site Search:
Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
    All Forums Hot Topics Gallery
 
Forums >

Broadband Tech > Security > Security Cleanup > google redirect striking search systems and famous search

Search Topic:
 Uniqs:
4863		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
page: 1 · 2
AuthorAll Replies

pilvlp

join:2006-03-21
Mishawaka, IN
1 edit

google redirect striking search systems and famous search

tdss:
quote:
08:51:29.0217 1892 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
08:51:29.0357 1892 ============================================================
08:51:29.0357 1892 Current date / time: 2011/11/08 08:51:29.0357
08:51:29.0357 1892 SystemInfo:
08:51:29.0357 1892
08:51:29.0357 1892 OS Version: 6.1.7600 ServicePack: 0.0
08:51:29.0357 1892 Product type: Workstation
08:51:29.0357 1892 ComputerName: ACER-PC
08:51:29.0357 1892 UserName: Acer
08:51:29.0357 1892 Windows directory: C:\Windows
08:51:29.0357 1892 System windows directory: C:\Windows
08:51:29.0357 1892 Running under WOW64
08:51:29.0357 1892 Processor architecture: Intel x64
08:51:29.0357 1892 Number of processors: 2
08:51:29.0357 1892 Page size: 0x1000
08:51:29.0357 1892 Boot type: Normal boot
08:51:29.0357 1892 ============================================================
08:51:30.0933 1892 Initialize success
08:51:39.0770 3864 ============================================================
08:51:39.0770 3864 Scan started
08:51:39.0770 3864 Mode: Manual;
08:51:39.0770 3864 ============================================================
08:51:41.0954 3864 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:51:41.0969 3864 1394ohci - ok
08:51:42.0016 3864 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:51:42.0016 3864 ACPI - ok
08:51:42.0219 3864 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:51:42.0219 3864 AcpiPmi - ok
08:51:42.0312 3864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:51:42.0312 3864 adp94xx - ok
08:51:42.0515 3864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:51:42.0515 3864 adpahci - ok
08:51:42.0578 3864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:51:42.0578 3864 adpu320 - ok
08:51:42.0780 3864 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
08:51:42.0796 3864 AFD - ok
08:51:42.0999 3864 AgereSoftModem (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys
08:51:43.0014 3864 AgereSoftModem - ok
08:51:43.0202 3864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:51:43.0202 3864 agp440 - ok
08:51:43.0295 3864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:51:43.0295 3864 aliide - ok
08:51:43.0451 3864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:51:43.0467 3864 amdide - ok
08:51:43.0529 3864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:51:43.0529 3864 AmdK8 - ok
08:51:43.0576 3864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:51:43.0576 3864 AmdPPM - ok
08:51:43.0748 3864 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
08:51:43.0748 3864 amdsata - ok
08:51:43.0841 3864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:51:43.0841 3864 amdsbs - ok
08:51:44.0008 3864 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
08:51:44.0009 3864 amdxata - ok
08:51:44.0091 3864 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:51:44.0093 3864 AppID - ok
08:51:44.0307 3864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:51:44.0309 3864 arc - ok
08:51:44.0377 3864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:51:44.0380 3864 arcsas - ok
08:51:44.0568 3864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:51:44.0569 3864 AsyncMac - ok
08:51:44.0639 3864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:51:44.0641 3864 atapi - ok
08:51:44.0865 3864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:51:44.0873 3864 b06bdrv - ok
08:51:45.0063 3864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:51:45.0068 3864 b57nd60a - ok
08:51:45.0131 3864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:51:45.0132 3864 Beep - ok
08:51:45.0331 3864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:51:45.0332 3864 blbdrive - ok
08:51:45.0427 3864 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
08:51:45.0429 3864 bowser - ok
08:51:45.0605 3864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:51:45.0607 3864 BrFiltLo - ok
08:51:45.0656 3864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:51:45.0657 3864 BrFiltUp - ok
08:51:45.0735 3864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:51:45.0741 3864 Brserid - ok
08:51:45.0905 3864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:51:45.0907 3864 BrSerWdm - ok
08:51:45.0960 3864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:51:45.0960 3864 BrUsbMdm - ok
08:51:46.0007 3864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:51:46.0007 3864 BrUsbSer - ok
08:51:46.0198 3864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:51:46.0200 3864 BTHMODEM - ok
08:51:46.0261 3864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:51:46.0263 3864 cdfs - ok
08:51:46.0455 3864 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:51:46.0458 3864 cdrom - ok
08:51:46.0519 3864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:51:46.0520 3864 circlass - ok
08:51:46.0676 3864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:51:46.0681 3864 CLFS - ok
08:51:46.0841 3864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:51:46.0842 3864 CmBatt - ok
08:51:46.0979 3864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:51:46.0981 3864 cmdide - ok
08:51:47.0043 3864 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
08:51:47.0051 3864 CNG - ok
08:51:47.0217 3864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:51:47.0217 3864 Compbatt - ok
08:51:47.0280 3864 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:51:47.0280 3864 CompositeBus - ok
08:51:47.0436 3864 cpuz135 - ok
08:51:47.0545 3864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:51:47.0545 3864 crcdisk - ok
08:51:47.0701 3864 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
08:51:47.0701 3864 DfsC - ok
08:51:47.0810 3864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:51:47.0810 3864 discache - ok
08:51:47.0949 3864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:51:47.0951 3864 Disk - ok
08:51:47.0966 3864 DKbFltr - ok
08:51:48.0111 3864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:51:48.0112 3864 drmkaud - ok
08:51:48.0224 3864 dump_wmimmc - ok
08:51:48.0415 3864 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
08:51:48.0420 3864 DXGKrnl - ok
08:51:48.0652 3864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:51:48.0782 3864 ebdrv - ok
08:51:49.0078 3864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:51:49.0110 3864 elxstor - ok
08:51:49.0422 3864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:51:49.0422 3864 ErrDev - ok
08:51:49.0718 3864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:51:49.0749 3864 exfat - ok
08:51:49.0983 3864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:51:49.0999 3864 fastfat - ok
08:51:50.0295 3864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:51:50.0311 3864 fdc - ok
08:51:50.0706 3864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:51:50.0725 3864 FileInfo - ok
08:51:51.0165 3864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:51:51.0187 3864 Filetrace - ok
08:51:51.0755 3864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:51:51.0770 3864 flpydisk - ok
08:51:52.0176 3864 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:51:52.0191 3864 FltMgr - ok
08:51:52.0581 3864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:51:52.0581 3864 FsDepends - ok
08:51:52.0737 3864 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:51:52.0737 3864 Fs_Rec - ok
08:51:53.0063 3864 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:51:53.0066 3864 fvevol - ok
08:51:53.0320 3864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:51:53.0347 3864 gagp30kx - ok
08:51:53.0409 3864 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:51:53.0410 3864 GEARAspiWDM - ok
08:51:53.0637 3864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:51:53.0639 3864 hcw85cir - ok
08:51:53.0691 3864 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:51:53.0710 3864 HDAudBus - ok
08:51:53.0883 3864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:51:53.0885 3864 HidBatt - ok
08:51:53.0927 3864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:51:53.0927 3864 HidBth - ok
08:51:54.0177 3864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:51:54.0177 3864 HidIr - ok
08:51:54.0364 3864 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:51:54.0364 3864 HidUsb - ok
08:51:54.0442 3864 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:51:54.0458 3864 HpSAMD - ok
08:51:54.0945 3864 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:51:54.0970 3864 HTTP - ok
08:51:55.0601 3864 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:51:55.0623 3864 hwpolicy - ok
08:51:56.0278 3864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:51:56.0295 3864 i8042prt - ok
08:51:56.0957 3864 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
08:51:56.0960 3864 iaStor - ok
08:51:57.0552 3864 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
08:51:57.0568 3864 iaStorV - ok
08:51:57.0973 3864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:51:58.0020 3864 iirsp - ok
08:51:58.0332 3864 int15 - ok
08:51:59.0502 3864 IntcAzAudAddService (430aab6c09af99d5beb311795349e9dd) C:\Windows\system32\drivers\RTKVHD64.sys
08:51:59.0518 3864 IntcAzAudAddService - ok
08:52:00.0407 3864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:52:00.0438 3864 intelide - ok
08:52:00.0797 3864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:52:00.0797 3864 intelppm - ok
08:52:01.0171 3864 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:52:01.0202 3864 IpFilterDriver - ok
08:52:01.0561 3864 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:52:01.0577 3864 IPMIDRV - ok
08:52:02.0170 3864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:52:02.0201 3864 IPNAT - ok
08:52:02.0782 3864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:52:02.0802 3864 IRENUM - ok
08:52:03.0427 3864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:52:03.0439 3864 isapnp - ok
08:52:04.0072 3864 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:52:04.0076 3864 iScsiPrt - ok
08:52:04.0826 3864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:52:04.0827 3864 kbdclass - ok
08:52:05.0752 3864 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:52:05.0752 3864 kbdhid - ok
08:52:06.0420 3864 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
08:52:06.0422 3864 KSecDD - ok
08:52:06.0586 3864 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
08:52:06.0589 3864 KSecPkg - ok
08:52:06.0786 3864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:52:06.0800 3864 ksthunk - ok
08:52:07.0464 3864 L1C (3dd81da6a200edcc2ce939702f6afc1c) C:\Windows\system32\DRIVERS\L1C60x64.sys
08:52:07.0511 3864 L1C - ok
08:52:07.0979 3864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:52:08.0010 3864 lltdio - ok
08:52:08.0649 3864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:52:08.0665 3864 LSI_FC - ok
08:52:09.0195 3864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:52:09.0227 3864 LSI_SAS - ok
08:52:09.0757 3864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:52:09.0773 3864 LSI_SAS2 - ok
08:52:10.0334 3864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:52:10.0350 3864 LSI_SCSI - ok
08:52:10.0740 3864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:52:10.0740 3864 luafv - ok
08:52:11.0036 3864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:52:11.0083 3864 megasas - ok
08:52:11.0465 3864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:52:11.0483 3864 MegaSR - ok
08:52:11.0835 3864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:52:11.0836 3864 Modem - ok
08:52:12.0337 3864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:52:12.0337 3864 monitor - ok
08:52:12.0789 3864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:52:12.0789 3864 mouclass - ok
08:52:13.0195 3864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:52:13.0210 3864 mouhid - ok
08:52:13.0460 3864 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:52:13.0491 3864 mountmgr - ok
08:52:13.0850 3864 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:52:13.0850 3864 mpio - ok
08:52:14.0146 3864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:52:14.0256 3864 mpsdrv - ok
08:52:14.0755 3864 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:52:14.0770 3864 MRxDAV - ok
08:52:15.0207 3864 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:52:15.0238 3864 mrxsmb - ok
08:52:15.0816 3864 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:52:15.0831 3864 mrxsmb10 - ok
08:52:16.0163 3864 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:52:16.0171 3864 mrxsmb20 - ok
08:52:16.0353 3864 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:52:16.0369 3864 msahci - ok
08:52:16.0516 3864 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:52:16.0535 3864 msdsm - ok
08:52:17.0022 3864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:52:17.0038 3864 Msfs - ok
08:52:17.0497 3864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:52:17.0497 3864 mshidkmdf - ok
08:52:18.0150 3864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:52:18.0167 3864 msisadrv - ok
08:52:18.0917 3864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:52:18.0970 3864 MSKSSRV - ok
08:52:19.0263 3864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:52:19.0279 3864 MSPCLOCK - ok
08:52:19.0778 3864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:52:19.0840 3864 MSPQM - ok
08:52:20.0491 3864 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:52:20.0519 3864 MsRPC - ok
08:52:20.0864 3864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:52:20.0865 3864 mssmbios - ok
08:52:21.0248 3864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:52:21.0263 3864 MSTEE - ok
08:52:21.0357 3864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:52:21.0372 3864 MTConfig - ok
08:52:21.0622 3864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:52:21.0638 3864 Mup - ok
08:52:22.0153 3864 mwlPSDFilter (d36846245cd8d0ac0f6932b0a283dc03) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:52:22.0154 3864 mwlPSDFilter - ok
08:52:22.0539 3864 mwlPSDNServ (f9bffcec7d0c1207c7b295c6c7d6f325) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:52:22.0539 3864 mwlPSDNServ - ok
08:52:22.0948 3864 mwlPSDVDisk (a8021ea6a76c7e73d7dddf3f8cec2750) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:52:22.0948 3864 mwlPSDVDisk - ok
08:52:23.0312 3864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:52:23.0327 3864 NativeWifiP - ok
08:52:24.0061 3864 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:52:24.0107 3864 NDIS - ok
08:52:24.0529 3864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:52:24.0560 3864 NdisCap - ok
08:52:24.0872 3864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:52:24.0887 3864 NdisTapi - ok
08:52:25.0307 3864 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:52:25.0324 3864 Ndisuio - ok
08:52:25.0624 3864 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:52:25.0635 3864 NdisWan - ok
08:52:26.0141 3864 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:52:26.0172 3864 NDProxy - ok
08:52:26.0484 3864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:52:26.0484 3864 NetBIOS - ok
08:52:26.0843 3864 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:52:26.0858 3864 NetBT - ok
08:52:29.0374 3864 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
08:52:29.0778 3864 NETw5s64 - ok
08:52:30.0673 3864 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
08:52:31.0032 3864 netw5v64 - ok
08:52:31.0433 3864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:52:31.0451 3864 nfrd960 - ok
08:52:31.0864 3864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:52:31.0884 3864 Npfs - ok
08:52:32.0077 3864 NPPTNT2 - ok
08:52:32.0207 3864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:52:32.0207 3864 nsiproxy - ok
08:52:32.0472 3864 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
08:52:32.0503 3864 Ntfs - ok
08:52:32.0893 3864 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\Drivers\NTIDrvr.sys
08:52:32.0893 3864 NTIDrvr - ok
08:52:33.0252 3864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:52:33.0267 3864 Null - ok
08:52:33.0626 3864 nuvotoncir (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys
08:52:33.0657 3864 nuvotoncir - ok
08:52:33.0985 3864 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
08:52:33.0985 3864 NVHDA - ok
08:52:37.0584 3864 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:52:37.0662 3864 nvlddmkm - ok
08:52:38.0411 3864 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
08:52:38.0489 3864 nvraid - ok
08:52:39.0019 3864 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
08:52:39.0082 3864 nvstor - ok
08:52:39.0441 3864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:52:39.0441 3864 nv_agp - ok
08:52:39.0472 3864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:52:39.0487 3864 ohci1394 - ok
08:52:40.0033 3864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:52:40.0033 3864 Parport - ok
08:52:40.0408 3864 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
08:52:40.0423 3864 partmgr - ok
08:52:40.0795 3864 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:52:40.0842 3864 pci - ok
08:52:41.0288 3864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
08:52:41.0290 3864 pciide - ok
08:52:41.0631 3864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:52:41.0653 3864 pcmcia - ok
08:52:42.0105 3864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:52:42.0121 3864 pcw - ok
08:52:42.0811 3864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:52:42.0836 3864 PEAUTH - ok
08:52:43.0495 3864 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
08:52:43.0514 3864 Point64 - ok
08:52:43.0933 3864 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:52:43.0954 3864 PptpMiniport - ok
08:52:44.0468 3864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:52:44.0499 3864 Processor - ok
08:52:45.0232 3864 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:52:45.0232 3864 Psched - ok
08:52:46.0246 3864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:52:46.0356 3864 ql2300 - ok
08:52:46.0777 3864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:52:46.0777 3864 ql40xx - ok
08:52:47.0245 3864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:52:47.0245 3864 QWAVEdrv - ok
08:52:47.0401 3864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:52:47.0401 3864 RasAcd - ok
08:52:47.0791 3864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:52:47.0806 3864 RasAgileVpn - ok
08:52:48.0600 3864 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:52:48.0631 3864 Rasl2tp - ok
08:52:49.0160 3864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:52:49.0178 3864 RasPppoe - ok
08:52:49.0337 3864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:52:49.0360 3864 RasSstp - ok
08:52:49.0629 3864 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:52:49.0651 3864 rdbss - ok
08:52:50.0141 3864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:52:50.0144 3864 rdpbus - ok
08:52:50.0855 3864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:52:50.0870 3864 RDPCDD - ok
08:52:51.0323 3864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:52:51.0338 3864 RDPENCDD - ok
08:52:51.0697 3864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:52:51.0713 3864 RDPREFMP - ok
08:52:51.0931 3864 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
08:52:52.0056 3864 RDPWD - ok
08:52:52.0586 3864 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
08:52:52.0586 3864 rdyboost - ok
08:52:52.0961 3864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:52:52.0992 3864 rspndr - ok
08:52:53.0413 3864 RTSTOR (08b11de788a34033f3ebf72fc4178027) C:\Windows\system32\drivers\RTSTOR64.SYS
08:52:53.0460 3864 RTSTOR - ok
08:52:53.0725 3864 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
08:52:53.0725 3864 SbieDrv - ok
08:52:54.0333 3864 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:52:54.0349 3864 sbp2port - ok
08:52:54.0895 3864 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:52:54.0911 3864 scfilter - ok
08:52:55.0784 3864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:52:55.0800 3864 secdrv - ok
08:52:56.0252 3864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:52:56.0315 3864 Serenum - ok
08:52:56.0840 3864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:52:56.0892 3864 Serial - ok
08:52:57.0294 3864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:52:57.0295 3864 sermouse - ok
08:52:57.0546 3864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:52:57.0548 3864 sffdisk - ok
08:52:57.0766 3864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:52:57.0781 3864 sffp_mmc - ok
08:52:58.0249 3864 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:52:58.0280 3864 sffp_sd - ok
08:52:58.0592 3864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:52:58.0630 3864 sfloppy - ok
08:52:59.0157 3864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:52:59.0186 3864 SiSRaid2 - ok
08:52:59.0439 3864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:52:59.0439 3864 SiSRaid4 - ok
08:52:59.0845 3864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:52:59.0860 3864 Smb - ok
08:52:59.0907 3864 speedfan - ok
08:53:00.0676 3864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:53:00.0711 3864 spldr - ok
08:53:01.0351 3864 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
08:53:01.0358 3864 srv - ok
08:53:01.0768 3864 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
08:53:01.0768 3864 srv2 - ok
08:53:02.0236 3864 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
08:53:02.0283 3864 srvnet - ok
08:53:03.0016 3864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:53:03.0032 3864 stexstor - ok
08:53:03.0469 3864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:53:03.0469 3864 swenum - ok
08:53:03.0812 3864 SynTP (379ffa51dd61cd2dd2a0edfe00fb6e11) C:\Windows\system32\DRIVERS\SynTP.sys
08:53:03.0812 3864 SynTP - ok
08:53:05.0169 3864 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
08:53:05.0231 3864 Tcpip - ok
08:53:05.0887 3864 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
08:53:05.0902 3864 TCPIP6 - ok
08:53:06.0589 3864 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:53:06.0604 3864 tcpipreg - ok
08:53:07.0041 3864 TcUsb (951f59af0b707415f9e567d17ff2a7c0) C:\Windows\system32\Drivers\tcusb.sys
08:53:07.0041 3864 TcUsb - ok
08:53:07.0481 3864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:53:07.0509 3864 TDPIPE - ok
08:53:07.0897 3864 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:53:07.0909 3864 TDTCP - ok
08:53:08.0230 3864 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:53:08.0257 3864 tdx - ok
08:53:08.0635 3864 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:53:08.0635 3864 TermDD - ok
08:53:09.0103 3864 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:53:09.0134 3864 tssecsrv - ok
08:53:09.0592 3864 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:53:09.0613 3864 tunnel - ok
08:53:09.0871 3864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:53:09.0923 3864 uagp35 - ok
08:53:10.0481 3864 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
08:53:10.0496 3864 UBHelper - ok
08:53:11.0073 3864 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:53:11.0105 3864 udfs - ok
08:53:11.0401 3864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:53:11.0401 3864 uliagpkx - ok
08:53:11.0760 3864 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:53:11.0778 3864 umbus - ok
08:53:12.0045 3864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:53:12.0064 3864 UmPass - ok
08:53:12.0544 3864 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
08:53:12.0559 3864 usbccgp - ok
08:53:13.0012 3864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:53:13.0027 3864 usbcir - ok
08:53:13.0417 3864 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
08:53:13.0448 3864 usbehci - ok
08:53:13.0916 3864 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
08:53:13.0958 3864 usbhub - ok
08:53:14.0463 3864 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
08:53:14.0545 3864 usbohci - ok
08:53:14.0998 3864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:53:15.0013 3864 usbprint - ok
08:53:15.0481 3864 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:53:15.0517 3864 usbscan - ok
08:53:16.0109 3864 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:53:16.0158 3864 USBSTOR - ok
08:53:16.0672 3864 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:53:16.0687 3864 usbuhci - ok
08:53:17.0109 3864 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
08:53:17.0124 3864 usbvideo - ok
08:53:17.0535 3864 VBoxNetAdp (47499fe912f0b4e7664f8498f2906f0e) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
08:53:17.0538 3864 VBoxNetAdp - ok
08:53:17.0848 3864 VBoxNetFlt - ok
08:53:18.0121 3864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:53:18.0150 3864 vdrvroot - ok
08:53:18.0516 3864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:53:18.0548 3864 vga - ok
08:53:18.0891 3864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:53:18.0922 3864 VgaSave - ok
08:53:19.0312 3864 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:53:19.0328 3864 vhdmp - ok
08:53:19.0713 3864 vhidmini (1161acff728d97f75d74d2f1465f8a46) C:\Windows\system32\DRIVERS\vHidDev.sys
08:53:19.0734 3864 vhidmini - ok
08:53:20.0283 3864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:53:20.0333 3864 viaide - ok
08:53:20.0695 3864 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:53:20.0711 3864 volmgr - ok
08:53:21.0085 3864 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:53:21.0101 3864 volmgrx - ok
08:53:21.0577 3864 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:53:21.0582 3864 volsnap - ok
08:53:22.0000 3864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:53:22.0054 3864 vsmraid - ok
08:53:22.0850 3864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:53:22.0851 3864 vwifibus - ok
08:53:23.0349 3864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:53:23.0367 3864 vwififlt - ok
08:53:23.0872 3864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:53:23.0872 3864 WacomPen - ok
08:53:24.0669 3864 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:53:24.0689 3864 WANARP - ok
08:53:24.0737 3864 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:53:24.0738 3864 Wanarpv6 - ok
08:53:25.0125 3864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:53:25.0125 3864 Wd - ok
08:53:25.0313 3864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:53:25.0325 3864 Wdf01000 - ok
08:53:25.0595 3864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:53:25.0596 3864 WfpLwf - ok
08:53:25.0644 3864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:53:25.0645 3864 WIMMount - ok
08:53:25.0841 3864 winbondcir (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys
08:53:25.0843 3864 winbondcir - ok
08:53:26.0280 3864 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
08:53:26.0283 3864 WinUsb - ok
08:53:26.0648 3864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:53:26.0649 3864 WmiAcpi - ok
08:53:26.0928 3864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:53:26.0930 3864 ws2ifsl - ok
08:53:27.0023 3864 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:53:27.0025 3864 WudfPf - ok
08:53:27.0172 3864 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:53:27.0172 3864 WUDFRd - ok
08:53:27.0393 3864 X6va001 - ok
08:53:27.0433 3864 MBR (0x1B8) (5586eabcc0d095db340d873e2b236896) \Device\Harddisk0\DR0
08:53:27.0580 3864 \Device\Harddisk0\DR0 - ok
08:53:27.0594 3864 Boot (0x1200) (d54fc630b502a3eaeb96f3a214f40aee) \Device\Harddisk0\DR0\Partition0
08:53:27.0595 3864 \Device\Harddisk0\DR0\Partition0 - ok
08:53:27.0596 3864 ============================================================
08:53:27.0596 3864 Scan finished
08:53:27.0596 3864 ============================================================
08:53:27.0622 3872 Detected object count: 0
08:53:27.0622 3872 Actual detected object count: 0
to forum · permalink · 2011-11-08 08:55:19 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

Re: google redirect "striking search systems"

Thanks for the TDSS log...

You have a lil more to do for us for proper review...

Please follow all the steps for our forum carefully:

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Our FAQ will tell you what programs we need and how to attempt to get them to run .

It will also show what logs need to be attached to your post - as well as where to locate them

Post back when completed, we'll be waiting

»Security Cleanup FAQ »How to post for assistance
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-11-08 10:43:42 ·

pilvlp

join:2006-03-21
Mishawaka, IN

Running sophos and will run malwarebytes afterwards.

to forum · permalink · 2011-11-08 11:13:08 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to pilvlp

Re: google redirect "striking search systems"

Copy/paste the following into your next post (in order):

the contents of the MBAM log (Step 2)
the contents of OTL.txt (Step 3)
the contents of Extras.txt (Step 3)
the contents of checkup.txt (Step 4)
the contents of the Online AntiVirus Scan log (Step 5)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-11-08 11:52:09 ·

pilvlp

join:2006-03-21
Mishawaka, IN

quote:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8111

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/8/2011 7:55:52 AM
mbam-log-2011-11-08 (07-55-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 563644
Time elapsed: 2 hour(s), 13 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Acer\AppData\Local\138e3774\X (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Acer\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\MDUYTUCR\d1j_ouk4[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Acer\AppData\Local\Temp\23D6.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
to forum · permalink · 2011-11-08 22:37:18 ·

pilvlp

join:2006-03-21
Mishawaka, IN

otl.txt

quote:
OTL logfile created on: 11/8/2011 10:29:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Acer\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 64.42% Memory free
7.93 Gb Paging File | 6.44 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.40 Gb Total Space | 28.02 Gb Free Space | 12.95% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/11/08 22:26:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Downloads\OTL.exe
PRC - [2011/09/29 11:51:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/31 16:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/09 12:45:42 | 002,922,496 | ---- | M] (WhatPulse.org) -- C:\Program Files (x86)\WhatPulse\WhatPulse.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/09/05 03:02:16 | 003,453,440 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 03:02:02 | 003,367,936 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/26 22:38:38 | 000,305,448 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/11/01 04:33:28 | 000,411,192 | ---- | M] () -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\ppGoogleNaClPluginChrome.dll
MOD - [2011/11/01 04:33:27 | 003,767,352 | ---- | M] () -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\pdf.dll
MOD - [2011/11/01 04:31:52 | 000,122,952 | ---- | M] () -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\avutil-51.dll
MOD - [2011/11/01 04:31:51 | 000,222,280 | ---- | M] () -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\avformat-53.dll
MOD - [2011/11/01 04:31:49 | 001,745,992 | ---- | M] () -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\avcodec-53.dll
MOD - [2011/11/01 01:15:11 | 008,587,936 | ---- | M] () -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\gcswf32.dll
MOD - [2011/11/01 01:15:11 | 008,587,936 | ---- | M] () -- C:\Users\Acer\AppData\Local\Google\Chrome\APPLIC~1\160912~1.21\gcswf32.dll
MOD - [2011/06/30 23:07:39 | 000,357,376 | ---- | M] () -- C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.3_0\plugin\screen_capture.dll
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2010/07/04 04:50:48 | 000,099,048 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/08/26 19:07:10 | 000,788,512 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 05:10:00 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/09/29 11:51:41 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/01/13 18:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/10/05 02:46:48 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/22 20:25:54 | 001,052,676 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/06/02 11:30:55 | 003,594,440 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 13:17:45 | 000,111,088 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/05 03:02:16 | 003,453,440 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/04/14 17:48:50 | 000,075,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2009/04/11 21:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/03/26 22:38:38 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/02/05 10:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\1314.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/05 13:02:56 | 000,144,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/04 04:50:46 | 000,139,880 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2009/12/21 21:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/09/15 18:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 13:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009/06/11 00:34:00 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/09 19:07:58 | 000,063,504 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 15:04:00 | 000,056,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C60x64.sys -- (L1C)
DRV:64bit: - [2009/03/26 22:40:16 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/03/26 22:40:16 | 000,022,064 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/03/26 22:40:16 | 000,020,528 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/03/25 02:48:32 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/03/05 12:41:00 | 000,262,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/02/06 19:33:36 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2008/01/30 04:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007/03/28 09:50:16 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2004/12/28 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »homepage.acer.com/rdr.aspx?b=ACA···46m4u71p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »homepage.acer.com/rdr.aspx?b=ACA···46m4u71p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »homepage.acer.com/rdr.aspx?b=ACA···46m4u71p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = »global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.26.2
FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.2
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.93
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: betterfacebook@mattkruse.com:5.931
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/04 01:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/03 00:34:03 | 000,000,000 | ---D | M]

[2011/10/05 14:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2011/10/05 14:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011/11/07 01:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions
[2011/10/01 19:06:46 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/08/12 00:52:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/11 22:31:53 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/08/12 00:52:29 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/09/09 22:56:34 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions\battlefieldheroespatcher@ea.com
[2010/12/20 16:34:43 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions\battlefieldplay4free@ea.com
[2011/09/22 16:22:51 | 000,000,000 | ---D | M] (Better Facebook!) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions\betterfacebook@mattkruse.com
[2010/08/24 19:20:39 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ejmrt4h7.default\extensions\runtime@panda3d.org
[2010/09/12 16:33:50 | 000,000,923 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ejmrt4h7.default\searchplugins\conduit.xml
[2011/11/07 01:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/02 17:52:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/12 00:36:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/01 00:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/25 02:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/03 00:08:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/02/21 05:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/30 00:24:59 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.0.31.200\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\16.0.912.21\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.3_0\plugin/screen_capture.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg\0.95_0\plugin/npfireshot.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.3_0\
CHR - Extension: Click to change the icon's color = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg\0.95_0\
CHR - Extension: TwitterBar = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbadgdglepgngpoeijdgicjccomadekm\2.7.0.4_0\
CHR - Extension: TwitterBar = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbadgdglepgngpoeijdgicjccomadekm\2.7.0.4_0\__MACOSX\._
CHR - Extension: Gmail = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe (WhatPulse.org)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} »www.nvidia.com/content/DriverDow···_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91D625C1-866F-457D-80E9-74AE46C9447D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F790BC89-052E-4F7C-8279-E0648FA1BC33}: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Acer\Pictures\100_4616.JPG
O24 - Desktop BackupWallPaper: C:\Users\Acer\Pictures\100_4616.JPG
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/11/08 22:25:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 22:22:17 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2011/11/08 08:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/11/08 08:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/11/07 12:16:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/07 04:23:57 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/11/07 04:19:37 | 000,000,000 | -HSD | C] -- C:\Users\Acer\AppData\Local\138e3774
[2011/11/03 00:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/03 00:08:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/03 00:08:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/03 00:08:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/05 21:14:53 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2009/06/18 21:44:31 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/11/08 22:30:42 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 22:30:42 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 22:26:12 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 22:23:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 22:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 22:23:09 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 22:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357841743-3482107966-3819420147-1000UA.job
[2011/11/08 21:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 21:51:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1357841743-3482107966-3819420147-1000UA.job
[2011/11/08 18:51:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1357841743-3482107966-3819420147-1000Core.job
[2011/11/08 08:02:23 | 000,779,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 08:02:23 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 08:02:23 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 04:02:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357841743-3482107966-3819420147-1000Core.job
[2011/11/07 00:19:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/06 20:06:53 | 000,004,151 | ---- | M] () -- C:\Users\Acer\NEWhoboheal.ezm
[2011/11/04 21:40:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\UpdateCheck.job
[2011/11/03 11:03:13 | 000,002,556 | ---- | M] () -- C:\Users\Acer\Desktop\Google Chrome.lnk
[2011/11/03 11:03:13 | 000,002,104 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/08/30 00:20:51 | 000,000,056 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2011/08/26 17:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/07/14 15:30:48 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/10 11:47:59 | 000,005,588 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/04/11 22:05:46 | 000,007,606 | ---- | C] () -- C:\Users\Acer\AppData\Local\resmon.resmoncfg
[2010/11/04 20:30:35 | 000,145,536 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/09 23:03:27 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/09 23:03:26 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010/09/09 23:03:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/05 04:59:50 | 000,000,155 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2010/09/03 12:15:29 | 000,018,432 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 22:32:02 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/08/26 22:32:02 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/08/12 01:19:37 | 000,773,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/05 21:24:50 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/05 21:24:50 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/05 21:24:49 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/08/05 21:14:53 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2010/08/05 21:14:53 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2010/08/05 21:14:53 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2010/08/05 21:14:53 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2010/08/05 21:14:53 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2010/08/05 17:42:07 | 000,000,051 | ---- | C] () -- C:\Windows\EZMacros.INI
[2010/08/05 17:41:20 | 000,000,534 | ---- | C] () -- C:\Windows\unezmac.ini
[2010/08/04 12:33:08 | 000,000,094 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\wklnhst.dat
[2010/08/03 23:18:25 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/16 20:11:15 | 000,000,000 | ---- | C] () -- C:\Windows\BBCAuto.INI
[2010/07/12 23:08:04 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/07/03 13:32:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/03 13:32:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/07/03 13:32:16 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/07/03 13:32:16 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/03 13:32:16 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/24 18:20:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/21 16:58:19 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:24:58 | 000,034,699 | ---- | C] () -- C:\Windows\SysWow64\hlp.dat
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 07:13:50 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\rasautouu.exe

[color=#E56717]========== LOP Check ==========[/color]

[2010/08/12 00:52:16 | 000,000,000 | -HSD | M] -- C:\Users\Acer\AppData\Roaming\.#
[2010/08/26 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\.minecraft
[2011/04/22 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\.purple
[2010/10/18 23:27:41 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\2K Sports
[2010/08/12 00:52:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer
[2010/08/12 00:52:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer GameZone Console
[2011/02/07 11:10:20 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Audacity
[2011/08/30 00:24:57 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Babylon
[2010/08/12 00:52:17 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Big Fish Games
[2011/05/23 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Bitcoin
[2011/11/07 04:15:08 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\BitComet
[2010/08/12 00:52:19 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DAEMON Tools Lite
[2010/09/23 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DNA
[2011/03/18 20:16:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\EPSON
[2010/10/03 00:53:02 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\FireShot
[2010/08/12 00:52:19 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Leadertech
[2010/08/24 01:27:28 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\LolClient
[2010/08/12 00:52:29 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PowerCinema
[2011/01/30 17:28:38 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Razer
[2010/08/12 00:52:29 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Rock Manager
[2010/12/27 09:06:58 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\runic games
[2010/08/12 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SoftDMA
[2010/08/12 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Sports Interactive
[2010/09/12 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\StreamTorrent
[2011/05/13 23:11:23 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SystemRequirementsLab
[2010/08/30 02:44:40 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TalesRunner
[2010/08/04 12:33:08 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Template
[2011/10/05 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TomTom
[2011/06/04 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TS3Client
[2010/08/12 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Universal Boxing Manager
[2010/11/28 13:05:35 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\WhatPulse
[2010/08/21 02:36:36 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Worldwinner
[2011/11/07 00:19:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/11/08 18:51:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1357841743-3482107966-3819420147-1000Core.job
[2011/11/08 21:51:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1357841743-3482107966-3819420147-1000UA.job
[2011/02/24 14:00:15 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/04 21:40:11 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\UpdateCheck.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C8B8CEBD
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:F7862839

to forum · permalink · 2011-11-08 22:38:06 ·

pilvlp

join:2006-03-21
Mishawaka, IN

extras.txt

quote:
OTL Extras logfile created on: 11/8/2011 10:29:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Acer\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 64.42% Memory free
7.93 Gb Paging File | 6.44 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.40 Gb Total Space | 28.02 Gb Free Space | 12.95% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Sandboxie" = Sandboxie 3.46 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CBC1087-4236-4A63-BD81-0753F6554964}" = Acer Crystal Eye Webcam 2.0.7
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{31026088-D918-4AE4-A41D-FD46FE823E4D}" = Return of Warrior
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4241D2E3-7499-49A5-B92C-F26054427F5A}" = Rock Manager
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3â„¢ Open Beta
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{58D335B6-B3C6-4465-AEC3-6442BC323723}" = SharpKeys
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961346DF-FE43-4392-99FC-47B1F5A882C3}" = GKLauncher
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skypeâ„¢ 5.5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C646C3D7-3013-4A78-A0A5-746320F94D77}" = Game Fire
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDF83FDD-89DB-47A4-A541-DD88C52F625A}" = Razer DeathAdder Black Edition Mouse
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Active GIF Creator 3.4" = Active GIF Creator 3.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AutoHotkey" = AutoHotkey 1.0.48.05
"Battlelog Web Plugins" = Battlelog Web Plugins
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BitComet" = BitComet 1.22
"BroadCam" = BroadCam Video Streaming Server
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Debut" = Debut Video Capture Software
"Disney Toontown Online" = Disney Toontown Online
"Eastside UK pre-game Editor for NHL EHM 2007_is1" = Eastside UK pre-game Editor v2007.1.6
"Eastside UK saved game Editor for NHL EHM 2007_is1" = Eastside UK saved game Editor v2007.0.4
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.0" = ESN Sonar
"ExpressBurn" = Express Burn Disc Burning Software
"EZMacros" = EZ Macros
"FrostWire" = FrostWire 4.21.5
"GamersFirst LIVE!" = GamersFirst LIVE!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"Kings Legacy1.0" = Kings Legacy
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
"Life QuestJust For Fun Games" = Life QuestJust For Fun Games
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"mIRC" = mIRC
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.2.9
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SpeedFan" = SpeedFan (remove only)
"Steam App 12900" = Audiosurf
"Steam App 31280" = Poker Night at the Inventory
"Steam App 41500" = Torchlight
"Steam App 440" = Team Fortress 2
"Steam App 46740" = World Basketball Manager 2010
"Steam App 550" = Left 4 Dead 2
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Toontown Keep-Alive" = Toontown Keep-Alive
"UT2004" = Unreal Tournament 2004
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.0
"VTFEdit_is1" = VTFEdit 1.2.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"WhatPulse" = WhatPulse 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Hydro Hydra" = Hydro Hydra
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

to forum · permalink · 2011-11-08 22:39:14 ·

pilvlp

join:2006-03-21
Mishawaka, IN

checkup.txt

quote:
Results of screen317's Security Check version 0.99.24
Windows 7 x64 [color=red](UAC is disabled!)[/color]
Internet Explorer 8 [color=red]Out of date![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Adobe Flash Player ( 10.1.53.64) [color=red]Flash Player Out of Date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````
to forum · permalink · 2011-11-08 22:41:05 ·

pilvlp

join:2006-03-21
Mishawaka, IN

online scan:

quote:
C:\games\Kudos 2\Kudos2.exe probably a variant of Win32/VB.CXDMKJR trojan cleaned by deleting - quarantined
C:\Users\Acer\AppData\Local\Temp\0C49FBCE-BAB0-7891-B423-098B018AC62E\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\Users\Acer\Music\one only nelly CD quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Windows\System32\hlp.dat Win32/Bamital.DZ trojan cleaned by deleting - quarantined
C:\Windows\System32\rasautouu.exe a variant of Win32/TrojanDownloader.Agent.PRS trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.CH trojan
to forum · permalink · 2011-11-09 01:13:44 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to pilvlp
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2011-11-09 12:14:05 ·

pilvlp

join:2006-03-21
Mishawaka, IN

sophos:

quote:
Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 11/8/2011 at 9:07:42 AM
User "Acer" on computer "ACER-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE.
You may not have access rights to the whole registry.
Incorrect function.
Hidden: registry item \HKEY_LOCAL_MACHINE\SAM
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASUV1IC\!c=noopapd;!c=petside;tag=green;site=petside;sect=newsbl;pageid=03405;cont=topic;tandomad=none;dcopt=ist;tile=1;pm=1;xa=n;ord=1335938282[1]
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASUV1IC\0;a18=0;spon=purell;sens=0;m=0;mage=0;area=thestir;gcat=life_home_healthy_living;gid=0;2omk=;tier=default;sz=600x60;tile=3;ord=227727501[1]
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1OEQ77C\nks;an=1;dc=d;btg=an.51;btg=dx.bs;btg=dx.37;btg=dx.38;btg=dx.28;btg=dx.30;btg=dx.34;btg=dx.4;btg=lt.73;btg=lt.1z;ord=0[1].21036692694221548
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2MLC3AAO.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\ico_thumb_up_sml[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\131550292-80x60[1].jpg
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\ifCAOZP8LU.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\ros[2]
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\ads[1].txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVLQRFQV\custom_tab2;sz=195x44;ord=2483214550855458[1].5
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\search[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\91NZG26Z.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KN1YM3LR.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R91BWS4Y.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZQSLRP5X.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\renderContentMetaData[2]
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\gossipcenterCAK6FOIP.htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1OEQ77C\gossipcenterCAM52T8U.htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1OEQ77C\gossipcenterCA4HX1RP.htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\dEl8MTMyMDc3MTExNzI4M3wxfDBGbG9CWEdtcWt8MFJIaGp6aGV0cXw2OTc1ODBkMS0zZjZlLTRmZTctOD Q3Yi1lZTk3OTFkYmIwYTN8MTM3NTAwfDB8LjB8NTAwMDAw@x90[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\get[1].png
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CTSIFJMW.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\tg=dx.bs;btg=dx.37;btg=dx.38;btg=dx.28;btg=dx.30;btg=dx.34;btg=dx.4;btg=lt.73;btg=lt.1z;btg=iblocal.hacz;btg=iblocal[1].games_l;ord=1151440
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\le=1;u=il-10491_ID-08131AB4FC261C29C15A63[1].3DCBF52;ae=false;sc=49;bkv30=0;bkv32=0;bkv33=0;bkv79171=1;grid=-1;olid=-1;ord=4751902912400279
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLXCXD4W\iframe3CA30VD5E.htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLXCXD4W\iframe3CA4MNF2A.htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\data_sync[7].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\data_sync[8].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\data_sync[9].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASUV1IC\googleapis.client__plusone[1].js
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASUV1IC\iframe3CACK4Q8N.htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5VXGT9V0.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\digg[1].png
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\11394023139@x23[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\ajs[2].php
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\myspace[1].png
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\glamadapt_jsrv[1].act
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\follow_me-b[1].png
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\rss[1].png
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\base.css[1].css
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLXCXD4W\chrome-v3-prod.css[1].css
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\adhere_right[1].png
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\searchfastertoday_com[1].txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\left[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1OEQ77C\count[2].json
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLXCXD4W\35350572_avatar_small[1].jpg
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\frm-bg[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\logo[1].jpg
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASUV1IC\count[2].json
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\showMode[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\tab-right[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\1320770046361[1].0
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLXCXD4W\ajs[3].php
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\IMG_narExp_center[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLXCXD4W\BLT_narr_expa_rangeArrow[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLXCXD4W\IMG_narExp_rightCorner[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\count[2].json
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\fp[2]
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\52BJB1KI.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\5a[1].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1OEQ77C\728x90_Loreal_Visionnaire_standard_083011[1].jpg
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVLQRFQV\ajs[8].php
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVLQRFQV\ajs[9].php
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\spub=1;isLog=0;hpcdp=1;tags=animals,awesome%20dog,crying%20kid,dogs,kid;isBreakHotShot=false;brkref=1;mar=adon-hpto;ord=8614615968247858[1]
Hidden: file C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\3F8E.tmp
Hidden: file C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D7CB.tmp
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\harry-potter-finale-top-three-day-opening-ever-492149[1].txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\lg[2].gif
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\ad[2].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\8[1]
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\js[1]
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLXCXD4W\if[10].txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\sheads[1].txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\us_widget[3].txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVLQRFQV\celebspin[8].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\celebspin[3].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASUV1IC\iframe3CAXFZJUY.htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\celebspin[5].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1OEQ77C\01[6].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1OEQ77C\data_sync[8].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W7O52YNH.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\like[10].php
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1OEQ77C\ub=1;isLog=0;hpcdp=1;tags=animals,awesome%20dog,crying%20kid,dogs,kid;isBreakHotShot=false;brkref=1;mar=adon-hpto;ord=3855437917555469[1].5
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\ad[3].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0T8MB8Z\renderContentMetaData[1]
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\SBC6EIQ0.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVLQRFQV\pets-2[1].txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\A613UGDE.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOVD2XS0\alicia-keys[1].txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UXTGYSLR.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\sandboxCAAWBGVX.php
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ASUV1IC\celebspin[6].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14TB9BQF\celebspin[4].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZYSQP0AI.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVLQRFQV\get[2].png
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M7HBFXAB.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CIYLRKWH.txt
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AZZ4CEN\like[4].php
Stopped logging on 11/8/2011 at 12:09:10 PM
to forum · permalink · 2011-11-09 13:46:19 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to pilvlp
Is this what you are seeing?

»removal-tool.blogspot.com/2011/1···-to.html

to forum · permalink · 2011-11-09 14:00:02 ·

pilvlp

join:2006-03-21
Mishawaka, IN

Not that site exactly. It shows many different sites. I can google anything I want, but when I click a link I can see it's searching through or waiting for that website and will usually take me to something totally unrelated to what I wanted. I also can not type urls to get anywhere. To get here, I have to save the webpage as a favorite.

If I leave my computer on my browser will load up with a popup asking me to update flash along with one of their spyware websites.

to forum · permalink · 2011-11-09 14:06:58 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to pilvlp
Do a full sytem scan with your AntiVIrus program, and anti-malware program (if you have one installed).

If neither removes it, you can try the removal tool here:
»www.removeonline.com/how-to-remo···m-virus/

Note: if you search for 'remove striking search', there are lots of suggestions and programs. A few sites provide instructions for manual removal. Many are for tech support sites or for programs which will detect but only remove for $$$.

Post back and let me know how the removal tool worked.

As with all malware removal tools, backup you data first. I am not familiar with this specific tool so can not make any statements about it.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2011-11-09 14:26:30 ·

pilvlp

join:2006-03-21
Mishawaka, IN

I did some research before I posted here. Nothing sounded promising so I decided to post here. That program requires you to buy it to delete anything.

to forum · permalink · 2011-11-09 14:45:41 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to pilvlp
I'm not surprised. As I mentioned, I had not checked all those sites out.

Here is one with manual removal instructions:
»www.zimbio.com/Spyware/articles/···chsystem
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2011-11-09 14:49:18 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to pilvlp
PS: A search a t two major malware removal sites returns nothing other than a new log posted today. This may be a new exploit.

to forum · permalink · 2011-11-09 15:14:48 ·

pilvlp

join:2006-03-21
Mishawaka, IN

I deleted everything the website asked and the problem still occurs. The redirecting site is now called "www.famoussearchsystem.com"

to forum · permalink · 2011-11-09 15:26:38 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to pilvlp

Re: google redirect striking search systems and famous search

A log at Bleeping Computer has the famoussearch exploit. But it's new today and no solution.

I know it will be resolved but it may take a few days before anything is released. I would guess that MBAM will among the first to have a solution.

Sadly, that does little for you at this time. You can pay, reformat, or wait. Not pleasant but unfortunately I have no other suggestions.

Paying would be a last resort since the is no guarantee it will work.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2011-11-09 15:34:04 ·
Forums > Broadband Tech > Security > Security Cleanup
page: 1 · 2

Friday, 01-Jun 18:35:11 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics