 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\UserTile.png

[2009/02/26 21:32:49 | 000,001,356 | -H-- | C] () -- C:\Users\Aimee\AppData\Local\d3d9caps.dat

[2009/02/26 13:38:40 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin

[2008/10/19 13:00:40 | 000,000,043 | ---- | C] () -- C:\Windows\Tlcpromo.ini

[2008/10/19 12:39:38 | 000,000,297 | ---- | C] () -- C:\Windows\EReg077.dat

[2008/09/20 19:35:56 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat

[2008/09/20 19:35:51 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2008/09/20 17:18:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/09/13 20:20:28 | 000,040,448 | ---- | C] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 19:08:52 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2008/06/04 10:56:20 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008/06/04 10:52:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2008/06/04 10:52:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat

[2008/06/04 07:28:34 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI

[2008/06/04 07:28:28 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI

[2008/03/21 12:59:03 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2008/03/21 11:40:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2008/03/21 11:35:54 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2008/03/21 10:31:32 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/03/21 10:07:46 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini

[2008/03/21 10:07:35 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/03/21 10:07:35 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/03/21 10:07:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/03/21 10:07:35 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:44:53 | 000,318,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2009/09/11 15:27:44 | 000,000,000 | -HSD | M] -- C:\Users\Aimee\AppData\Roaming\.#

[2011/06/12 10:21:01 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\.minecraft

[2008/09/13 18:20:51 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Acer

[2008/03/21 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Acer GameZone Console

[2009/11/30 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Atari

[2011/07/06 11:16:06 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Beat Hazard

[2008/09/14 10:02:48 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Big Fish Games

[2009/12/06 04:52:32 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\DAEMON Tools Lite

[2008/11/15 14:11:56 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Eyeblaster

[2008/09/14 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\FloodLightGames

[2011/03/25 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\GameHouse

[2011/03/25 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Hoyle FaceCreator

[2011/05/22 16:23:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Hoyle Puzzle and Board Games

[2008/10/14 19:16:11 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\ITTNord

[2008/09/13 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Leadertech

[2009/04/03 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Morpheus Software

[2010/05/15 15:05:46 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\NVD

[2008/09/14 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\PlayFirst

[2011/05/30 05:40:36 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\SoftGrid Client

[2010/04/10 07:58:29 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Stella

[2010/05/15 15:06:56 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\TP

[2011/07/07 16:41:58 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Unity

[2010/04/10 06:47:07 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Vso

[2010/10/21 02:03:19 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Wilavy

[2011/07/06 20:59:40 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/07/07 22:50:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8B1479C4-1501-436A-B24F-297D683837FE}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe

[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe

[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >

[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/07/31 05:56:34 | 000,509,544 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/07/31 05:56:34 | 000,509,544 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/07/31 05:56:34 | 000,509,544 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2009/07/31 05:56:37 | 000,307,704 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/07/31 05:56:37 | 000,307,704 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2009/07/31 05:56:37 | 000,307,704 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 01:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 01:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 01:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 01:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 21:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 21:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 21:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/01/20 21:33:22 | 000,625,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/07/31 05:56:34 | 000,509,544 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/07/31 05:56:34 | 000,509,544 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/07/31 05:56:34 | 000,509,544 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2009/07/31 05:56:37 | 000,307,704 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/07/31 05:56:37 | 000,307,704 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2009/07/31 05:56:37 | 000,307,704 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 01:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 01:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 01:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 01:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 21:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 21:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 21:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/01/20 21:33:22 | 000,625,664 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:8173A019

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2430E4FC

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4F636E25

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2B99FE60

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:76986D86

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FEBEC560

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:131C0EE9

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:861A898F

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E7393FC

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9F683177

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:580E04D8

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:FC420CE6

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EC2246A6

< End of report >

Link to post
Share on other sites

Extras log

OTL Extras logfile created on: 7/7/2011 10:43:52 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Aimee\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.25 Mb Total Physical Memory | 351.54 Mb Available Physical Memory | 34.69% Memory free

2.47 Gb Paging File | 1.10 Gb Available in Paging File | 44.34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 68.77 Gb Total Space | 10.17 Gb Free Space | 14.79% Space Free | Partition Type: NTFS

Drive D: | 68.56 Gb Total Space | 68.46 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)

"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption

"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B2A64A3-1853-4B93-9AD2-004C8CB49B12}" = rport=137 | protocol=17 | dir=out | app=system |

"{1064CD4D-1557-4360-ABF2-8C96CD79DD40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2166415A-CEBB-4C62-B23F-A816A1CDEEAF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{458E9FF9-4E3C-4DFA-AB23-2CCC549F0330}" = rport=445 | protocol=6 | dir=out | app=system |

"{5EF8DED1-8D2F-4AF2-82BD-6164F317E0B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{64680A06-D0A2-492B-A381-3CE5A36A2F2C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{688251DA-2D70-44C8-B27E-B869731BAE0A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{79EA67FF-C333-4DEF-BA70-94A7A4CE786D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{8BCB7B58-A604-4DF9-A6C9-5527004EC05E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{96EF6E84-E883-4678-AE7C-2787363EDA8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A19AB8A6-ACB8-4374-8013-2074D69947A8}" = rport=139 | protocol=6 | dir=out | app=system |

"{A1B2C204-6FBB-4CB4-81FA-B00AAEDCF7A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A22F25E2-006C-4793-9DA0-6E1C09471E83}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{AD63F639-48C4-4D9B-A506-41C4C11892B5}" = lport=445 | protocol=6 | dir=in | app=system |

"{BD5D2D2D-5F76-4A3B-ABE5-26BD31082130}" = lport=138 | protocol=17 | dir=in | app=system |

"{D3296CB5-DEA2-4858-8E28-177E42584957}" = lport=139 | protocol=6 | dir=in | app=system |

"{D9D985DB-49D2-42BF-BEC9-76FBCD4A7EE9}" = rport=138 | protocol=17 | dir=out | app=system |

"{F0C83F75-AFFF-4467-A24B-F2D186C62A7B}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04F064CE-2FD6-46DA-A414-A56F7873931B}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |

"{2CDCDA02-E919-4AFE-930B-EC2244E54711}" = dir=in | app=c:\program files\acer\acer arcade\pcmservice.exe |

"{2F21A5C3-CB8F-4921-AF4D-9A8FF22819DB}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{55E3669F-6676-4773-92D7-A455C83AF4BE}" = protocol=17 | dir=in | app=c:\users\aimee\desktop\hitmanpro35.exe |

"{5E05EE77-1474-4C35-A1AC-03EE463C1FED}" = protocol=6 | dir=in | app=c:\users\aimee\desktop\hitmanpro35.exe |

"{5E1CE298-0D49-4CC6-B058-C4A89EF9D813}" = dir=in | app=c:\program files\acer\homemedia\homemedia.exe |

"{5EEABEFC-931F-4A57-8EF6-6FA81B393421}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{760B2901-463D-4E36-B6EC-DF21768B58F9}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dmp\clbrowserengine.exe |

"{89E4849A-D426-47AF-B01C-AE3F5BABAEC8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{94695BD5-74BA-4D5E-AFEB-3A20F62AF8F7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{9886D1AA-4D6D-454D-A107-72639079FBBB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{B4F7761D-9D61-4D0B-B6FE-FB9FD78CF042}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{BAA9D56B-6777-49E5-A151-1D7DE9DCF5A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{CDC33473-8B04-4DAE-AFD0-7C554D50E101}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dms\clmsservice.exe |

"{DC95B7E3-1BB1-4405-8B68-573F4277A74B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{EE668238-02BC-4FD8-83A9-1437F276980E}" = dir=in | app=c:\program files\acer\acer arcade\powercinema.exe |

"{EFEB83F6-2C0D-4A03-A3B1-58DE74E10078}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"TCP Query User{049E7E8E-C412-4334-A983-2AFD7A83C463}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |

"UDP Query User{DF0826C5-0D7D-4559-8861-B325A40FAE19}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)

"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12

"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7

"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5

"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Audacity_is1" = Audacity 1.2.6

"BitLord" = BitLord 1.1

"CDisplay_is1" = CDisplay 1.8

"Digital Editions" = Adobe Digital Editions

"DragonUnPACKer5_is1" = Dragon UnPACKer 5

"GameSpy Arcade" = GameSpy Arcade

"Google Chrome" = Google Chrome

"GridVista" = Acer GridVista

"HDMI" = Intel® Graphics Media Accelerator Driver

"HitmanPro35" = Hitman Pro 3.5

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Hoyle Puzzle and Board Games 2011" = Hoyle Puzzle and Board Games 2011 (remove only)

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)

"MSC" = McAfee Internet Security Suite

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)

"QuickTime" = QuickTime

"SShockDeinstallKey" = System Shock2 Demo

"Starcraft" = Starcraft

"TVWiz" = Intel® TV Wizard

"VLC media player" = VideoLAN VLC media player 0.8.6d

"VST Bridge_is1" = VST Bridge 1.1

"WinRAR archiver" = WinRAR 4.00 (32-bit)

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

"Yume Nikki 0.10 English v3" = Yume Nikki 0.10 English v3

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
    [2011/03/25 17:24:17 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\AIMEE\APPDATA\LOCAL\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}
    O33 - MountPoints2\{39f244f1-8e6e-11dd-9661-eaf15c4c77e7}\Shell - "" = AutoRun
    O33 - MountPoints2\{39f244f1-8e6e-11dd-9661-eaf15c4c77e7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{39f244fd-8e6e-11dd-9661-bfbbd64af6ae}\Shell - "" = AutoRun
    O33 - MountPoints2\{39f244fd-8e6e-11dd-9661-bfbbd64af6ae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{943edfa6-81ec-11dd-8866-ec57676dd463}\Shell - "" = AutoRun
    O33 - MountPoints2\{943edfa6-81ec-11dd-8866-ec57676dd463}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    [2011/07/06 20:19:52 | 000,302,592 | ---- | M] () -- C:\Users\Aimee\Desktop\lpbtzwp8.exe
    [2011/07/06 19:35:12 | 000,009,778 | -HS- | M] () -- C:\Users\Aimee\AppData\Local\bw52mhcyw1t2ljbudg4qdjf
    [2011/07/06 19:35:12 | 000,009,778 | -HS- | M] () -- C:\ProgramData\bw52mhcyw1t2ljbudg4qdjf
    [2011/06/22 20:46:03 | 000,004,964 | -HS- | M] () -- C:\Users\Aimee\AppData\Local\2028ls5r42sbmtq44o1spre0b8xxa1t
    [2011/06/22 20:46:03 | 000,004,964 | -HS- | M] () -- C:\ProgramData\2028ls5r42sbmtq44o1spre0b8xxa1t
    [2011/05/12 20:09:15 | 000,008,840 | -HS- | C] () -- C:\Users\Aimee\AppData\Local\1i1iov1aj0j32i5
    [2011/05/12 20:09:15 | 000,008,840 | -HS- | C] () -- C:\ProgramData\1i1iov1aj0j32i5
    [2011/05/10 19:37:35 | 000,007,476 | -HS- | C] () -- C:\Users\Aimee\AppData\Local\5162qny2ob203v1p2ryg257h14
    [2011/05/10 19:37:35 | 000,007,476 | -HS- | C] () -- C:\ProgramData\5162qny2ob203v1p2ryg257h14
    [2011/03/11 20:19:32 | 000,011,940 | -HS- | C] () -- C:\Users\Aimee\AppData\Local\1799715130
    [2011/03/11 20:19:32 | 000,011,940 | -HS- | C] () -- C:\ProgramData\1799715130
    [2011/01/27 10:07:37 | 000,018,222 | ---- | C] () -- C:\Users\Aimee\AppData\Local\adibecerisubaca.dll
    [2011/01/27 08:05:36 | 000,018,302 | ---- | C] () -- C:\Users\Aimee\AppData\Local\akevanoqiqurih.dll
    [2011/01/27 06:03:34 | 000,018,981 | ---- | C] () -- C:\Users\Aimee\AppData\Local\ebatubed.dll
    [2010/12/09 01:53:58 | 000,000,120 | -H-- | C] () -- C:\Users\Aimee\AppData\Local\Hsimusuyanamisu.dat
    [2010/12/09 01:53:58 | 000,000,000 | -H-- | C] () -- C:\Users\Aimee\AppData\Local\Qgasaqabe.bin
    [2009/10/23 05:08:11 | 000,087,608 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\inst.exe
    [2009/09/11 15:27:44 | 000,000,000 | -HSD | M] -- C:\Users\Aimee\AppData\Roaming\.#
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:8173A019
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2430E4FC
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4F636E25
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2B99FE60
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:76986D86
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FEBEC560
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:131C0EE9
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:861A898F
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E7393FC
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:580E04D8
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:FC420CE6
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EC2246A6

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:

  • OTL log
  • Combofix.txt

Link to post
Share on other sites

Okay. Well, I have the logs you requested but I can say that ComboFix had me pretty frightened. It did not automatically reboot and I thought this was normal. I had my logs ready to go and tried to start firefox to come here and post them. I got a message that it was marked for deletion. I just brushed it off and tried google chrome instead. I got the same message. I tried Internet Explore and got the same thing. I was starting to think that I was screwed. I started trying different apps and got the same message from everything I tried to open. I began researching combofix (something I should have done in the first place)using my phone, only to find that many people have had some serious issues after using it. Of course, most of those people weren't instructed to use it like I was. I restarted my laptop and hoped for the best. Everything worked out and I was able to use firefox to come here and post. All I'm saying is that it was a rather scary incident and I'm starting to wonder if I should continue or just live with the problem. I'm aware that if anything goes wrong, it's my fault and no one here is responsible. I'm willing to continue but only if you feel very confident about what you're instructing me to do. No problems so far but that made me realize that it would be pretty easy for things to go wrong. Anyway, thanks for the help and let me know how you feel about this. I'm going to assume that what just happened is normal and you know what you're doing. Here are the logs.

OTL log

OTL logfile created on: 7/8/2011 2:49:30 PM - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Aimee\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.25 Mb Total Physical Memory | 195.82 Mb Available Physical Memory | 19.33% Memory free

2.24 Gb Paging File | 1.09 Gb Available in Paging File | 48.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 68.77 Gb Total Space | 11.40 Gb Free Space | 16.57% Space Free | Partition Type: NTFS

Drive D: | 68.56 Gb Total Space | 68.46 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

PRC - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

PRC - [2008/03/05 08:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

PRC - [2008/02/04 19:43:08 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2008/01/25 15:25:40 | 000,114,793 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

PRC - [2008/01/25 15:25:38 | 000,254,059 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

PRC - [2008/01/25 15:24:54 | 001,076,832 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

PRC - [2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2008/01/04 12:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2007/12/20 13:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

PRC - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe

PRC - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007/09/06 14:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2008/01/20 21:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008/01/25 15:25:40 | 000,114,793 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2008/01/25 15:25:38 | 000,254,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2008/01/25 15:24:54 | 001,076,832 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)

SRV - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2010/05/31 20:32:58 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/05/31 20:32:58 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/12/06 04:38:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)

DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)

DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/06/19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007/12/11 04:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/07/30 09:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/07/26 11:25:46 | 000,974,248 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2007/07/03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007/03/09 01:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007/01/30 00:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nimrodonline.dhs.org

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 53086

FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Aimee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 23:03:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/15 01:28:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 18:46:59 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}: C:\Users\Aimee\AppData\Local\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}

[2008/09/15 16:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Extensions

[2011/07/07 20:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\extensions

[2011/07/03 05:16:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\searchplugins\MySpace.xml

[2011/06/08 18:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/08 18:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

[2011/05/24 23:03:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

[2011/06/08 18:46:23 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2011/07/08 14:30:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100715230219.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [ALaunch] File not found

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 14:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011/07/08 14:30:31 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/07 22:41:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

[2011/07/07 22:39:29 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\tdsskiller

[2011/07/07 16:41:58 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\Unity

[2011/07/07 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Local\Unity

[2011/07/06 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\Log help

[2011/07/06 20:24:13 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\My logs

[2011/07/06 20:23:14 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr

[2011/07/06 19:55:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Aimee\Desktop\HijackThis.exe

[2011/07/06 11:16:06 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\Beat Hazard

[2011/07/06 11:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Beat Hazard

[2011/06/29 05:13:53 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\showthread.php_files

[2011/06/27 03:29:59 | 000,000,000 | ---D | C] -- C:\hospital

[2011/06/22 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5

[2011/06/22 21:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2011/06/22 21:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/06/22 21:25:04 | 006,556,992 | ---- | C] (SurfRight B.V.) -- C:\Users\Aimee\Desktop\HitmanPro35.exe

[2011/06/12 06:43:18 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire_files

[2011/06/08 18:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/06/08 18:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/06/08 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011/06/08 17:56:19 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\.minecraft

[2009/10/23 05:08:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Aimee\AppData\Roaming\pcouffin.sys

[2008/06/04 10:56:20 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[3 C:\Users\Aimee\Documents\*.tmp files -> C:\Users\Aimee\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 14:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B1479C4-1501-436A-B24F-297D683837FE}.job

[2011/07/08 14:44:45 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

[2011/07/08 14:44:24 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/08 14:44:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/08 14:44:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/08 14:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/08 14:30:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/07/08 14:15:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

[2011/07/06 20:58:36 | 000,000,020 | ---- | M] () -- C:\Users\Aimee\defogger_reenable

[2011/07/06 20:23:19 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr

[2011/07/06 20:19:08 | 000,050,477 | ---- | M] () -- C:\Users\Aimee\Desktop\Defogger.exe

[2011/07/06 20:02:23 | 000,000,043 | ---- | M] () -- C:\Windows\wininit.ini

[2011/07/06 19:55:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Aimee\Desktop\HijackThis.exe

[2011/06/29 05:14:01 | 000,126,284 | ---- | M] () -- C:\Users\Aimee\Desktop\showthread.php.htm

[2011/06/29 04:17:01 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011/06/22 22:14:50 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/06/22 22:04:52 | 000,000,260 | ---- | M] () -- C:\Windows\System32\bootdelete.lst

[2011/06/22 21:43:19 | 006,556,992 | ---- | M] (SurfRight B.V.) -- C:\Users\Aimee\Desktop\HitmanPro35.exe

[2011/06/12 06:43:32 | 000,229,597 | ---- | M] () -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire.htm

[2011/06/11 05:38:14 | 000,040,448 | ---- | M] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[3 C:\Users\Aimee\Documents\*.tmp files -> C:\Users\Aimee\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 20:58:00 | 000,000,020 | ---- | C] () -- C:\Users\Aimee\defogger_reenable

[2011/07/06 20:19:03 | 000,050,477 | ---- | C] () -- C:\Users\Aimee\Desktop\Defogger.exe

[2011/07/06 20:02:23 | 000,000,043 | ---- | C] () -- C:\Windows\wininit.ini

[2011/07/02 09:46:00 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe

[2011/06/29 05:13:50 | 000,126,284 | ---- | C] () -- C:\Users\Aimee\Desktop\showthread.php.htm

[2011/06/22 22:04:52 | 000,000,260 | ---- | C] () -- C:\Windows\System32\bootdelete.lst

[2011/06/22 21:59:08 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/06/12 06:43:16 | 000,229,597 | ---- | C] () -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire.htm

[2011/03/25 17:10:25 | 000,000,336 | ---- | C] () -- C:\ProgramData\43769608

[2010/09/17 17:34:19 | 000,020,992 | ---- | C] () -- C:\Windows\bw-uninstall.exe

[2010/09/10 23:56:47 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat

[2010/01/27 12:29:35 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2009/12/20 22:22:49 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat

[2009/11/25 00:11:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009/10/23 05:08:10 | 000,007,887 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\pcouffin.cat

[2009/10/23 05:08:10 | 000,001,144 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\pcouffin.inf

[2009/04/03 15:39:05 | 000,003,350 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2009/04/03 15:39:05 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\E5A9499AF1.sys

[2009/03/16 14:35:38 | 000,027,503 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\UserTile.png

[2009/02/26 21:32:49 | 000,001,356 | -H-- | C] () -- C:\Users\Aimee\AppData\Local\d3d9caps.dat

[2009/02/26 13:38:40 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin

[2008/10/19 13:00:40 | 000,000,043 | ---- | C] () -- C:\Windows\Tlcpromo.ini

[2008/10/19 12:39:38 | 000,000,297 | ---- | C] () -- C:\Windows\EReg077.dat

[2008/09/20 19:35:56 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat

[2008/09/20 19:35:51 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2008/09/20 17:18:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/09/13 20:20:28 | 000,040,448 | ---- | C] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 19:08:52 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2008/06/04 10:56:20 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008/06/04 10:52:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2008/06/04 10:52:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat

[2008/06/04 07:28:34 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI

[2008/06/04 07:28:28 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI

[2008/03/21 12:59:03 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2008/03/21 11:40:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2008/03/21 11:35:54 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2008/03/21 10:31:32 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/03/21 10:07:46 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini

[2008/03/21 10:07:35 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/03/21 10:07:35 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/03/21 10:07:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/03/21 10:07:35 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:44:53 | 000,318,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/06/12 10:21:01 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\.minecraft

[2008/09/13 18:20:51 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Acer

[2008/03/21 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Acer GameZone Console

[2009/11/30 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Atari

[2011/07/06 11:16:06 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Beat Hazard

[2008/09/14 10:02:48 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Big Fish Games

[2009/12/06 04:52:32 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\DAEMON Tools Lite

[2008/11/15 14:11:56 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Eyeblaster

[2008/09/14 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\FloodLightGames

[2011/03/25 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\GameHouse

[2011/03/25 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Hoyle FaceCreator

[2011/05/22 16:23:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Hoyle Puzzle and Board Games

[2008/10/14 19:16:11 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\ITTNord

[2008/09/13 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Leadertech

[2009/04/03 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Morpheus Software

[2010/05/15 15:05:46 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\NVD

[2008/09/14 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\PlayFirst

[2011/05/30 05:40:36 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\SoftGrid Client

[2010/04/10 07:58:29 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Stella

[2010/05/15 15:06:56 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\TP

[2011/07/07 16:41:58 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Unity

[2010/04/10 06:47:07 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Vso

[2010/10/21 02:03:19 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Wilavy

[2011/07/08 14:42:48 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/07/08 14:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8B1479C4-1501-436A-B24F-297D683837FE}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Here is the ComboFix log. Also, it looks like ComboFix created a new folder by the name of Qoobox. Any idea what that's about?

ComboFix 11-07-08.03 - Aimee 07/08/2011 15:08:30.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.203 [GMT -5:00]

Running from: c:\users\Aimee\Desktop\ComboFix.exe

AV: c:\progra~1\COMMON~1\mcafee\core\mccoreps.dll *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: deactivation_date *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: c:\progra~1\COMMON~1\mcafee\core\mccoreps.dll *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Common Files\System\Uninstall

c:\windows\desktop

.

.

((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))

.

.

2011-07-08 19:30 . 2011-07-08 19:30 -------- d-----w- C:\_OTL

2011-07-07 21:41 . 2011-07-07 21:41 -------- d-----w- c:\users\Aimee\AppData\Roaming\Unity

2011-07-07 21:36 . 2011-07-07 21:36 -------- d-----w- c:\users\Aimee\AppData\Local\Unity

2011-07-06 16:16 . 2011-07-06 16:16 -------- d-----w- c:\users\Aimee\AppData\Roaming\Beat Hazard

2011-07-06 16:13 . 2011-07-06 16:14 -------- d-----w- c:\program files\Beat Hazard

2011-07-02 14:46 . 2001-04-11 07:47 80384 ----a-w- c:\windows\gamedelete.exe

2011-06-27 08:29 . 2011-06-27 08:30 -------- d-----w- C:\hospital

2011-06-23 02:59 . 2011-06-23 03:14 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-23 02:59 . 2011-06-23 02:59 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-06-23 02:41 . 2011-06-23 02:55 -------- d-----w- c:\programdata\Hitman Pro

2011-06-08 23:48 . 2011-06-08 23:48 -------- d-----w- c:\program files\Common Files\Java

2011-06-08 23:46 . 2011-06-08 23:46 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-08 23:46 . 2011-06-08 23:46 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-08 23:43 . 2011-06-08 23:46 -------- d-----w- c:\program files\Java

2011-06-08 22:56 . 2011-06-12 15:21 -------- d-----w- c:\users\Aimee\AppData\Roaming\.minecraft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2010-06-14 14:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2010-06-14 14:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-01 01:32 . 2010-07-16 04:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]

"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-21 535336]

VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-11-10 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Aimee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Aimee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]

path=c:\users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk

backup=c:\windows\pss\Orion.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Aimee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]

path=c:\users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk

backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]

2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonInst0402]

2007-05-09 03:48 53248 ----a-w- c:\windows\BR040286.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 18:57 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2008-01-25 20:25 155648 ------w- c:\program files\Acer\Acer Arcade\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 18:57 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-10-19 19:50 77824 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-03-11 09:53 5296128 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 83496]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-06 691696]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 64304]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 160720]

S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 141792]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 55456]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 312616]

S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064]

S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848]

S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 00:35]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 00:35]

.

2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{8B1479C4-1501-436A-B24F-297D683837FE}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://nimrodonline.dhs.org

mStart Page = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = <local>

IE: Copy to &Lightning Note - c:\program files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165

FF - ProfilePath - c:\users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 53086

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe

HKLM-Run-eRecoveryService - (no file)

MSConfigStartUp-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe

MSConfigStartUp-SetPanel - c:\acer\APanel\APanel.cmd

AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE

AddRemove-SShockDeinstallKey - c:\sshock2 demo\SShocku.log

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-08 15:23

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5212)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\acer\Empowering Technology\EPOWER\SysHook.dll

.

Completion time: 2011-07-08 15:29:44

ComboFix-quarantined-files.txt 2011-07-08 20:29

.

Pre-Run: 11,981,430,784 bytes free

Post-Run: 12,159,164,416 bytes free

.

- - End Of File - - D758737FEE3307FF8FD813F6A57ECDA3

Link to post
Share on other sites

A reboot would have solved the issue, no need for frustration, at any point you don't feel comfortable let me know and its up to you if you decide to continue.

are you still getting redirected?

Link to post
Share on other sites

Yeah, I'm very happy that the reboot solved that issue. My apologies if my post sounded rude. I do appreciate the help, I was just worried and wanted to let you know what happened. It was an unexpected issue. I'm surprised that the program didn't restart the computer automatically considering I couldn't use anything. I have not been browsing too much but I will run a few searches and report back to you when I find out if things are running smoothly. Are you thinking that my problem should be fixed now? I'm willing to continue. You have been nothing but helpful and straight to the point. If you have any ideas about what may have caused my issues, let me know if you have the time. I would love to learn something from this experience.

Link to post
Share on other sites

I have not experienced any redirecting within my last 50 searches. This is looking pretty good so far. Here is the new log after running OTL again. Thanks for being awesome. Let me know what you think.

OTL logfile created on: 7/8/2011 7:34:22 PM - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Aimee\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.25 Mb Total Physical Memory | 310.95 Mb Available Physical Memory | 30.69% Memory free

2.24 Gb Paging File | 1.00 Gb Available in Paging File | 44.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 68.77 Gb Total Space | 11.34 Gb Free Space | 16.50% Space Free | Partition Type: NTFS

Drive D: | 68.56 Gb Total Space | 68.46 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

PRC - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2010/03/10 08:33:36 | 000,147,392 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Core\mchost.exe

PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2009/07/31 05:56:37 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

PRC - [2008/03/05 08:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

PRC - [2008/02/04 19:43:08 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2008/01/25 15:25:40 | 000,114,793 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

PRC - [2008/01/25 15:25:38 | 000,254,059 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

PRC - [2008/01/25 15:24:54 | 001,076,832 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

PRC - [2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2008/01/04 12:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2007/12/20 13:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

PRC - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe

PRC - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007/09/06 14:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2008/01/20 21:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008/01/25 15:25:40 | 000,114,793 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2008/01/25 15:25:38 | 000,254,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2008/01/25 15:24:54 | 001,076,832 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)

SRV - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2010/05/31 20:32:58 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/05/31 20:32:58 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/12/06 04:38:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)

DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)

DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/06/19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007/12/11 04:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/07/30 09:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/07/26 11:25:46 | 000,974,248 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2007/07/03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007/03/09 01:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007/01/30 00:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nimrodonline.dhs.org

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 53086

FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Aimee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 23:03:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/15 01:28:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 18:46:59 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}: C:\Users\Aimee\AppData\Local\{4F8B1260-26B4-4D99-B2BB-0F06991F6E5C}

[2008/09/15 16:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Extensions

[2011/07/07 20:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\extensions

[2011/07/03 05:16:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Aimee\AppData\Roaming\Mozilla\Firefox\Profiles\w88z95pt.default\searchplugins\MySpace.xml

[2011/06/08 18:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/08 18:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

[2011/05/24 23:03:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

[2011/06/08 18:46:23 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2011/07/08 14:30:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100715230219.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 16:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011/07/08 15:29:49 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Local\temp

[2011/07/08 15:28:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/08 15:04:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/08 15:04:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/08 15:04:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/08 15:04:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/08 15:03:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/08 14:58:28 | 004,137,062 | R--- | C] (Swearware) -- C:\Users\Aimee\Desktop\ComboFix.exe

[2011/07/08 14:30:31 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/07 22:41:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

[2011/07/07 22:39:29 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\tdsskiller

[2011/07/07 16:41:58 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\Unity

[2011/07/07 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Local\Unity

[2011/07/06 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\Log help

[2011/07/06 20:24:13 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\My logs

[2011/07/06 20:23:14 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr

[2011/07/06 19:55:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Aimee\Desktop\HijackThis.exe

[2011/07/06 11:16:06 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\Beat Hazard

[2011/07/06 11:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Beat Hazard

[2011/06/29 05:13:53 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\showthread.php_files

[2011/06/27 03:29:59 | 000,000,000 | ---D | C] -- C:\hospital

[2011/06/22 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5

[2011/06/22 21:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2011/06/22 21:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/06/22 21:25:04 | 006,556,992 | ---- | C] (SurfRight B.V.) -- C:\Users\Aimee\Desktop\HitmanPro35.exe

[2011/06/12 06:43:18 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire_files

[2009/10/23 05:08:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Aimee\AppData\Roaming\pcouffin.sys

[2008/06/04 10:56:20 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[3 C:\Users\Aimee\Documents\*.tmp files -> C:\Users\Aimee\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 19:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B1479C4-1501-436A-B24F-297D683837FE}.job

[2011/07/08 19:33:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/08 19:33:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/08 19:15:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/08 16:23:54 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

[2011/07/08 16:23:47 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/08 16:22:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/08 14:58:40 | 004,137,062 | R--- | M] (Swearware) -- C:\Users\Aimee\Desktop\ComboFix.exe

[2011/07/08 14:30:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/07/07 22:42:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe

[2011/07/06 20:58:36 | 000,000,020 | ---- | M] () -- C:\Users\Aimee\defogger_reenable

[2011/07/06 20:23:19 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr

[2011/07/06 20:19:08 | 000,050,477 | ---- | M] () -- C:\Users\Aimee\Desktop\Defogger.exe

[2011/07/06 20:02:23 | 000,000,043 | ---- | M] () -- C:\Windows\wininit.ini

[2011/07/06 19:55:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Aimee\Desktop\HijackThis.exe

[2011/06/29 05:14:01 | 000,126,284 | ---- | M] () -- C:\Users\Aimee\Desktop\showthread.php.htm

[2011/06/29 04:17:01 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[2011/06/22 22:14:50 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/06/22 22:04:52 | 000,000,260 | ---- | M] () -- C:\Windows\System32\bootdelete.lst

[2011/06/22 21:43:19 | 006,556,992 | ---- | M] (SurfRight B.V.) -- C:\Users\Aimee\Desktop\HitmanPro35.exe

[2011/06/12 06:43:32 | 000,229,597 | ---- | M] () -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire.htm

[2011/06/11 05:38:14 | 000,040,448 | ---- | M] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[3 C:\Users\Aimee\Documents\*.tmp files -> C:\Users\Aimee\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/08 15:04:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/08 15:04:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/08 15:04:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/08 15:04:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/08 15:04:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/06 20:58:00 | 000,000,020 | ---- | C] () -- C:\Users\Aimee\defogger_reenable

[2011/07/06 20:19:03 | 000,050,477 | ---- | C] () -- C:\Users\Aimee\Desktop\Defogger.exe

[2011/07/06 20:02:23 | 000,000,043 | ---- | C] () -- C:\Windows\wininit.ini

[2011/07/02 09:46:00 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe

[2011/06/29 05:13:50 | 000,126,284 | ---- | C] () -- C:\Users\Aimee\Desktop\showthread.php.htm

[2011/06/22 22:04:52 | 000,000,260 | ---- | C] () -- C:\Windows\System32\bootdelete.lst

[2011/06/22 21:59:08 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/06/12 06:43:16 | 000,229,597 | ---- | C] () -- C:\Users\Aimee\Desktop\fire-crews-battle-suspicious-fire.htm

[2011/03/25 17:10:25 | 000,000,336 | ---- | C] () -- C:\ProgramData\43769608

[2010/09/17 17:34:19 | 000,020,992 | ---- | C] () -- C:\Windows\bw-uninstall.exe

[2010/09/10 23:56:47 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat

[2010/01/27 12:29:35 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2009/12/20 22:22:49 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat

[2009/11/25 00:11:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009/10/23 05:08:10 | 000,007,887 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\pcouffin.cat

[2009/10/23 05:08:10 | 000,001,144 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\pcouffin.inf

[2009/04/03 15:39:05 | 000,003,350 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2009/04/03 15:39:05 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\E5A9499AF1.sys

[2009/03/16 14:35:38 | 000,027,503 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\UserTile.png

[2009/02/26 21:32:49 | 000,001,356 | -H-- | C] () -- C:\Users\Aimee\AppData\Local\d3d9caps.dat

[2009/02/26 13:38:40 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin

[2008/10/19 13:00:40 | 000,000,043 | ---- | C] () -- C:\Windows\Tlcpromo.ini

[2008/10/19 12:39:38 | 000,000,297 | ---- | C] () -- C:\Windows\EReg077.dat

[2008/09/20 19:35:56 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat

[2008/09/20 19:35:51 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2008/09/20 17:18:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/09/13 20:20:28 | 000,040,448 | ---- | C] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 19:08:52 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2008/06/04 10:56:20 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008/06/04 10:52:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2008/06/04 10:52:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat

[2008/06/04 07:28:34 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI

[2008/06/04 07:28:28 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI

[2008/03/21 12:59:03 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2008/03/21 11:40:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2008/03/21 11:35:54 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2008/03/21 10:31:32 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/03/21 10:07:46 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini

[2008/03/21 10:07:35 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/03/21 10:07:35 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/03/21 10:07:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/03/21 10:07:35 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:44:53 | 000,318,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/06/12 10:21:01 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\.minecraft

[2008/09/13 18:20:51 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Acer

[2008/03/21 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Acer GameZone Console

[2009/11/30 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Atari

[2011/07/06 11:16:06 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Beat Hazard

[2008/09/14 10:02:48 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Big Fish Games

[2009/12/06 04:52:32 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\DAEMON Tools Lite

[2008/11/15 14:11:56 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Eyeblaster

[2008/09/14 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\FloodLightGames

[2011/03/25 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\GameHouse

[2011/03/25 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Hoyle FaceCreator

[2011/05/22 16:23:17 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Hoyle Puzzle and Board Games

[2008/10/14 19:16:11 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\ITTNord

[2008/09/13 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Leadertech

[2009/04/03 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Morpheus Software

[2010/05/15 15:05:46 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\NVD

[2008/09/14 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\PlayFirst

[2011/05/30 05:40:36 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\SoftGrid Client

[2010/04/10 07:58:29 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Stella

[2010/05/15 15:06:56 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\TP

[2011/07/07 16:41:58 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Unity

[2010/04/10 06:47:07 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Vso

[2010/10/21 02:03:19 | 000,000,000 | ---D | M] -- C:\Users\Aimee\AppData\Roaming\Wilavy

[2011/07/08 16:21:38 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/07/08 19:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8B1479C4-1501-436A-B24F-297D683837FE}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Alright, I just changed it. Can you think of anything else I should look into? Thank you very much for being helpful. I have still not experienced any redirecting. Things seem to be running a little bit smoother as well. I would like to go through my list of processes and figure out what's needed and what's not. Let me know if you think this would be a good idea, if you have the time. I'm aware that it's a little off topic. There always seems to be one to many processes going on at once considering what I use this laptop for.

Link to post
Share on other sites

Yeah, I really need too. I'll most likely try to invest in a new pc. This laptop is pretty outdated in every way. Everything is still looking good here. Thank you very much for all of your help. It's crazy how many individuals are having the same problem. If you can think of anything else I should do, let me know. Did you ever find out what may have caused this problem?

Link to post
Share on other sites

hi

I need you to this final check

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

Here is the requested log.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Basic Edition

Windows Information: Service Pack 1 (build 6001), 32-bit

Base Board Manufacturer: Acer

BIOS Manufacturer: Acer

System Manufacturer: Acer

System Product Name: Aspire 5315

Logical Drives Mask: 0x0001001c

Kernel Drivers (total 163):

0x82044000 \SystemRoot\system32\ntkrnlpa.exe

0x82011000 \SystemRoot\system32\hal.dll

0x80601000 \SystemRoot\system32\kdcom.dll

0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x80669000 \SystemRoot\system32\PSHED.dll

0x8067A000 \SystemRoot\system32\BOOTVID.dll

0x80682000 \SystemRoot\system32\CLFS.SYS

0x806C3000 \SystemRoot\system32\CI.dll

0x82604000 \SystemRoot\system32\drivers\Wdf01000.sys

0x82680000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8268D000 \SystemRoot\system32\drivers\acpi.sys

0x826D3000 \SystemRoot\system32\drivers\WMILIB.SYS

0x826DC000 \SystemRoot\system32\drivers\msisadrv.sys

0x826E4000 \SystemRoot\system32\drivers\pci.sys

0x8270B000 \SystemRoot\System32\drivers\partmgr.sys

0x8271A000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x8271D000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x82727000 \SystemRoot\system32\drivers\volmgr.sys

0x82736000 \SystemRoot\System32\drivers\volmgrx.sys

0x82780000 \SystemRoot\system32\drivers\intelide.sys

0x82787000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x82795000 \SystemRoot\System32\drivers\mountmgr.sys

0x827A5000 \SystemRoot\system32\drivers\atapi.sys

0x827AD000 \SystemRoot\system32\drivers\ataport.SYS

0x827CB000 \SystemRoot\system32\drivers\msahci.sys

0x807A3000 \SystemRoot\system32\drivers\fltmgr.sys

0x827D5000 \SystemRoot\system32\drivers\fileinfo.sys

0x86006000 \SystemRoot\system32\drivers\mfehidk.sys

0x86063000 \SystemRoot\system32\DRIVERS\psdfilter.sys

0x8606C000 \SystemRoot\System32\Drivers\ksecdd.sys

0x860DD000 \SystemRoot\system32\drivers\ndis.sys

0x807D5000 \SystemRoot\system32\drivers\msrpc.sys

0x8620F000 \SystemRoot\system32\drivers\NETIO.SYS

0x86249000 \SystemRoot\System32\Drivers\Ntfs.sys

0x86358000 \SystemRoot\system32\drivers\volsnap.sys

0x86391000 \SystemRoot\System32\Drivers\spldr.sys

0x86399000 \SystemRoot\System32\Drivers\mup.sys

0x863A8000 \SystemRoot\System32\drivers\ecache.sys

0x863CF000 \SystemRoot\system32\drivers\disk.sys

0x8640F000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x86430000 \SystemRoot\system32\drivers\crcdisk.sys

0x8645B000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x86466000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x8646F000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x89802000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x8A101000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8A1A0000 \SystemRoot\System32\drivers\watchdog.sys

0x8A1AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x8A1B8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x8647E000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x8648D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8649F000 \SystemRoot\system32\DRIVERS\b57nd60x.sys

0x864CF000 \SystemRoot\system32\DRIVERS\athr.sys

0x8658A000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x8A1F6000 \SystemRoot\system32\DRIVERS\DKbFltr.sys

0x8659D000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x865A8000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x865D4000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x865DF000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x865E3000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x89800000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys

0x86400000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x863E0000 \SystemRoot\system32\DRIVERS\dne2000.sys

0x8A207000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8A235000 \SystemRoot\system32\DRIVERS\storport.sys

0x8A276000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8A281000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8A298000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8A2A3000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8A2C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8A2D5000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8A2E9000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x8A2FE000 \SystemRoot\System32\Drivers\pcouffin.sys

0x8A30A000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8A31A000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8A31C000 \SystemRoot\system32\DRIVERS\ks.sys

0x8A346000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8A350000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8A35D000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8A391000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8A600000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8A3A2000 \SystemRoot\system32\drivers\portcls.sys

0x8A3CF000 \SystemRoot\system32\drivers\drmk.sys

0x8AA04000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0x8AB21000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8AB23000 \SystemRoot\system32\drivers\modem.sys

0x8AB30000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x8AB39000 \SystemRoot\System32\Drivers\Null.SYS

0x8AB40000 \SystemRoot\System32\Drivers\Beep.SYS

0x8AB50000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x8AB57000 \SystemRoot\System32\drivers\vga.sys

0x8AB63000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8AB84000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8AB8C000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8AB94000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8AB9F000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8ABAD000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8AC0E000 \SystemRoot\System32\drivers\tcpip.sys

0x8ACF5000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8AD10000 \SystemRoot\system32\drivers\mfewfpk.sys

0x8AD36000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8AD4C000 \SystemRoot\system32\DRIVERS\smb.sys

0x8AD60000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8AD92000 \SystemRoot\system32\drivers\afd.sys

0x8ADDA000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8ADF0000 \SystemRoot\system32\DRIVERS\mfenlfk.sys

0x8AC00000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8ABB6000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8AE0D000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8AE49000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys

0x8AE4D000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8AE57000 \SystemRoot\System32\Drivers\dfsc.sys

0x8AE6E000 \SystemRoot\system32\drivers\mfeavfk.sys

0x8AE92000 \SystemRoot\system32\drivers\mfefirek.sys

0x8AEDD000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8AEEA000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x8AEF5000 \SystemRoot\System32\Drivers\dump_msahci.sys

0x8AEFF000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x91A90000 \SystemRoot\System32\win32k.sys

0x8AF16000 \SystemRoot\System32\drivers\Dxapi.sys

0xA2C02000 \SystemRoot\System32\Drivers\BisonC07.sys

0xA2CEF000 \SystemRoot\System32\Drivers\STREAM.SYS

0xA2CFC000 \SystemRoot\system32\DRIVERS\monitor.sys

0xA2D0B000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xA2D14000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xA2D24000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x91CB0000 \SystemRoot\System32\TSDDD.dll

0x91CD0000 \SystemRoot\System32\cdd.dll

0xA2D2C000 \SystemRoot\system32\drivers\luafv.sys

0xA2D47000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys

0xA2D4E000 \SystemRoot\system32\DRIVERS\lltdio.sys

0xA2D5E000 \SystemRoot\system32\DRIVERS\nwifi.sys

0xA2D88000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA2D92000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x8AF20000 \SystemRoot\system32\drivers\spsys.sys

0xA6409000 \SystemRoot\system32\drivers\HTTP.sys

0xA6474000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xA6491000 \SystemRoot\system32\DRIVERS\bowser.sys

0xA64AA000 \SystemRoot\System32\drivers\mpsdrv.sys

0xA64BF000 \SystemRoot\system32\drivers\mrxdav.sys

0xA64DF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xA64FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xA6537000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xA654F000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA6576000 \SystemRoot\System32\DRIVERS\srv.sys

0xA6808000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys

0xA6898000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys

0xA689F000 \SystemRoot\system32\DRIVERS\cdfs.sys

0xA68B5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xA68B9000 \SystemRoot\system32\drivers\peauth.sys

0xA6997000 \SystemRoot\system32\DRIVERS\PSDNServ.sys

0xA69A0000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys

0xA69B2000 \SystemRoot\System32\Drivers\secdrv.SYS

0xA7604000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys

0xA768F000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys

0xA76C4000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA76D0000 \SystemRoot\system32\DRIVERS\xaudio.sys

0xA76FC000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys

0xA7705000 \SystemRoot\system32\drivers\cfwids.sys

0xA773F000 \SystemRoot\system32\drivers\mfeapfk.sys

0xA7755000 \SystemRoot\system32\drivers\mfebopk.sys

0xA7772000 \SystemRoot\System32\Drivers\fastfat.SYS

0x76E90000 \Windows\System32\ntdll.dll

Processes (total 74):

0 System Idle Process

4 System

508 C:\Windows\System32\smss.exe

584 csrss.exe

628 C:\Windows\System32\wininit.exe

636 csrss.exe

676 C:\Windows\System32\services.exe

692 C:\Windows\System32\lsass.exe

700 C:\Windows\System32\lsm.exe

768 C:\Windows\System32\winlogon.exe

892 C:\Windows\System32\svchost.exe

956 C:\Windows\System32\svchost.exe

1112 C:\Windows\System32\svchost.exe

1156 C:\Windows\System32\svchost.exe

1172 C:\Windows\System32\svchost.exe

1244 C:\Windows\System32\audiodg.exe

1276 C:\Windows\System32\SLsvc.exe

1308 C:\Windows\System32\svchost.exe

1400 C:\Windows\System32\svchost.exe

1680 C:\Windows\System32\spoolsv.exe

1708 C:\Windows\System32\svchost.exe

1888 C:\Windows\System32\agrsmsvc.exe

1916 C:\Acer\ALaunch\ALaunchSvc.exe

1936 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

1956 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

1984 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

2016 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

2032 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

304 C:\Acer\Empowering Technology\eNet\eNet Service.exe

392 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

532 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

12 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

824 C:\Acer\Mobility Center\MobilityService.exe

940 C:\Windows\System32\rundll32.exe

1388 C:\Windows\System32\PSIService.exe

2100 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

2116 C:\Windows\System32\svchost.exe

2140 C:\Windows\System32\svchost.exe

2176 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

2212 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

2328 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

2372 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

2396 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

2452 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

2508 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

2612 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

2736 WmiPrvSE.exe

2912 WmiPrvSE.exe

2996 unsecapp.exe

3508 C:\Windows\System32\dwm.exe

3528 C:\Windows\explorer.exe

3608 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

3664 C:\Windows\System32\taskeng.exe

3924 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

1292 C:\Windows\System32\igfxsrvc.exe

3752 C:\Program Files\Launch Manager\LManager.exe

2692 C:\Program Files\Apoint2K\Apoint.exe

3500 C:\Program Files\Common Files\Java\Java Update\jusched.exe

3648 C:\Program Files\Windows Sidebar\sidebar.exe

1124 C:\Windows\System32\igfxext.exe

3972 C:\Windows\System32\igfxsrvc.exe

3820 C:\Windows\System32\wbem\unsecapp.exe

3464 C:\Acer\Empowering Technology\eNet\eNMTray.exe

3852 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

2752 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

4068 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

3408 C:\Program Files\Apoint2K\ApMsgFwd.exe

3896 C:\Program Files\Apoint2K\ApntEx.exe

5300 C:\Windows\System32\SearchIndexer.exe

1596 C:\Windows\System32\taskeng.exe

5656 taskeng.exe

3004 C:\Program Files\McAfee.com\Agent\mcagent.exe

4576 mcupdmgr.exe

3324 C:\Users\Aimee\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`eda00000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1f200000 (NTFS)

\\.\Q: --> error 5

PhysicalDrive0 Model Number: HitachiHTS542516K9SA00, Rev: BBCOC31P

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

Here is the log.

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software

Run date: 2011-07-11 19:10:45

-----------------------------

19:10:45.624 OS Version: Windows 6.0.6001 Service Pack 1

19:10:45.624 Number of processors: 1 586 0x1601

19:10:45.624 ComputerName: AIMEE-PC UserName: Aimee

19:10:48.604 Initialize success

19:11:27.641 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

19:11:27.656 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3

19:11:29.700 Disk 0 MBR read successfully

19:11:29.700 Disk 0 MBR scan

19:11:29.716 Disk 0 unknown MBR code

19:11:31.728 Disk 0 scanning sectors +312578048

19:11:31.759 Disk 0 scanning C:\Windows\system32\drivers

19:11:53.459 Service scanning

19:11:55.690 Disk 0 trace - called modules:

19:11:55.705 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys

19:11:55.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x846455d0]

19:11:55.736 3 CLASSPNP.SYS[86414745] -> nt!IofCallDriver -> [0x84515918]

19:11:55.736 5 acpi.sys[826956a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8450cba0]

19:11:55.752 Scan finished successfully

19:12:32.242 Disk 0 Windows 600 MBR fixed successfully

19:12:54.535 Disk 0 MBR has been saved successfully to "C:\Users\Aimee\Desktop\MBR.dat"

19:12:54.550 The log file has been saved successfully to "C:\Users\Aimee\Desktop\aswMBR.txt"

Link to post
Share on other sites

Run MBRCheck.exe again

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

Here the log from MBRCheck.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Basic Edition

Windows Information: Service Pack 1 (build 6001), 32-bit

Base Board Manufacturer: Acer

BIOS Manufacturer: Acer

System Manufacturer: Acer

System Product Name: Aspire 5315

Logical Drives Mask: 0x0001001c

Kernel Drivers (total 164):

0x82044000 \SystemRoot\system32\ntkrnlpa.exe

0x82011000 \SystemRoot\system32\hal.dll

0x80601000 \SystemRoot\system32\kdcom.dll

0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x80669000 \SystemRoot\system32\PSHED.dll

0x8067A000 \SystemRoot\system32\BOOTVID.dll

0x80682000 \SystemRoot\system32\CLFS.SYS

0x806C3000 \SystemRoot\system32\CI.dll

0x82604000 \SystemRoot\system32\drivers\Wdf01000.sys

0x82680000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8268D000 \SystemRoot\system32\drivers\acpi.sys

0x826D3000 \SystemRoot\system32\drivers\WMILIB.SYS

0x826DC000 \SystemRoot\system32\drivers\msisadrv.sys

0x826E4000 \SystemRoot\system32\drivers\pci.sys

0x8270B000 \SystemRoot\System32\drivers\partmgr.sys

0x8271A000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x8271D000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x82727000 \SystemRoot\system32\drivers\volmgr.sys

0x82736000 \SystemRoot\System32\drivers\volmgrx.sys

0x82780000 \SystemRoot\system32\drivers\intelide.sys

0x82787000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x82795000 \SystemRoot\System32\drivers\mountmgr.sys

0x827A5000 \SystemRoot\system32\drivers\atapi.sys

0x827AD000 \SystemRoot\system32\drivers\ataport.SYS

0x827CB000 \SystemRoot\system32\drivers\msahci.sys

0x807A3000 \SystemRoot\system32\drivers\fltmgr.sys

0x827D5000 \SystemRoot\system32\drivers\fileinfo.sys

0x86006000 \SystemRoot\system32\drivers\mfehidk.sys

0x86063000 \SystemRoot\system32\DRIVERS\psdfilter.sys

0x8606C000 \SystemRoot\System32\Drivers\ksecdd.sys

0x860DD000 \SystemRoot\system32\drivers\ndis.sys

0x807D5000 \SystemRoot\system32\drivers\msrpc.sys

0x8620F000 \SystemRoot\system32\drivers\NETIO.SYS

0x86249000 \SystemRoot\System32\Drivers\Ntfs.sys

0x86358000 \SystemRoot\system32\drivers\volsnap.sys

0x86391000 \SystemRoot\System32\Drivers\spldr.sys

0x86399000 \SystemRoot\System32\Drivers\mup.sys

0x863A8000 \SystemRoot\System32\drivers\ecache.sys

0x863CF000 \SystemRoot\system32\drivers\disk.sys

0x8640F000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x86430000 \SystemRoot\system32\drivers\crcdisk.sys

0x8645B000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x86466000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x8646F000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x89802000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x8A101000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8A1A0000 \SystemRoot\System32\drivers\watchdog.sys

0x8A1AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x8A1B8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x8647E000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x8648D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8649F000 \SystemRoot\system32\DRIVERS\b57nd60x.sys

0x864CF000 \SystemRoot\system32\DRIVERS\athr.sys

0x8658A000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x8A1F6000 \SystemRoot\system32\DRIVERS\DKbFltr.sys

0x8659D000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x865A8000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x865D4000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x865DF000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x865E3000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x89800000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys

0x86400000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x863E0000 \SystemRoot\system32\DRIVERS\dne2000.sys

0x8A207000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8A235000 \SystemRoot\system32\DRIVERS\storport.sys

0x8A276000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8A281000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8A298000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8A2A3000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8A2C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8A2D5000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8A2E9000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x8A2FE000 \SystemRoot\System32\Drivers\pcouffin.sys

0x8A30A000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8A31A000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8A31C000 \SystemRoot\system32\DRIVERS\ks.sys

0x8A346000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8A350000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8A35D000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8A391000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8A600000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8A3A2000 \SystemRoot\system32\drivers\portcls.sys

0x8A3CF000 \SystemRoot\system32\drivers\drmk.sys

0x8AA04000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0x8AB21000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8AB23000 \SystemRoot\system32\drivers\modem.sys

0x8AB30000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x8AB39000 \SystemRoot\System32\Drivers\Null.SYS

0x8AB40000 \SystemRoot\System32\Drivers\Beep.SYS

0x8AB50000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x8AB57000 \SystemRoot\System32\drivers\vga.sys

0x8AB63000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8AB84000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8AB8C000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8AB94000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8AB9F000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8ABAD000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8AC0E000 \SystemRoot\System32\drivers\tcpip.sys

0x8ACF5000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8AD10000 \SystemRoot\system32\drivers\mfewfpk.sys

0x8AD36000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8AD4C000 \SystemRoot\system32\DRIVERS\smb.sys

0x8AD60000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8AD92000 \SystemRoot\system32\drivers\afd.sys

0x8ADDA000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8ADF0000 \SystemRoot\system32\DRIVERS\mfenlfk.sys

0x8AC00000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8ABB6000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8AE0D000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8AE49000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys

0x8AE4D000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8AE57000 \SystemRoot\System32\Drivers\dfsc.sys

0x8AE6E000 \SystemRoot\system32\drivers\mfeavfk.sys

0x8AE92000 \SystemRoot\system32\drivers\mfefirek.sys

0x8AEDD000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8AEEA000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x8AEF5000 \SystemRoot\System32\Drivers\dump_msahci.sys

0x8AEFF000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x91A90000 \SystemRoot\System32\win32k.sys

0x8AF16000 \SystemRoot\System32\drivers\Dxapi.sys

0xA2C02000 \SystemRoot\System32\Drivers\BisonC07.sys

0xA2CEF000 \SystemRoot\System32\Drivers\STREAM.SYS

0xA2CFC000 \SystemRoot\system32\DRIVERS\monitor.sys

0xA2D0B000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xA2D14000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xA2D24000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x91CB0000 \SystemRoot\System32\TSDDD.dll

0x91CD0000 \SystemRoot\System32\cdd.dll

0xA2D2C000 \SystemRoot\system32\drivers\luafv.sys

0xA2D47000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys

0xA2D4E000 \SystemRoot\system32\DRIVERS\lltdio.sys

0xA2D5E000 \SystemRoot\system32\DRIVERS\nwifi.sys

0xA2D88000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA2D92000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x8AF20000 \SystemRoot\system32\drivers\spsys.sys

0xA6409000 \SystemRoot\system32\drivers\HTTP.sys

0xA6474000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xA6491000 \SystemRoot\system32\DRIVERS\bowser.sys

0xA64AA000 \SystemRoot\System32\drivers\mpsdrv.sys

0xA64BF000 \SystemRoot\system32\drivers\mrxdav.sys

0xA64DF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xA64FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xA6537000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xA654F000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA6576000 \SystemRoot\System32\DRIVERS\srv.sys

0xA6808000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys

0xA6898000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys

0xA689F000 \SystemRoot\system32\DRIVERS\cdfs.sys

0xA68B5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xA68B9000 \SystemRoot\system32\drivers\peauth.sys

0xA6997000 \SystemRoot\system32\DRIVERS\PSDNServ.sys

0xA69A0000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys

0xA69B2000 \SystemRoot\System32\Drivers\secdrv.SYS

0xA7604000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys

0xA768F000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys

0xA76C4000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA76D0000 \SystemRoot\system32\DRIVERS\xaudio.sys

0xA76FC000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys

0xA7705000 \SystemRoot\system32\drivers\cfwids.sys

0xA773F000 \SystemRoot\system32\drivers\mfeapfk.sys

0xA7755000 \SystemRoot\system32\drivers\mfebopk.sys

0xA7772000 \SystemRoot\System32\Drivers\fastfat.SYS

0xA77C3000 \??\C:\Users\Aimee\AppData\Local\Temp\aswMBR.sys

0x76E90000 \Windows\System32\ntdll.dll

Processes (total 75):

0 System Idle Process

4 System

508 C:\Windows\System32\smss.exe

584 csrss.exe

628 C:\Windows\System32\wininit.exe

636 csrss.exe

676 C:\Windows\System32\services.exe

692 C:\Windows\System32\lsass.exe

700 C:\Windows\System32\lsm.exe

768 C:\Windows\System32\winlogon.exe

892 C:\Windows\System32\svchost.exe

956 C:\Windows\System32\svchost.exe

1112 C:\Windows\System32\svchost.exe

1156 C:\Windows\System32\svchost.exe

1172 C:\Windows\System32\svchost.exe

1244 C:\Windows\System32\audiodg.exe

1276 C:\Windows\System32\SLsvc.exe

1308 C:\Windows\System32\svchost.exe

1400 C:\Windows\System32\svchost.exe

1680 C:\Windows\System32\spoolsv.exe

1708 C:\Windows\System32\svchost.exe

1888 C:\Windows\System32\agrsmsvc.exe

1916 C:\Acer\ALaunch\ALaunchSvc.exe

1936 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

1956 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

1984 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

2016 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

2032 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

304 C:\Acer\Empowering Technology\eNet\eNet Service.exe

392 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

532 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

12 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

824 C:\Acer\Mobility Center\MobilityService.exe

940 C:\Windows\System32\rundll32.exe

1388 C:\Windows\System32\PSIService.exe

2100 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

2116 C:\Windows\System32\svchost.exe

2140 C:\Windows\System32\svchost.exe

2176 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

2212 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

2328 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

2372 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

2396 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

2452 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

2508 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

2612 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

2736 WmiPrvSE.exe

2912 WmiPrvSE.exe

2996 unsecapp.exe

3508 C:\Windows\System32\dwm.exe

3528 C:\Windows\explorer.exe

3608 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

3664 C:\Windows\System32\taskeng.exe

3924 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

1292 C:\Windows\System32\igfxsrvc.exe

3752 C:\Program Files\Launch Manager\LManager.exe

2692 C:\Program Files\Apoint2K\Apoint.exe

3500 C:\Program Files\Common Files\Java\Java Update\jusched.exe

3648 C:\Program Files\Windows Sidebar\sidebar.exe

1124 C:\Windows\System32\igfxext.exe

3972 C:\Windows\System32\igfxsrvc.exe

3820 C:\Windows\System32\wbem\unsecapp.exe

3464 C:\Acer\Empowering Technology\eNet\eNMTray.exe

3852 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

2752 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

4068 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

3408 C:\Program Files\Apoint2K\ApMsgFwd.exe

3896 C:\Program Files\Apoint2K\ApntEx.exe

5300 C:\Windows\System32\SearchIndexer.exe

1596 C:\Windows\System32\taskeng.exe

5656 taskeng.exe

6304 taskeng.exe

6692 C:\Program Files\McAfee.com\Agent\mcagent.exe

4436 C:\Program Files\Mozilla Firefox\firefox.exe

7800 C:\Users\Aimee\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`eda00000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1f200000 (NTFS)

\\.\Q: --> error 5

PhysicalDrive0 Model Number: HitachiHTS542516K9SA00, Rev: BBCOC31P

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 4447E7A9BED536DB138A7374173EF45AD83CB223

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

hi

  1. Download OTLPEStd.exe to your desktop
  2. Ensure that you have a blank CD in the drive
  3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  4. Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  7. Double-click on the MBRFix icon.
  8. A command prompt will be presented. Type the following commands and press Enter after each line:
    X:
    cd X:\
    MbrFix /drive 1 fixmbr
    Exit
  9. Reboot your system.

When you are back into normal mode do the following again:

Double click on MBRCheck.exe that you previously downloaded

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.