Jump to content

Command Prompt crashes during DDS


Recommended Posts

  • Staff

Hi and welcome to Malwarebytes.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Thank you so much for the help.

OTL logfile created on: 10/27/2011 11:39:56 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dave\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 70.93% Memory free

5.74 Gb Paging File | 4.59 Gb Available in Paging File | 79.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.78 Gb Total Space | 21.96 Gb Free Space | 31.47% Space Free | Partition Type: NTFS

Drive D: | 69.51 Gb Total Space | 51.82 Gb Free Space | 74.55% Space Free | Partition Type: NTFS

Drive J: | 149.05 Gb Total Space | 105.56 Gb Free Space | 70.82% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/27 23:39:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe

PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/28 20:12:23 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2011/07/15 13:13:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/07/15 13:13:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/01/10 13:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe

PRC - [2011/01/10 13:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

PRC - [2011/01/10 13:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

PRC - [2010/12/14 11:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

PRC - [2010/12/02 17:22:38 | 000,456,368 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe

PRC - [2010/12/02 17:22:34 | 000,596,656 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe

PRC - [2010/12/02 17:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2010/10/26 20:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe

PRC - [2010/10/26 20:52:28 | 002,345,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe

PRC - [2010/10/26 20:52:26 | 000,973,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe

PRC - [2010/10/26 20:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/10/26 16:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2009/10/14 15:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009/10/14 15:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2009/10/07 03:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/06/24 15:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1221346908\ee\aolsoftware.exe

PRC - [2007/06/07 03:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe

PRC - [2007/02/10 08:16:14 | 000,471,040 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecovery.exe

PRC - [2007/02/09 10:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2007/02/07 04:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007/02/07 04:04:16 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2007/01/31 22:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007/01/24 14:27:50 | 000,319,488 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

PRC - [2007/01/24 14:27:42 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2007/01/13 01:25:28 | 000,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe

PRC - [2007/01/13 01:25:28 | 000,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe

PRC - [2007/01/13 01:24:58 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

PRC - [2007/01/04 18:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2006/12/29 21:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2006/10/23 09:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/23 11:16:32 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll

MOD - [2011/10/23 10:57:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll

MOD - [2011/10/23 08:59:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll

MOD - [2011/10/23 08:59:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MOD - [2011/10/23 00:42:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MOD - [2011/10/23 00:41:57 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011/10/23 00:41:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011/10/23 00:40:08 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011/10/23 00:37:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/01/10 13:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll

MOD - [2009/10/14 15:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009/10/14 15:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

MOD - [2007/02/07 03:56:30 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll

MOD - [2007/02/07 03:52:08 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2007/01/31 22:18:16 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll

MOD - [2007/01/24 14:27:50 | 000,319,488 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

MOD - [2007/01/24 14:27:40 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2007/01/24 14:27:24 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2007/01/13 01:25:30 | 000,339,968 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLTinyDB.dll

MOD - [2007/01/13 01:25:14 | 000,237,662 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapEngine.dll

MOD - [2007/01/13 01:25:14 | 000,114,776 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSchMgr.dll

MOD - [2007/01/13 01:25:14 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvcps.dll

MOD - [2006/12/29 21:51:58 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll

MOD - [2006/12/29 21:51:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll

MOD - [2006/12/29 21:51:20 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll

MOD - [2006/12/29 21:51:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll

MOD - [2006/12/29 21:51:18 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll

MOD - [2006/12/29 21:51:18 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll

MOD - [2006/12/26 04:28:42 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\EmodeUI.dll

MOD - [2006/12/25 20:28:40 | 000,200,704 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\Image.dll

MOD - [2006/11/10 19:23:00 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\Disk.dll

MOD - [2006/11/10 19:20:36 | 000,196,608 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\HardDisk.dll

MOD - [2006/11/10 17:49:10 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\FastBR.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/15 13:13:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/07/15 13:13:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/01/10 13:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)

SRV - [2010/12/02 17:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2010/12/02 17:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2010/10/26 20:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2010/10/26 20:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)

SRV - [2009/10/07 03:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/01/19 04:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/06/07 03:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)

SRV - [2007/02/07 04:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007/01/31 22:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007/01/13 01:25:28 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2007/01/13 01:25:28 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2007/01/04 18:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/12/29 21:51:56 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

SRV - [2006/10/23 09:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/15 13:13:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/15 13:13:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/10/26 20:52:50 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)

DRV - [2010/10/26 20:52:44 | 000,202,064 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)

DRV - [2010/10/26 20:52:44 | 000,029,120 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)

DRV - [2010/10/26 20:52:44 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)

DRV - [2010/07/06 14:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/10/26 17:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2009/10/07 10:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere MP(UVC)

DRV - [2009/10/07 10:48:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)

DRV - [2009/10/07 10:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2009/10/07 10:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2009/10/07 03:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)

DRV - [2009/04/30 23:02:00 | 009,850,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/04/11 01:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2008/08/18 20:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2008/07/26 17:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/19 15:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/10/11 20:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2006/12/07 22:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006/12/05 13:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2006/11/29 19:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2006/11/08 04:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2006/09/19 20:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.kongregate.com/games/element36/dawn-of-nations"

FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0

FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87

FF - prefs.js..extensions.enabledItems: {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.6

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704

FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4bff45e9&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/28 20:12:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/13 19:07:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/13 19:07:08 | 000,000,000 | ---D | M]

[2008/08/10 20:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Extensions

[2011/09/13 19:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions

[2010/04/28 12:24:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/07/17 04:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/03/14 15:12:30 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}

[2011/07/15 21:18:18 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2010/03/19 11:51:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(394)

[2010/03/14 15:12:31 | 000,000,000 | ---D | M] (TabRenamizer) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}

[2011/07/15 21:18:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/02/11 02:22:34 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}

[2011/07/15 21:18:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/10/27 06:19:54 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\browserhighlighter@ebay.com

[2010/03/25 12:55:00 | 000,000,000 | ---D | M] (TrackMeNot) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\trackmenot@mrl.nyu(138).edu

[2010/10/29 19:44:05 | 000,002,306 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\h7gmsdie.default\searchplugins\wot-safe-search.xml

[2011/09/13 19:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/09/03 19:35:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011/07/28 20:12:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2011/09/03 19:34:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2008/03/12 14:04:10 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\mozilla firefox\plugins\NPSFDMGR.dll

[2007/04/16 14:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: SpiralFrog DownloadManager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll

CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2011/03/30 09:59:49 | 000,622,039 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 abcstats.com

O1 - Hosts: 127.0.0.1 a.abv.bg

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 ca.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 ads.active.com #[server down?]

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 16422 more lines...

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1221346908\ee\aolsoftware.exe (AOL LLC)

O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PCMService] C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)

O4 - HKCU..\Run: [Acer Tour Reminder] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69E14A43-1964-4C36-9C15-F7285A51AC77}: DhcpNameServer = 192.168.1.1 71.250.0.12

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/27 23:39:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe

[2011/10/23 08:56:55 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Adobe

[2011/10/23 00:43:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\dds (1).scr

[2011/10/23 00:20:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/10/23 00:20:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/10/23 00:20:54 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/10/23 00:20:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/10/23 00:20:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/10/23 00:12:54 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2011/10/23 00:12:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2011/10/23 00:12:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2011/10/23 00:12:50 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2011/10/23 00:12:49 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/10/23 00:12:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2011/10/23 00:12:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2011/10/20 18:27:50 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\New Folder

[2011/10/02 19:25:51 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011/10/02 19:25:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011/10/02 19:25:51 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/10/02 19:25:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011/10/02 19:25:51 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011/10/02 19:25:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011/10/02 19:25:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011/10/02 19:25:50 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/10/02 19:25:50 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011/10/02 19:25:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011/10/02 19:25:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/10/02 19:25:49 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/10/02 19:25:49 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/10/02 19:25:49 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011/10/02 19:25:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011/10/02 19:25:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011/10/02 19:25:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/10/02 19:25:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/10/02 19:25:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/10/02 19:25:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/10/02 19:25:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/10/02 19:25:48 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/10/02 19:25:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/10/02 19:25:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011/10/02 19:25:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011/10/02 19:25:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011/10/02 19:25:47 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011/10/02 19:25:47 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/10/02 19:25:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011/10/02 19:25:47 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/10/02 19:25:47 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011/10/02 19:25:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/10/02 19:23:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011/10/02 19:23:00 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011/10/02 18:42:37 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2011/10/02 18:42:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011/10/02 18:41:05 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/10/02 18:41:04 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2007/07/19 09:20:16 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2007/06/07 03:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe

[2007/06/07 03:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe

[2007/06/07 03:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe

[2007/04/25 18:09:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[2007/01/30 16:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll

[2007/01/30 16:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll

[2007/01/30 16:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll

[2007/01/30 16:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll

[2007/01/30 16:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll

[2007/01/30 16:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll

[2007/01/30 16:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll

[2007/01/30 16:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll

[2007/01/30 16:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll

[2007/01/30 16:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll

[2007/01/30 16:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/10/27 23:39:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe

[2011/10/27 23:30:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011/10/27 23:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3168221375-1000150114-59586180-1000UA.job

[2011/10/27 23:19:38 | 000,003,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/10/27 23:19:38 | 000,003,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/10/27 17:28:46 | 000,002,003 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/10/27 17:28:45 | 000,002,041 | ---- | M] () -- C:\Users\Dave\Desktop\Google Chrome.lnk

[2011/10/27 17:19:26 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2011/10/27 17:19:13 | 2952,306,688 | -HS- | M] () -- C:\hiberfil.sys

[2011/10/27 01:19:43 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Dave.job

[2011/10/27 01:00:40 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Dave.job

[2011/10/24 18:30:05 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/10/23 00:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\dds (1).scr

[2011/10/23 00:34:34 | 000,153,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/10/22 08:23:08 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3168221375-1000150114-59586180-1000Core.job

[2011/10/02 19:26:00 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011/10/02 19:26:00 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011/10/02 19:25:51 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011/10/02 19:25:51 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011/10/02 19:25:51 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/10/02 19:25:51 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011/10/02 19:25:51 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011/10/02 19:25:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011/10/02 19:25:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011/10/02 19:25:50 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/10/02 19:25:50 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011/10/02 19:25:50 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011/10/02 19:25:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/10/02 19:25:49 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/10/02 19:25:49 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/10/02 19:25:49 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011/10/02 19:25:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011/10/02 19:25:49 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011/10/02 19:25:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/10/02 19:25:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/10/02 19:25:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011/10/02 19:25:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/10/02 19:25:49 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/10/02 19:25:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/10/02 19:25:48 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/10/02 19:25:48 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/10/02 19:25:48 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011/10/02 19:25:48 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011/10/02 19:25:47 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011/10/02 19:25:47 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011/10/02 19:25:47 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/10/02 19:25:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011/10/02 19:25:47 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/10/02 19:25:47 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011/10/02 19:25:47 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files Created - No Company Name ==========

[2011/10/23 14:59:46 | 2952,306,688 | -HS- | C] () -- C:\hiberfil.sys

[2011/10/02 19:25:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011/03/23 11:46:14 | 000,202,064 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys

[2011/03/23 11:46:14 | 000,038,856 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys

[2010/11/23 01:39:09 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll

[2010/06/10 13:51:55 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Local\prvlcl.dat

[2010/03/17 23:55:24 | 000,000,273 | ---- | C] () -- C:\Windows\SysMech.INI

[2009/10/21 13:22:00 | 000,312,832 | ---- | C] () -- C:\Windows\System32\drivers\yk60x86.sys

[2009/10/15 18:10:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/10/15 18:10:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/10/07 03:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2009/10/07 03:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2009/09/03 18:59:37 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat

[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2009/04/13 21:40:13 | 000,000,092 | ---- | C] () -- C:\Users\Dave\AppData\Local\fusioncache.dat

[2008/12/07 01:49:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/09/17 11:55:00 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll

[2008/09/17 11:55:00 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe

[2008/09/17 11:55:00 | 001,503,232 | ---- | C] () -- C:\Windows\System32\nview.dll

[2008/09/17 11:55:00 | 001,346,080 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe

[2008/09/17 11:55:00 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll

[2008/09/17 11:55:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll

[2008/09/17 11:55:00 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvappbar.exe

[2008/09/17 11:55:00 | 000,436,768 | ---- | C] () -- C:\Windows\System32\keystone.exe

[2008/09/17 11:55:00 | 000,286,720 | ---- | C] () -- C:\Windows\System32\nvnt4cpl.dll

[2008/09/12 23:37:18 | 000,007,620 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat

[2008/09/12 20:31:54 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini

[2008/08/20 20:30:31 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/05/03 17:55:40 | 000,002,126 | ---- | C] () -- C:\Windows\AutostarSuite.ini

[2008/03/29 09:44:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/01/29 16:51:22 | 000,000,423 | ---- | C] () -- C:\Windows\PowerReg.dat

[2008/01/28 11:03:30 | 000,000,076 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2008/01/23 19:56:00 | 000,000,068 | ---- | C] () -- C:\Windows\WININIT.INI

[2008/01/23 17:51:03 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe

[2008/01/07 18:34:18 | 000,010,752 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/07 18:26:16 | 000,000,859 | ---- | C] () -- C:\Windows\aolback.exe.lnk

[2008/01/07 18:21:30 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

[2007/12/07 12:07:40 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

[2007/07/19 09:21:19 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2007/07/19 09:21:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2007/07/19 09:20:16 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2007/04/25 18:46:36 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007/04/25 18:09:17 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/04/25 17:34:22 | 000,000,446 | ---- | C] () -- C:\Windows\generic.ini

[2007/04/25 17:34:22 | 000,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007/02/19 09:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll

[2007/02/19 09:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll

[2007/02/19 09:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll

[2007/02/19 09:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll

[2007/02/19 09:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll

[2007/02/19 09:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll

[2007/02/19 09:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll

[2007/02/19 09:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll

[2007/02/07 19:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll

[2007/02/07 03:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/02/07 03:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/02/07 03:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/02/07 03:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/02/07 03:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2007/01/22 04:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll

[2006/12/25 19:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/13 09:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin

[2006/11/02 11:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini

[2006/11/02 09:53:49 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 09:44:53 | 000,153,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:33:01 | 000,638,526 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 07:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 07:33:01 | 000,117,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 07:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 07:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 05:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 05:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 04:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/12 19:24:09 | 000,046,345 | ---- | C] () -- C:\Windows\NSSetDefaultBrowser.EXE

[2005/08/26 16:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe

[2005/08/26 16:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

[2005/08/18 12:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll

[2005/05/25 11:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll

[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 10/27/2011 11:39:57 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dave\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 70.93% Memory free

5.74 Gb Paging File | 4.59 Gb Available in Paging File | 79.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.78 Gb Total Space | 21.96 Gb Free Space | 31.47% Space Free | Partition Type: NTFS

Drive D: | 69.51 Gb Total Space | 51.82 Gb Free Space | 74.55% Space Free | Partition Type: NTFS

Drive J: | 149.05 Gb Total Space | 105.56 Gb Free Space | 70.82% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 1

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)

"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)

"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C9602F2-B92B-4BFD-92C7-7993FAE5580B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{0CE1CBDB-4927-4BEB-99D8-863470D4E52A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{0DC0802A-1AA6-43FC-8B87-07E33209CF10}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{14348583-CDC7-4550-B511-9394496BAF4E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{1F6F7F51-400C-4260-B287-074F239720DE}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |

"{2217C277-E3F4-4E4A-8BF3-56340FC142EE}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |

"{24137012-49CA-4383-B622-38270C7520D4}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |

"{267C32B3-D113-4ABE-B696-C03512F8BE1E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{28D08ED7-1DD3-4014-957A-0B21660DDAC4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1199810025\ee\aolsoftware.exe |

"{2CD161B3-2339-4A66-9B6D-56505CFC97CA}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |

"{302E70C9-D351-4EF8-81D4-3044872412BA}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |

"{30D95152-959F-4428-9A8C-FF58D5C98AB5}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold kingdoms\strongholdkingdoms.exe |

"{3B6F5637-F641-4796-987E-8DC9AD2C8501}" = protocol=6 | dir=in | app=c:\program files\iolo\antivirus\iavemailscanner.exe |

"{3FB893AD-8BD1-4016-85DC-B2E1C93E6D03}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{44B75B24-103F-4885-8AA1-5CD12FB637CC}" = protocol=6 | dir=in | app=c:\program files\aol 9.1a\waol.exe |

"{4E954F95-5F06-49C1-8DA4-8064333F1231}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{52CBD5FF-0F84-4AD2-A8EB-FB654BFE17A9}" = protocol=6 | dir=in | app=c:\windows\system32\dlbtcoms.exe |

"{52E4B88B-77EF-42BD-B839-D159933390A9}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |

"{597AED83-46C0-4D39-8172-0B12E06BB8C4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{5CDD7C53-80E0-4F7F-9535-7E6C303BDF8C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{61E89870-0E97-4E06-B96D-7A35E41953E2}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |

"{62E7EC94-EB88-444C-81B6-A7C748C09B0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{6412002F-6647-4496-BF55-7FE4FE6FF7A8}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |

"{6830F594-69F7-4AFF-920D-F5C39750D627}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{6B98AE64-82FE-4AD1-835B-1A6F88D00D91}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1199810025\ee\aolsoftware.exe |

"{6C7EC63A-26BF-4BD1-8E94-16EA2CA1C117}" = protocol=17 | dir=in | app=c:\program files\iolo\antivirus\ioloav.exe |

"{73EDEA59-ABF5-48CF-B96B-3E4030C982D6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{73FDA494-63F7-4A03-A34C-30F26E62646F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{7773182E-D00E-4961-B96D-5F1108FDE36B}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |

"{7BA61AB8-8F9F-4E13-B7B4-40067D3F99A4}" = protocol=6 | dir=in | app=c:\program files\iolo\antivirus\ioloav.exe |

"{7BC081CB-80AE-4E8A-BAFE-C5FEDCFF04A3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{7BF49A78-952C-4A9B-8F84-22DF67FCEDB9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1221346908\ee\aolsoftware.exe |

"{85790B86-B401-4FB1-BF43-9E1D7649AD2B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1221346908\ee\aolsoftware.exe |

"{878530FF-ED50-41D5-83CC-0C0563BC4029}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{8D70166D-B17C-499A-85AF-5BDA41AA7E2A}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |

"{90A49260-71CD-4017-958F-BE330CEDF88C}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |

"{92A8605D-F47F-4E35-B430-D7DA7102C221}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{A2AB9568-CD3B-4C10-A2B5-9BDB2DE2819C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{A8332B42-1DDB-4883-9003-CD7026D92178}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |

"{B2F1E6E4-6C49-4108-9594-B0E4D306EB11}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{B600000E-CCB8-4BC2-85AE-0694C5A6C0D6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{B9A3D3B4-F4D9-43B5-B9D9-7668BD6E1BB4}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |

"{BC054FCC-2510-455A-9F22-B698BAF4C2BB}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |

"{C0A023DE-484A-44D0-84CB-D1457F4691EA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{C2916DAD-EA9A-4E01-BA6C-440EBA082FED}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{CAB1D152-D44B-4B6A-9898-02016CBFE84E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{CC55E0E1-E801-48B9-88CF-A40C58133EAB}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |

"{CF39065D-5861-4F57-9716-6A326BD482C5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{D073D4BC-2EC3-4E06-BAA2-54481B7C79FD}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |

"{D0A494BB-2E75-4328-BCB1-82298E84C972}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{D0A4B255-598D-40CA-997D-FE4E91F01A6A}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |

"{D0D153DE-E8E5-4004-9C21-1B110589405E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{D7D8B94C-DC58-4B91-9E48-24896CF7EC11}" = protocol=17 | dir=in | app=c:\windows\system32\dlbtcoms.exe |

"{DA52CF8A-E335-4D0C-87AC-EB941A1EDA63}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{DF79DB88-52F3-4B57-9CD1-1DF1AA1FE39C}" = protocol=17 | dir=in | app=c:\program files\iolo\antivirus\iavemailscanner.exe |

"{E6425112-6E21-4EC0-AF05-6BAC19B526F1}" = protocol=17 | dir=in | app=c:\program files\aol 9.1a\waol.exe |

"{F7D8E8A1-639B-447A-93DA-484907F90CB5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{FA4EE371-652C-4BFF-849B-8F247BAEA7EC}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold kingdoms\strongholdkingdoms.exe |

"{FB6B039B-6E44-431F-897E-6B120144811A}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |

"TCP Query User{7D3A8211-2085-45F4-8011-ED96DAB1EE9D}K:\techwizard.exe" = protocol=6 | dir=in | app=k:\techwizard.exe |

"TCP Query User{A8C2BEB7-09E3-435B-83B2-026F59392358}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{E9DE8A05-7D71-4273-BB4B-5F2DE4A5680F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{4771EA9D-C4D3-4E05-8E27-94CA65E9365B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{77C0AD9F-EB17-4FA4-9FB1-FDE9FF0DC0EB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{F44168E2-710A-4443-B50D-46A133C0364C}K:\techwizard.exe" = protocol=17 | dir=in | app=k:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer eMode Management

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 27

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}" = Risk II

"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97A19679-4C07-4B34-8ACB-D5565C3440FC}" = Stronghold

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BE65FCDB-750C-46BA-AFD1-0B44F7DD0F46}_is1" = Stronghold Kingdoms - Alpha 4

"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{DB15384B-67E0-4771-9A2D-7E607EEE3EE5}" = Stronghold: LOTR

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Alarm_is1" = Alarm 2.0.4

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Castle Attack Install" = Castle Attack Install

"CCleaner" = CCleaner

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Defraggler" = Defraggler

"Google Updater" = Google Updater

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"legacyqcam_10.00" = Logitech Legacy USB Camera Driver Package

"lvdrivers_11.50" = Logitech QuickCam Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)

"NTREGOPT_is1" = NTREGOPT 1.1j

"NVIDIA Drivers" = NVIDIA Drivers

"OnlineArmor_is1" = Online Armor 4.5

"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect

"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44

"RealPlayer 12.0" = RealPlayer

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"SpywareBlaster_is1" = SpywareBlaster 4.4

"StreetPlugin" = Learn2 Player (Uninstall Only)

"TurboTax Deluxe 2007" = TurboTax Deluxe 2007

"Verizon FiOS Activation_is1" = Verizon FiOS Activation

"ViewpointMediaPlayer" = Viewpoint Media Player

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/22/2011 11:39:55 PM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/22/2011 11:39:55 PM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/22/2011 11:39:55 PM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/22/2011 11:39:55 PM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/22/2011 11:39:55 PM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/22/2011 11:46:28 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000

Description = Faulting application cmd.exe, version 6.0.6001.18000, time stamp 0x47918bde,

faulting module HookDLL32.dll, version 10.1.1.1, time stamp 0x4cf829bf, exception

code 0xc0000417, fault offset 0x00022829, process id 0x1314, application start time

0x01cc91361b48869f.

Error - 10/27/2011 4:20:17 PM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3038

Description =

Error - 10/27/2011 4:21:03 PM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 10/27/2011 4:21:03 PM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 10/27/2011 4:29:08 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000

Description = Faulting application GoogleUpdate.exe, version 1.2.183.21, time stamp

0x4b95e661, faulting module HookDLL32.dll, version 10.1.1.1, time stamp 0x4cf829bf,

exception code 0xc0000417, fault offset 0x00022829, process id 0x1530, application

start time 0x01cc94e639601c5a.

[ System Events ]

Error - 10/27/2011 4:49:08 AM | Computer Name = Dave-PC | Source = LSM | ID = 1048

Description =

Error - 10/27/2011 4:49:47 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 10/27/2011 4:21:02 PM | Computer Name = Dave-PC | Source = LSM | ID = 1048

Description =

Error - 10/27/2011 4:21:03 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 10/27/2011 4:21:04 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 10/27/2011 4:21:04 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 10/27/2011 4:21:24 PM | Computer Name = Dave-PC | Source = DCOM | ID = 10005

Description =

Error - 10/27/2011 4:21:24 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 10/27/2011 4:21:24 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 10/27/2011 4:21:37 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7032

Description =

< End of report >

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8054

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/31/2011 6:43:03 PM

mbam-log-2011-10-31 (18-43-03).txt

Scan type: Quick scan

Objects scanned: 161010

Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Try this instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

OTL logfile created on: 11/8/2011 2:30:17 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dave\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 63.69% Memory free

5.70 Gb Paging File | 4.56 Gb Available in Paging File | 79.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.78 Gb Total Space | 19.95 Gb Free Space | 28.59% Space Free | Partition Type: NTFS

Drive D: | 69.51 Gb Total Space | 51.64 Gb Free Space | 74.30% Space Free | Partition Type: NTFS

Drive J: | 149.05 Gb Total Space | 105.56 Gb Free Space | 70.82% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 14:29:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe

PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/28 19:12:23 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2011/07/15 12:13:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/07/15 12:13:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe

PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

PRC - [2010/12/02 16:22:38 | 000,456,368 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe

PRC - [2010/12/02 16:22:34 | 000,596,656 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe

PRC - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe

PRC - [2010/10/26 19:52:28 | 002,345,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe

PRC - [2010/10/26 19:52:28 | 000,433,368 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAReg.exe

PRC - [2010/10/26 19:52:26 | 000,973,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe

PRC - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe

PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/10/26 15:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1221346908\ee\aolsoftware.exe

PRC - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe

PRC - [2007/02/10 07:16:14 | 000,471,040 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecovery.exe

PRC - [2007/02/09 09:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2007/02/07 03:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007/02/07 03:04:16 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2007/01/31 21:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007/01/24 13:27:50 | 000,319,488 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

PRC - [2007/01/24 13:27:42 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2007/01/13 00:25:28 | 000,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe

PRC - [2007/01/13 00:25:28 | 000,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe

PRC - [2007/01/13 00:24:58 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2006/12/29 20:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/23 10:16:32 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll

MOD - [2011/10/23 09:57:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll

MOD - [2011/10/23 07:59:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll

MOD - [2011/10/23 07:59:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MOD - [2011/10/22 23:42:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MOD - [2011/10/22 23:41:57 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011/10/22 23:41:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011/10/22 23:40:08 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011/10/22 23:37:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll

MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

MOD - [2009/02/27 12:56:34 | 000,016,768 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2007/02/07 02:56:30 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll

MOD - [2007/02/07 02:52:08 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2007/01/31 21:18:16 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll

MOD - [2007/01/24 13:27:50 | 000,319,488 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

MOD - [2007/01/24 13:27:40 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2007/01/24 13:27:24 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2007/01/13 00:25:30 | 000,339,968 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLTinyDB.dll

MOD - [2007/01/13 00:25:14 | 000,237,662 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapEngine.dll

MOD - [2007/01/13 00:25:14 | 000,114,776 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSchMgr.dll

MOD - [2007/01/13 00:25:14 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvcps.dll

MOD - [2006/12/29 20:51:58 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll

MOD - [2006/12/29 20:51:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll

MOD - [2006/12/29 20:51:20 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll

MOD - [2006/12/29 20:51:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll

MOD - [2006/12/29 20:51:18 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll

MOD - [2006/12/29 20:51:18 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll

MOD - [2006/12/26 03:28:42 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\EmodeUI.dll

MOD - [2006/12/25 19:28:40 | 000,200,704 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\Image.dll

MOD - [2006/11/10 18:23:00 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\Disk.dll

MOD - [2006/11/10 18:20:36 | 000,196,608 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\HardDisk.dll

MOD - [2006/11/10 16:49:10 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\FastBR.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/15 12:13:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/07/15 12:13:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)

SRV - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)

SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)

SRV - [2007/02/07 03:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007/01/31 21:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007/01/13 00:25:28 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2007/01/13 00:25:28 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/12/29 20:51:56 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/15 12:13:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/15 12:13:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/10/26 19:52:50 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)

DRV - [2010/10/26 19:52:44 | 000,202,064 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)

DRV - [2010/10/26 19:52:44 | 000,029,120 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)

DRV - [2010/10/26 19:52:44 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)

DRV - [2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere MP(UVC)

DRV - [2009/10/07 09:48:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)

DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/09/08 09:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)

DRV - [2009/04/30 22:02:00 | 009,850,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2008/08/18 19:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006/12/05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2006/11/08 03:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2006/09/19 19:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.kongregate.com/games/element36/dawn-of-nations"

FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0

FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87

FF - prefs.js..extensions.enabledItems: {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.6

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704

FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4bff45e9&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/28 19:12:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/13 18:07:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/13 18:07:08 | 000,000,000 | ---D | M]

[2008/08/10 19:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Extensions

[2011/09/13 18:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions

[2010/04/28 11:24:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/07/17 03:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/03/14 14:12:30 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}

[2011/07/15 20:18:18 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2010/03/19 10:51:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(394)

[2010/03/14 14:12:31 | 000,000,000 | ---D | M] (TabRenamizer) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}

[2011/07/15 20:18:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/02/11 01:22:34 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}

[2011/07/15 20:18:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/10/27 05:19:54 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\browserhighlighter@ebay.com

[2010/03/25 11:55:00 | 000,000,000 | ---D | M] (TrackMeNot) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\h7gmsdie.default\extensions\trackmenot@mrl.nyu(138).edu

[2010/10/29 18:44:05 | 000,002,306 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\h7gmsdie.default\searchplugins\wot-safe-search.xml

[2011/09/13 18:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/09/03 18:35:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011/07/28 19:12:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2011/09/03 18:34:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2008/03/12 13:04:10 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\mozilla firefox\plugins\NPSFDMGR.dll

[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: SpiralFrog DownloadManager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll

CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2011/03/30 08:59:49 | 000,622,039 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 abcstats.com

O1 - Hosts: 127.0.0.1 a.abv.bg

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 ca.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 ads.active.com #[server down?]

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 16422 more lines...

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1221346908\ee\aolsoftware.exe (AOL LLC)

O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PCMService] C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)

O4 - HKCU..\Run: [Acer Tour Reminder] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69E14A43-1964-4C36-9C15-F7285A51AC77}: DhcpNameServer = 192.168.1.1 71.250.0.12

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 14:30:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe

[2011/10/31 19:05:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/10/31 17:59:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/10/31 17:59:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/10/31 17:59:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/10/31 17:57:53 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/10/31 17:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/10/31 17:47:12 | 004,279,921 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe

[2011/10/31 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\TDSSKILLER

[2011/10/22 23:43:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\dds (1).scr

[2011/10/22 23:20:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/10/22 23:20:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/10/22 23:20:54 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/10/22 23:20:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/10/22 23:20:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/10/22 23:12:54 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2011/10/22 23:12:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2011/10/22 23:12:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2011/10/22 23:12:50 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2011/10/22 23:12:49 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/10/22 23:12:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2011/10/22 23:12:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2011/10/20 17:27:50 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\New Folder

[2007/07/19 08:20:16 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2007/06/07 02:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe

[2007/06/07 02:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe

[2007/06/07 02:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe

[2007/04/25 17:09:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll

[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll

[2007/01/30 15:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll

[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll

[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll

[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll

[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll

[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll

[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll

[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll

[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/11/08 14:30:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011/11/08 14:29:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe

[2011/11/08 14:25:18 | 000,638,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/11/08 14:25:18 | 000,117,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/11/08 14:23:15 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3168221375-1000150114-59586180-1000UA.job

[2011/11/08 14:19:44 | 000,003,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/11/08 14:19:44 | 000,003,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/11/08 14:19:30 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2011/11/08 14:19:28 | 2952,249,344 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/05 00:13:45 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Dave.job

[2011/11/05 00:00:54 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Dave.job

[2011/11/04 07:23:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3168221375-1000150114-59586180-1000Core.job

[2011/10/31 17:47:10 | 004,279,921 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe

[2011/10/31 17:29:49 | 001,545,436 | ---- | M] () -- C:\Users\Dave\Desktop\tdsskiller.zip

[2011/10/27 16:28:46 | 000,002,003 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/10/27 16:28:45 | 000,002,041 | ---- | M] () -- C:\Users\Dave\Desktop\Google Chrome.lnk

[2011/10/24 17:30:05 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/10/22 23:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\dds (1).scr

[2011/10/22 23:34:34 | 000,153,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/01 05:32:42 | 2952,249,344 | -HS- | C] () -- C:\hiberfil.sys

[2011/10/31 17:59:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/10/31 17:59:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/10/31 17:59:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/10/31 17:59:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/10/31 17:59:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/10/31 17:30:01 | 001,545,436 | ---- | C] () -- C:\Users\Dave\Desktop\tdsskiller.zip

[2011/03/23 10:46:14 | 000,202,064 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys

[2011/03/23 10:46:14 | 000,038,856 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys

[2010/11/23 00:39:09 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll

[2010/06/10 12:51:55 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Local\prvlcl.dat

[2010/03/17 22:55:24 | 000,000,273 | ---- | C] () -- C:\Windows\SysMech.INI

[2009/10/21 12:22:00 | 000,312,832 | ---- | C] () -- C:\Windows\System32\drivers\yk60x86.sys

[2009/10/15 17:10:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/10/15 17:10:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2009/09/03 17:59:37 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat

[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2009/04/13 20:40:13 | 000,000,092 | ---- | C] () -- C:\Users\Dave\AppData\Local\fusioncache.dat

[2008/12/07 00:49:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/09/17 10:55:00 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll

[2008/09/17 10:55:00 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe

[2008/09/17 10:55:00 | 001,503,232 | ---- | C] () -- C:\Windows\System32\nview.dll

[2008/09/17 10:55:00 | 001,346,080 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe

[2008/09/17 10:55:00 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll

[2008/09/17 10:55:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll

[2008/09/17 10:55:00 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvappbar.exe

[2008/09/17 10:55:00 | 000,436,768 | ---- | C] () -- C:\Windows\System32\keystone.exe

[2008/09/17 10:55:00 | 000,286,720 | ---- | C] () -- C:\Windows\System32\nvnt4cpl.dll

[2008/09/12 22:37:18 | 000,007,620 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat

[2008/09/12 19:31:54 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini

[2008/08/20 19:30:31 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/05/03 16:55:40 | 000,002,126 | ---- | C] () -- C:\Windows\AutostarSuite.ini

[2008/03/29 08:44:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/01/29 15:51:22 | 000,000,423 | ---- | C] () -- C:\Windows\PowerReg.dat

[2008/01/28 10:03:30 | 000,000,076 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2008/01/23 18:56:00 | 000,000,068 | ---- | C] () -- C:\Windows\WININIT.INI

[2008/01/23 16:51:03 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe

[2008/01/07 17:34:18 | 000,010,752 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/07 17:26:16 | 000,000,859 | ---- | C] () -- C:\Windows\aolback.exe.lnk

[2008/01/07 17:21:30 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

[2007/12/07 11:07:40 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

[2007/07/19 08:21:19 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2007/07/19 08:21:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2007/07/19 08:20:16 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2007/04/25 17:46:36 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007/04/25 17:09:17 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/04/25 16:34:22 | 000,000,446 | ---- | C] () -- C:\Windows\generic.ini

[2007/04/25 16:34:22 | 000,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007/02/19 08:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll

[2007/02/19 08:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll

[2007/02/19 08:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll

[2007/02/19 08:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll

[2007/02/19 08:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll

[2007/02/19 08:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll

[2007/02/19 08:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll

[2007/02/19 08:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll

[2007/02/07 18:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll

[2007/02/07 02:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/02/07 02:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/02/07 02:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/02/07 02:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/02/07 02:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2007/01/22 03:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll

[2006/12/25 18:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/13 08:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin

[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini

[2006/11/02 08:53:49 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:44:53 | 000,153,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 06:33:01 | 000,638,526 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,117,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/12 18:24:09 | 000,046,345 | ---- | C] () -- C:\Windows\NSSetDefaultBrowser.EXE

[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe

[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

[2005/08/18 11:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll

[2005/05/25 10:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

Post its log when done.

Link to post
Share on other sites

  • Staff

Okay let's try this again a little differently:

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

  • 2 weeks later...

Ok... While Command Prompt did crash again, it didn't crash until after deleting some 5 files and restarting. It crashed while trying to make the report log, so I don't have that, but this does seem like progress. I'm pretty happy about it because my pc was starting to repeatedly crash and was becoming unusable.

Do you think I should try to run Combofix again? Do I need a fresh copy?

Link to post
Share on other sites

  • Staff

Thanks for letting me know. What'd you do with the old one?

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.