Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Suppressing Web Access

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Suppressing Web Access

Unread postby Haystack » January 14th, 2011, 1:55 am

Recently "System Tools 2011" and "Disk Defragmenter" cropped up on my system. By running SpyBot in Safe Mode and deleting the files associated with the desktop shortcuts, I was able to remove the applications themselves. However, whatever some component of the malware is still present and interfering with my web access. Pages do not load on Chrome at all. IE does not seem to work, either. The Firefox application occasionally opens, and I get advertising tabs popping up as I browse. SpyBot and Mbam no longer detect malware.

I would be most appreciative for whatever help you are able to lend. My HJ and Uninstall logs follow:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:42:06 AM, on 1/14/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\staples\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\socio\client.exe
C:\Users\staples\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\Windows\TEMP\E_S592A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Users\staples\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOffice\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 14188 bytes

Uninstall:

ABBYY FineReader 6.0 Sprint
Acer Arcade Deluxe
Acer Assist
Acer Camera Driver
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer OrbiCam Application
Acer Registration
Acer ScreenSaver
Acer Tour
Add or Remove Adobe Creative Suite 3 Design Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Standard
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Manager Deluxe 4.1
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agere Systems HDA Modem
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
ArcSoft PhotoImpression 6
Audacity 1.2.6
Audible Download Manager
AutocompletePro
Bonjour
Brother HL-5040
Canon ScanGear Starter
CanoScan Toolbox Ver4.9
CoverFactory 2.50
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
EA Download Manager
EA Download Manager UI
EA Download Manager UI
Easy Thumbnails (Remove only)
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V200 Photo Scanner Driver Update
EPSON Perfection V200P User's Guide
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
FileZilla Client 3.2.8.1
Free Mp3 Wma Ogg Converter 7.1.1
GameTap Player
GMABooster
HomeBase 2.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hyplay
Impulse
Impulse
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Ipswitch WS_FTP Home 2007
IrfanView (remove only)
iTunes
iTunes Sync
Java(TM) 6 Update 15
LAME v3.98.2 for Audacity
Launch Manager V1.1.1.4
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Video Enumerator
Matrix-ks
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Monitor Calibration Wizard 1.0
Mozilla Firefox (3.0.19)
MP3 WAV WMA Converter
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Netflix Movie Viewer
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OpenOffice.org Installer 1.0
PDF Settings
PowerProducer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Rhapsody
Rhapsody Player Engine
Safari
Screenshot Pilot version 1.46.01
SecondLife (remove only)
Shipping Assistant 3.7
Skype™ 4.1
SL Friends Monitor v1.7
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Sociolotron 1.0
SPORE™
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Synaptics Pointing Device Driver
TBS WMP Plug-in
Texas Instruments PCIxx21/x515/xx12 drivers.
Trillian
VC80CRTRedist - 8.0.50727.4053
Vuze
Vuze Remote Toolbar
WinRAR archiver
Wisdom-soft ScreenHunter 5.0 Free
Yahoo! Messenger
Haystack
Regular Member
 
Posts: 18
Joined: January 14th, 2011, 1:47 am
Advertisement
Register to Remove

Re: Malware Suppressing Web Access

Unread postby deltalima » January 16th, 2011, 12:38 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Suppressing Web Access

Unread postby deltalima » January 16th, 2011, 1:01 pm

Hi Haystack,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Vuze
    Vuze Remote Toolbar


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

No anti-virus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator.then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Suppressing Web Access

Unread postby Haystack » January 16th, 2011, 4:15 pm

Thank you very much for your help. I uninstalled Vuze and Vuze Toolbar, though the "Vuze Remote Toolbar" item still appears in appwiz. The application is no longer on my Firefox toolbar, and when I try a second time to uninstall it, I get a message "Could not open INSTALL.LOG file."

I installed MS Security Essentialls.

A "Host Process for Windows is not working" crash dialog just popped up on my system -- this has happening regularly.

My CKscanner and MGA Dialog logs follow:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97
Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=
Windows Product ID: 89578-OEM-7332157-00211
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6000.2.00010300.0.0.003
ID: {E1A2A729-C0A9-4ECA-8B49-D95D7BFCDB24}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_gdr.080917-1612
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E1A2A729-C0A9-4ECA-8B49-D95D7BFCDB24}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6CJ97</PKey><PID>89578-OEM-7332157-00211</PID><PIDType>2</PIDType><SID>S-1-5-21-3301902784-2558772550-3691095244</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 9410</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.18 </Version><SMBIOSVersion major="2" minor="4"/><Date>20061225000000.000000+000</Date></BIOS><HWID>E5313507010000FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57790</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6000.16509
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500211-02-1033-6000.0000-1862007
Installation ID: 161172438971117116940864128076576041649750535002634670
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57201
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57203
Use License URL: http://go.microsoft.com/fwlink/?LinkId=57205
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57204
Partial Product Key: 6CJ97
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAeqjGYzCNSK/qTrwC7HEK8vL00gzGQf69rFb0SA==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CALISTGA
FACP INTEL CALISTGA
HPET INTEL CALISTGA
BOOT PTLTD $SBFTBL$
MCFG INTEL CALISTGA
TCPA PTLTD CALISTGA
SLIC ACRSYS ACRPRDCT
APIC INTEL CALISTGA
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
Haystack
Regular Member
 
Posts: 18
Joined: January 14th, 2011, 1:47 am

Re: Malware Suppressing Web Access

Unread postby deltalima » January 16th, 2011, 4:22 pm

Hi Haystack,

The copy of Microsoft Office Professional Edition 2003 that you are using has a license key that has been blocked by Microsoft. If you wish to continue then please uninstall Microsoft Office Professional Edition 2003 and let me know.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Suppressing Web Access

Unread postby Haystack » January 16th, 2011, 4:28 pm

Done.

New error dialog -- "Application Later Gateway Service stopped working and was closed."
Haystack
Regular Member
 
Posts: 18
Joined: January 14th, 2011, 1:47 am

Re: Malware Suppressing Web Access

Unread postby deltalima » January 16th, 2011, 4:31 pm

Hi Haystack,

reboot the computer.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Suppressing Web Access

Unread postby Haystack » January 16th, 2011, 5:34 pm

GMER is consistently blue screening my system, about 30 seconds into the scan, even in safe mode.

Here are my ORL and Extras logs:

OTL logfile created on: 1/16/2011 3:43:11 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\staples\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.62 Gb Total Space | 14.36 Gb Free Space | 20.33% Space Free | Partition Type: NTFS
Drive D: | 70.61 Gb Total Space | 36.90 Gb Free Space | 52.26% Space Free | Partition Type: NTFS

Computer Name: WALTERLAPTOP | User Name: staples | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\staples\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\System32\drivers\WTSrv.exe (Tablet Driver)
PRC - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Windows\System32\WTClient.exe (Tablet Driver)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\WButton.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\BRSS01A.EXE (brother Industries Ltd)
PRC - C:\Program Files\Launch Manager\OSDCtrl.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\Program Files\Launch Manager\LaunchAp.exe ()
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\staples\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\eNetHook.dll (acer)
MOD - C:\Windows\System32\odbc32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mfc42.dll (Microsoft Corporation)
MOD - C:\Windows\System32\odbcint.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Squid) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WinTabService) -- C:\Windows\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Brother XP spl Service) -- C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (ATMsrvc) -- C:\Windows\System32\ATMsrvc.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (PortTalk) -- C:\Windows\System32\drivers\porttalk.sys (Beyond Logic http://www.beyondlogic.org)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (PTSimBus) -- C:\Windows\System32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (UCTblHid) -- C:\Windows\System32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (TClass2k) -- C:\Windows\System32\drivers\TClass2k.sys (Tablet Driver)
DRV - (Tablet2k) -- C:\Windows\System32\Drivers\Tablet2k.sys (Windows (R) Server 2003 DDK provider)
DRV - (PTSimHid) -- C:\Windows\System32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (LVUVC) Acer OrbiCam(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: YPlayer@yummy.net:1.0.0.15


FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010/05/20 22:11:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/14 19:54:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 14:46:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/16 15:27:05 | 000,000,000 | ---D | M]

[2008/08/26 06:41:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\staples\AppData\Roaming\mozilla\Extensions
[2011/01/16 14:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\staples\AppData\Roaming\mozilla\Firefox\Profiles\u51i26sw.default\extensions
[2011/01/14 00:09:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\staples\AppData\Roaming\mozilla\Firefox\Profiles\u51i26sw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/15 00:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/20 18:32:07 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Program Files\Mozilla Firefox\extensions\YPlayer@yummy.net
[2010/05/20 22:11:21 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\PROGRAM FILES\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM
[2010/06/14 19:54:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/03/29 06:34:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2008/09/26 21:12:56 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2009/03/29 05:52:12 | 000,303,871 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10469 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PowerKey] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000..\Run: [Acer Tour Reminder] File not found
O4 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000..\Run: [EPSON Stylus Photo R260 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000..\Run: [MCW Startup] C:\Program Files\Monitor Calibration Wizard\MCW.exe ()
O4 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-3301902784-2558772550-3691095244-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7dc44646-d61d-11dd-9cdd-0016d35826ba}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{7dc44646-d61d-11dd-9cdd-0016d35826ba}\Shell\phone\command - "" = G:\autorun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/16 15:41:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\staples\Desktop\OTL.exe
[2011/01/16 15:40:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\staples\Desktop\TFC.exe
[2011/01/16 15:26:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/16 15:02:28 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/01/16 15:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/01/16 14:59:44 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\staples\Desktop\MGADiag.exe
[2011/01/16 14:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/14 15:35:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/14 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 15:35:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/14 00:40:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\staples\Desktop\HijackThis.exe
[2011/01/13 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\staples\AppData\Roaming\Malwarebytes
[2011/01/13 23:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/13 23:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 22:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011/01/13 22:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/01/13 19:50:10 | 000,000,000 | -H-D | C] -- C:\Users\staples\AppData\Local\{FE21C290-A630-47D1-B46C-3E29364BD46D}
[2011/01/12 20:46:34 | 000,000,000 | ---D | C] -- C:\Users\staples\Desktop\newspaper_1442374999_files
[2007/04/03 08:02:48 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[8 C:\Users\staples\Desktop\*.tmp files -> C:\Users\staples\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/16 15:43:47 | 000,296,448 | ---- | M] () -- C:\Users\staples\Desktop\qz72h29h.exe
[2011/01/16 15:42:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\staples\Desktop\OTL.exe
[2011/01/16 15:39:49 | 000,000,501 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/01/16 15:39:20 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/01/16 15:38:34 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/16 15:38:34 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/16 15:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/16 15:38:05 | 2674,040,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/16 15:34:07 | 001,955,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/16 15:00:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3301902784-2558772550-3691095244-1000UA.job
[2011/01/16 14:59:51 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\staples\Desktop\MGADiag.exe
[2011/01/16 14:56:42 | 000,453,632 | ---- | M] () -- C:\Users\staples\Desktop\CKScanner.exe
[2011/01/16 14:53:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/16 14:23:09 | 000,000,045 | ---- | M] () -- C:\Windows\CLIENT.INI
[2011/01/14 15:36:38 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 06:01:56 | 000,002,056 | ---- | M] () -- C:\Users\staples\Desktop\Google Chrome.lnk
[2011/01/14 06:01:56 | 000,002,018 | ---- | M] () -- C:\Users\staples\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/14 00:40:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\staples\Desktop\HijackThis.exe
[2011/01/13 22:26:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\staples\Desktop\TFC.exe
[2011/01/13 19:50:11 | 000,000,120 | -H-- | M] () -- C:\Users\staples\AppData\Local\Sgacite.dat
[2011/01/13 19:50:11 | 000,000,000 | -H-- | M] () -- C:\Users\staples\AppData\Local\Akimikere.bin
[2011/01/12 20:46:34 | 000,002,816 | ---- | M] () -- C:\Users\staples\Desktop\newspaper_1442374999.htm
[2011/01/05 14:00:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3301902784-2558772550-3691095244-1000Core.job
[2011/01/02 23:39:38 | 000,870,128 | ---- | M] () -- C:\Windows\System32\mcs.rma
[2011/01/02 23:39:38 | 000,000,004 | ---- | M] () -- C:\Windows\System32\6DBD07
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[8 C:\Users\staples\Desktop\*.tmp files -> C:\Users\staples\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/16 15:43:40 | 000,296,448 | ---- | C] () -- C:\Users\staples\Desktop\qz72h29h.exe
[2011/01/16 14:56:37 | 000,453,632 | ---- | C] () -- C:\Users\staples\Desktop\CKScanner.exe
[2011/01/16 14:53:05 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/14 15:36:38 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 23:28:53 | 2674,040,832 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/13 19:50:11 | 000,000,120 | -H-- | C] () -- C:\Users\staples\AppData\Local\Sgacite.dat
[2011/01/13 19:50:11 | 000,000,000 | -H-- | C] () -- C:\Users\staples\AppData\Local\Akimikere.bin
[2011/01/12 20:46:33 | 000,002,816 | ---- | C] () -- C:\Users\staples\Desktop\newspaper_1442374999.htm
[2010/11/20 18:32:03 | 000,352,648 | ---- | C] () -- C:\Windows\System32\SysCheck2.dll
[2010/06/14 20:02:09 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/06/04 20:34:05 | 000,000,015 | ---- | C] () -- C:\Windows\cfwin.ini
[2010/06/04 20:34:03 | 000,000,098 | ---- | C] () -- C:\Windows\cfwinlib.ini
[2010/05/20 22:09:50 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll
[2009/10/19 17:30:29 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/15 21:59:06 | 000,339,456 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2008/12/19 00:18:20 | 000,000,144 | ---- | C] () -- C:\Windows\PG3prefs.ini
[2008/09/04 21:20:19 | 000,008,567 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/07/30 23:13:15 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2008/04/04 20:29:09 | 000,000,680 | -H-- | C] () -- C:\Users\staples\AppData\Local\d3d9caps.dat
[2008/02/11 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/24 17:44:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/10/24 17:33:08 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV200P.ini
[2007/10/21 14:28:19 | 000,000,039 | ---- | C] () -- C:\Windows\webica.ini
[2007/10/13 02:16:26 | 000,000,045 | ---- | C] () -- C:\Windows\CLIENT.INI
[2007/10/13 01:02:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/11 20:33:38 | 000,000,447 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007/10/11 20:33:38 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2007/10/11 20:33:33 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2007/10/11 20:32:17 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2007/10/11 20:32:16 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2007/10/11 20:32:16 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2007/10/11 20:32:15 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2007/10/11 20:32:13 | 000,011,604 | ---- | C] () -- C:\Windows\HL-5040.INI
[2007/10/11 03:21:48 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/10/11 02:27:09 | 000,000,231 | ---- | C] () -- C:\Windows\POWERPNT.INI
[2007/10/11 02:27:08 | 000,000,064 | ---- | C] () -- C:\Windows\exchng32.ini
[2007/10/11 02:27:08 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini
[2007/10/11 02:27:02 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI
[2007/10/11 02:27:01 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI
[2007/10/11 02:25:14 | 000,000,959 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/07/07 07:58:17 | 000,011,776 | ---- | C] () -- C:\Users\staples\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/20 01:34:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/05/20 01:34:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/05/20 01:33:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/05/20 01:33:09 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/05/20 01:23:39 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/05/20 01:06:40 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/05/20 01:06:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007/04/24 14:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2007/04/03 10:12:05 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/03 09:56:19 | 000,743,424 | R--- | C] () -- C:\Windows\libxml2.dll
[2007/04/03 09:54:49 | 000,872,448 | R--- | C] () -- C:\Windows\iconv.dll
[2007/04/03 08:02:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/03 07:47:25 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/02/07 01:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/07 01:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/07 01:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/07 01:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/07 01:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/07 01:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 17:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/12/02 13:32:24 | 000,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2006/12/02 13:32:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996/03/20 02:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL
[1996/03/20 02:00:00 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OPENENU.DLL
[1996/03/20 02:00:00 | 000,006,352 | ---- | C] () -- C:\Windows\System32\VISXUTIL.DLL
[1996/03/20 02:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI
[1996/03/20 02:00:00 | 000,000,586 | ---- | C] () -- C:\Windows\MSTXTCNV.INI
[1996/03/20 02:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 1512627 bytes -> C:\2008-01-05 at 05:47 PM mr.anf

< End of report >

OTL Extras logfile created on: 1/16/2011 3:43:11 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\staples\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.62 Gb Total Space | 14.36 Gb Free Space | 20.33% Space Free | Partition Type: NTFS
Drive D: | 70.61 Gb Total Space | 36.90 Gb Free Space | 52.26% Space Free | Partition Type: NTFS

Computer Name: WALTERLAPTOP | User Name: staples | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3301902784-2558772550-3691095244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{180B53F0-8A87-44D4-AD6F-D2B6309DEFEF}" = rport=139 | protocol=6 | dir=out | app=system |
"{21E3946E-1BC7-46F0-9331-244EDBFE2DD1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{370B2DA7-B2B8-4903-9EA9-D73D106A0DB7}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CF7FB4E-7A53-48FE-A70D-74342CF05E7C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{414512E8-13F2-4F3A-9EF3-F93DEE12A952}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{735B778E-DB06-4926-A4BA-51305CE60F5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{82D5023E-4D50-47C9-958D-76C84AD5571F}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{87387BA0-1D95-468B-8B3A-5B6817BC4C0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8758B344-6A9D-437B-B841-0102D40BAD2A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{90201976-17C4-42F9-942E-314FF5D4C37E}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{9B0D4E49-F4D2-4D31-AC76-B8CDFA0E2FC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9B3E8F26-5A9A-4A27-96EB-C97318FAD8C6}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C067AAE-443D-4D53-8BA0-CB3A2679E2B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C474651-F9D2-4C11-AD7F-C4EA748473CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A916EDA4-A545-4CA4-B495-80B85D7B317C}" = rport=138 | protocol=17 | dir=out | app=system |
"{ADDBB9EB-7F6C-48F8-A79B-8898E226B1D2}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{B33C65B9-7E09-40ED-B453-9408CA79E51C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B9F02E0E-67CD-4389-9C8F-1CBA0F7C0989}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C60EE8D4-B989-4961-B57F-74C3752E7A44}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D101B0E9-8B83-434E-B194-F5806294C955}" = rport=137 | protocol=17 | dir=out | app=system |
"{D834E998-C47B-4446-A086-6FAC7432E536}" = lport=138 | protocol=17 | dir=in | app=system |
"{E240B087-CCE8-4712-BDA1-89D7BC43229C}" = rport=445 | protocol=6 | dir=out | app=system |
"{E9BAA559-D207-46EE-9D68-1CC76BF47AC1}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE28F5-FDE4-4993-B043-ECAB7EB19FAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{139C5CE9-0BA2-4047-A468-F9C1B62FAF64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3050A474-49E7-4E99-B73F-EC05F49E5FE4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{307AA8FF-7A71-41A0-8B73-75E5F6AE0DAD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31760311-8B2E-43E2-B59D-A6D5BEAE7D92}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{33E02789-0B88-4554-BD77-DD6D7074227D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47806E81-FE27-49A9-A092-5C0917F7A677}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4D18E33E-3BC9-4687-AEDD-C59193F9A7B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EA85029-BDA5-4C37-99D9-62A8AAF2A9AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{53477551-22A9-4634-96DE-DC38AF56A402}" = protocol=6 | dir=in | app=c:\users\staples\appdata\roaming\mjusbsp\magicjack.exe |
"{5B68F343-411A-47B3-89DE-F20058466FF2}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6666E008-5715-419C-9508-016407EA8F88}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{680D1116-AF2C-40CC-95E3-E30551D9393B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{694C52F1-E58A-4F94-A819-354908FD5DAC}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6E34DC08-B498-44A3-8AAB-8F89BA70AA2C}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{72921717-7346-4C9F-AD66-9FF5D24A3B2F}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{74E6F819-A86D-48A6-9AA8-8E3D5FEF55F4}" = protocol=6 | dir=in | app=c:\users\staples\appdata\roaming\mjusbsp\magicjack.exe |
"{779B3A8C-35BE-4E5B-818D-8CD5DBA50980}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7D8D507E-721B-4CD0-AB9D-41646274317B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7DB3023F-7C67-4009-B1D4-696972182EFD}" = protocol=17 | dir=in | app=c:\users\staples\appdata\roaming\mjusbsp\magicjack.exe |
"{837D1437-0E2F-40A6-A040-597DB13ABBA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A71A278-668A-4153-9306-8A765890B3A1}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{8A760E9C-6F97-4E99-87DE-8A8DD8BBA85D}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{8E3E2D94-8597-4580-8D5E-40C5A10F42B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9228439C-24EE-448E-9FB2-1B31517BF7EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A394FA2-1D1D-4F90-B4B1-796761A7E741}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A21EC41C-D119-44A7-BFD3-2D872F25757D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AB8A2D40-8CC3-4413-97DE-1670B15BEDBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B01E0A68-B36F-436C-AC9B-CAA20751324E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C5DB0AD2-C1B3-47D0-A855-9559C60ED36F}" = protocol=17 | dir=in | app=c:\users\staples\appdata\roaming\mjusbsp\magicjack.exe |
"{D9EF294A-F7AB-49E9-9F23-658A1E0D833A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E6CABB93-AE86-411B-A8BA-EDB514DC70F7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{EB673678-B5EF-41B4-BCCC-DDA449B2E956}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{EBB9DBEF-5C61-4BC8-8E2D-867F0748F928}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F70C96CA-E382-4B99-B856-F0BB4A86E51C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{FFF824AC-7A98-4D32-A40E-7833806582A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{08463137-3F14-44C1-9E30-01A9B9D8F60C}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{0AFE10A2-C2FD-4E67-8959-D7F330FC6B1A}C:\squid\sbin\squid.exe" = protocol=6 | dir=in | app=c:\squid\sbin\squid.exe |
"TCP Query User{0C0C54F7-32FC-483B-B1EF-37C68BC73625}C:\socio\_client.exe" = protocol=6 | dir=in | app=c:\socio\_client.exe |
"TCP Query User{0EB77D51-A5B4-445C-8ECB-2C3C65D950D1}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{0FEF922D-5574-46B2-9247-89E8A7C1402A}C:\socio\client.prg" = protocol=6 | dir=in | app=c:\socio\client.prg |
"TCP Query User{35049D49-6FED-4491-B21A-3E673D6E4248}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{38BC98C1-9875-4E76-9797-952C65B72795}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{4D5357EC-85A9-4200-B5A1-A079FBE21975}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{58F9B7B3-845F-4A96-B4EC-97E2AB41F956}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{6B5293B3-CE5A-4A8E-BA16-8107A1957695}C:\socio\client.prg" = protocol=6 | dir=in | app=c:\socio\client.prg |
"TCP Query User{9457693D-1FB3-4879-AFF6-72A574177CF7}C:\socio\_client.exe" = protocol=6 | dir=in | app=c:\socio\_client.exe |
"TCP Query User{D535486D-F2EF-40EB-AC04-DA99026919D1}C:\socio2\client.prg" = protocol=6 | dir=in | app=c:\socio2\client.prg |
"TCP Query User{DEB9631B-F6FC-42E3-ABEA-93CD2C446D20}C:\socio\client.exe" = protocol=6 | dir=in | app=c:\socio\client.exe |
"TCP Query User{E84B7010-4495-438E-9B45-6F357A1D2A99}C:\users\staples\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\staples\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{ED2C6297-1E63-4AC2-9AF0-49DAA55BA1E3}C:\socio\client.exe" = protocol=6 | dir=in | app=c:\socio\client.exe |
"UDP Query User{108F7288-42CF-45E9-B09D-0B9194047AEE}C:\socio\client.exe" = protocol=17 | dir=in | app=c:\socio\client.exe |
"UDP Query User{226ADDE2-35FE-497C-8249-6F06ADE399B6}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{234B96DA-6E08-43F1-8B4B-BE286F6F0BB8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{364C4D31-4F88-4569-BC0B-42FF91F3A40C}C:\socio\_client.exe" = protocol=17 | dir=in | app=c:\socio\_client.exe |
"UDP Query User{5BDB4945-7840-4B91-916C-C1ED046D28D0}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{737F86DC-A36B-4952-8C82-4B2DFFB06DF6}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{7F5F35AB-35F4-49B9-97C1-E6A3AD708096}C:\socio\client.exe" = protocol=17 | dir=in | app=c:\socio\client.exe |
"UDP Query User{8596F15F-36C7-4C93-8BB5-0BF2380BD0F4}C:\socio2\client.prg" = protocol=17 | dir=in | app=c:\socio2\client.prg |
"UDP Query User{8EB4D33F-E565-4304-9F0F-1C2F271CA829}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A846FA2E-14DA-4145-8D47-97221FBCBF8A}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C20A3B1C-CA5C-4BA1-937B-7E004487E949}C:\socio\_client.exe" = protocol=17 | dir=in | app=c:\socio\_client.exe |
"UDP Query User{C31C6946-1622-4413-860F-E11E92416E5B}C:\socio\client.prg" = protocol=17 | dir=in | app=c:\socio\client.prg |
"UDP Query User{F01698EE-42B3-4AE6-B7DD-1DC9CCA61D43}C:\socio\client.prg" = protocol=17 | dir=in | app=c:\socio\client.prg |
"UDP Query User{F3B7FE7D-DCE7-433C-8A51-7E9BF7252B0A}C:\users\staples\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\staples\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{F414B8E1-7990-46A4-A64C-D62A236E9496}C:\squid\sbin\squid.exe" = protocol=17 | dir=in | app=c:\squid\sbin\squid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}" = Safari
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11DE2361-9F73-47B3-B638-2F267927E307}" = Ipswitch WS_FTP Home 2007
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.7
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BED0E00-5A1F-4F0D-AF61-9670E64890C9}" = SmartFTP Client
"{1C278B97-9D25-48B0-9A4E-F4F2BB992043}" = EPSON Perfection V200 Photo Scanner Driver Update
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{222421DC-CAEB-42EC-AF15-09A39AA5C94D}" = Adobe Creative Suite 3 Design Standard
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF1662C-404B-47AD-9D57-5CA7C9307284}_is1" = Free Mp3 Wma Ogg Converter 7.1.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.1.1.4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3A3F5C5-E95B-456D-952B-DDEC3AF68319}_is1" = GameTap Player
"{D4DBF0C9-E294-4C01-A205-73B8ED947D50}" = Adobe Setup
"{D90E81AE-FE2B-4EEC-9052-75EC0E949835}" = Brother HL-5040
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFD0BFEB-980E-491B-833B-A8848E5E0F0F}" = Hyplay
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"8089B79E-5E25-4872-8AC9-058E5F5599EC_is1" = iTunes Sync
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"AcerOrbiCamDrv" = Acer Camera Driver
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Type Manager Deluxe 4.1" = Adobe Type Manager Deluxe 4.1
"Adobe_0e772471f6aed60c960ed52600a76bd" = Add or Remove Adobe Creative Suite 3 Design Standard
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Applian FLV Player2.0.24" = Applian FLV Player
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AutocompletePro2_is1" = AutocompletePro
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CoverFactory 2.50_is1" = CoverFactory 2.50
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EA Download Manager" = EA Download Manager
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.2.8.1
"GMABooster" = GMABooster
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HomeBase 2.3" = HomeBase 2.3
"Impulse" = Impulse
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MP3 WAV WMA Converter" = MP3 WAV WMA Converter
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Screenshot Pilot (full)_is1" = Screenshot Pilot version 1.46.01
"SecondLife" = SecondLife (remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Silent Package Run-Time Sample" = EPSON Perfection V200P User's Guide
"SL Friends Monitor_is1" = SL Friends Monitor v1.7
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Sociolotron" = Sociolotron 1.0
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3301902784-2558772550-3691095244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2008 7:10:24 PM | Computer Name = staples-PC | Source = Google Update | ID = 20
Description =

Error - 9/27/2008 10:38:29 PM | Computer Name = staples-PC | Source = Application Error | ID = 1000
Description = Faulting application Illustrator.exe, version 13.0.128.0, time stamp
0x466f007d, faulting module Illustrator.exe, version 13.0.128.0, time stamp 0x466f007d,
exception code 0xc0000005, fault offset 0x0048cc63, process id 0xd24, application
start time 0x01c9211255c0ff45.

Error - 9/27/2008 10:41:48 PM | Computer Name = staples-PC | Source = Application Error | ID = 1000
Description = Faulting application Illustrator.exe, version 13.0.128.0, time stamp
0x466f007d, faulting module Illustrator.exe, version 13.0.128.0, time stamp 0x466f007d,
exception code 0xc0000005, fault offset 0x0048cc63, process id 0x200, application
start time 0x01c921134ee9a275.

Error - 9/27/2008 10:58:51 PM | Computer Name = staples-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp
0x46d230c5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000024, fault offset 0x00076782, process id 0x808, application
start time 0x01c920fb23b86685.

Error - 10/5/2008 8:13:31 PM | Computer Name = staples-PC | Source = VSS | ID = 8194
Description =

Error - 10/5/2008 8:24:10 PM | Computer Name = staples-PC | Source = VSS | ID = 8194
Description =

Error - 10/5/2008 8:26:52 PM | Computer Name = staples-PC | Source = VSS | ID = 8194
Description =

Error - 10/5/2008 8:49:45 PM | Computer Name = staples-PC | Source = VSS | ID = 8194
Description =

Error - 10/5/2008 9:56:48 PM | Computer Name = staples-PC | Source = Application Error | ID = 1000
Description = Faulting application SporeApp.exe, version 1.1.0.358, time stamp 0x48ca7eb8,
faulting module d3d9.dll, version 6.0.6000.16386, time stamp 0x4549bcc1, exception
code 0xc0000005, fault offset 0x000307a1, process id 0x1274, application start time
0x01c92751093dc6c7.

Error - 10/7/2008 3:10:27 AM | Computer Name = staples-PC | Source = Application Error | ID = 1000
Description = Faulting application SporeApp.exe, version 1.1.0.358, time stamp 0x48ca7eb8,
faulting module SporeApp.exe, version 1.1.0.358, time stamp 0x48ca7eb8, exception
code 0xc0000005, fault offset 0x00bb7314, process id 0xdc0, application start time
0x01c9281e3de2e660.

[ Media Center Events ]
Error - 11/13/2008 11:58:49 PM | Computer Name = staples-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/10/2008 3:43:53 AM | Computer Name = staples-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/1/2009 6:11:31 AM | Computer Name = staples-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/4/2009 7:33:20 PM | Computer Name = staples-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/16/2011 3:02:07 AM | Computer Name = WalterLaptop | Source = DCOM | ID = 10010
Description =

Error - 1/16/2011 3:48:27 PM | Computer Name = WalterLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:47:19 PM on 1/16/2011 was unexpected.

Error - 1/16/2011 3:54:33 PM | Computer Name = WalterLaptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description:
The connection with the server was terminated abnormally

Error - 1/16/2011 4:11:50 PM | Computer Name = WalterLaptop | Source = DCOM | ID = 10010
Description =

Error - 1/16/2011 4:33:06 PM | Computer Name = WalterLaptop | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/16/2011 4:33:15 PM | Computer Name = WalterLaptop | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/16/2011 4:33:50 PM | Computer Name = WalterLaptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/16/2011 4:35:21 PM | Computer Name = WalterLaptop | Source = Service Control Manager | ID = 7026
Description =

Error - 1/16/2011 4:38:13 PM | Computer Name = WalterLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:36:42 PM on 1/16/2011 was unexpected.

Error - 1/16/2011 4:38:26 PM | Computer Name = WalterLaptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >
Haystack
Regular Member
 
Posts: 18
Joined: January 14th, 2011, 1:47 am

Re: Malware Suppressing Web Access

Unread postby deltalima » January 16th, 2011, 5:52 pm

Hi Haystack,

GMER is consistently blue screening my system, about 30 seconds into the scan, even in safe mode.


Please reboot and then run this alternative scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Suppressing Web Access

Unread postby Haystack » January 18th, 2011, 9:38 am

It's a home/personal computer. It was the display unit at Staples when I bought it, so it has their username, etc. Here' the report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x8C745000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x81C00000 PnpManager 3805184 bytes
0x81C00000 RAW 3805184 bytes
0x81C00000 WMIxWDM 3805184 bytes
0x8CE77000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3706880 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x93C00000 Win32k 2097152 bytes
0x93C00000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8D66F000 C:\Windows\system32\drivers\RTKVHDA.sys 1642496 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8D8E3000 C:\Windows\system32\DRIVERS\AGRSM.sys 1167360 bytes (Agere Systems, SoftModem Device Driver)
0x8DEF8000 C:\Windows\system32\DRIVERS\lvuvc.sys 1081344 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x82094000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x80612000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xB3522000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D812000 C:\Windows\System32\drivers\tcpip.sys 856064 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C6A8000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xAA132000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x8202A000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAB11A000 C:\Windows\system32\drivers\HTTP.sys 417792 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8026B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA4E20000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAB757000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x8077E000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D614000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8D3C0000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C66B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8021F000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8DB7D000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAB7C7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8219C000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x823CA000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x81FA1000 ACPI_HAL 212992 bytes
0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8D228000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8DBCE000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8072F000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB67D2000 C:\Windows\System32\Drivers\RDPWD.SYS 188416 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x8C63D000 C:\Windows\system32\drivers\tifm21.sys 188416 bytes (Texas Instruments, tifm21.sys)
0x8D503000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8CE09000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x821D5000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xAA107000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8CE4C000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8D30C000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x807C8000 C:\Windows\system32\DRIVERS\pcmcia.sys 172032 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8DAEE000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8D49C000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB0406000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8BA28000 C:\Windows\system32\DRIVERS\Rtlh86.sys 155648 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x8D203000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x82396000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8043C000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAB7A3000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D370000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x82364000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D46F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAB032000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x80760000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAB014000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA4C1A000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAB0BF000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0xAB0A6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D428000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8CE34000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8C625000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8DB26000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x8D39E000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8DAD7000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xAB60D000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DBB8000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D413000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0xAB052000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D65B000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C612000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8D35D000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAA0F4000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D601000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BA4E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xAA0E2000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x82018000 C:\Windows\system32\drivers\psdvdisk.sys 73728 bytes (HiTRUST, PSD Virtual Disk Driver)
0x82385000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xAB003000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0x8071F000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8971C000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8972C000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80410000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8969C000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x8DE29000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x823BB000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82009000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x897B0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D336000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x8042D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0xA4E10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8BACD000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8D405000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D441000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807F2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BA0F000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8D53D000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D530000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D345000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8BA60000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80212000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAAB48000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8D490000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8BB85000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8BA04000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C607000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D352000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D393000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DAC1000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D3B5000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8DA53000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8BADB000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BA1D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80420000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8D28A000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8BAEB000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D2BC000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D276000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8D294000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x82000000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8BAFE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8BAF5000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8BB10000 C:\Windows\system32\drivers\lvusbsta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0x8BB6A000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x80716000 C:\Windows\system32\DRIVERS\psdfilter.sys 36864 bytes (HiTRUST, PSD Filter Driver)
0x80601000 C:\Windows\system32\drivers\PSDNServ.sys 36864 bytes (HiTRUST, PSD Named Pipe Driver)
0x80262000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8BB61000 C:\Windows\system32\DRIVERS\PTSimBus.sys 36864 bytes (PenTablet Driver, PenTablet Bus enumerator)
0x8BB07000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA4E00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BB73000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BB7C000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80209000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x89AA5000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0x80401000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8025A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x89ADD000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x89AE5000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80201000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x89A85000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89A8D000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8060A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x89B02000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x89AFB000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0x89B2C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80409000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x89BB7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8BBF8000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8042A000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8BB9F000 C:\Windows\System32\Drivers\Hotkey.SYS 12288 bytes
0x85A5A000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB0448000 C:\Windows\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0x8962A000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x89624000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x89614000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00AD0000 Hidden Image-->eLock.Serv.Library.dll [ EPROCESS 0x87F27D90 ] PID: 2888, 110592 bytes
0x04400000 Hidden Image-->ProfileSwitch.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 110592 bytes
0x01A50000 Hidden Image-->PfMgr.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 122880 bytes
0x010A0000 Hidden Image-->esettings.model.computer.dll [ EPROCESS 0x87FC9710 ] PID: 988, 126976 bytes
0x01180000 Hidden Image-->esettings.model.library.dll [ EPROCESS 0x87FC9710 ] PID: 988, 126976 bytes
0x038D0000 Hidden Image-->acer.empowering.windows.forms.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 1331200 bytes
0x04990000 Hidden Image-->eSettings.Presenter.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 143360 bytes
0x04520000 Hidden Image-->ePower_UI.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 1445888 bytes
0x04460000 Hidden Image-->Acer.Empowering.Windows.Forms.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 1511424 bytes
0x05A60000 Hidden Image-->eNet.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 1675264 bytes
0x03DE0000 Hidden Image-->Acer.Empowering.Framework.LaunchBarView.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 1683456 bytes
0x04080000 Hidden Image-->eDSplugin.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 200704 bytes
0x05480000 Hidden Image-->eRecoveryUI.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 2297856 bytes
0x00B40000 Hidden Image-->log4net.dll [ EPROCESS 0x87F27D90 ] PID: 2888, 258048 bytes
0x03C50000 Hidden Image-->ePresentationCTL.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 258048 bytes
0x04AC0000 Hidden Image-->eNetPlugin.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 258048 bytes
0x00F40000 Hidden Image-->log4net.dll [ EPROCESS 0x87FC9710 ] PID: 988, 282624 bytes
0x00940000 Hidden Image-->log4net.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 282624 bytes
0x00A00000 Hidden Image-->eLock.Serv.Interface.dll [ EPROCESS 0x87F27D90 ] PID: 2888, 28672 bytes
0x00830000 Hidden Image-->ServiceInterface.dll [ EPROCESS 0x8803CD90 ] PID: 2060, 28672 bytes
0x00840000 Hidden Image-->IERYETF.dll [ EPROCESS 0x8803CD90 ] PID: 2060, 28672 bytes
0x00D70000 Hidden Image-->Acer.Empowering.Framework.Interface.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 28672 bytes
0x015D0000 Hidden Image-->eLock.Serv.Interface.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 28672 bytes
0x015E0000 Hidden Image-->eLock.Client.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 28672 bytes
0x037B0000 Hidden Image-->ServiceInterface.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 28672 bytes
0x03AB0000 Hidden Image-->ePower_UI.resources.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 28672 bytes
0x00C50000 Hidden Image-->Acer.Empowering.Framework.PasswordSetting.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 36864 bytes
0x041F0000 Hidden Image-->eSettings.Plugin.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 36864 bytes
0x00960000 Hidden Image-->eNetServiceInterface.dll [ EPROCESS 0x87FF90C8 ] PID: 3256, 45056 bytes
0x008E0000 Hidden Image-->MobilityInterface.dll [ EPROCESS 0x88042020 ] PID: 3564, 45056 bytes
0x01370000 Hidden Image-->WMIInterface.dll [ EPROCESS 0x87FB0660 ] PID: 3920, 45056 bytes
0x00F20000 Hidden Image-->esettings.model.computerinterfaces.dll [ EPROCESS 0x87FC9710 ] PID: 988, 45056 bytes
0x017A0000 Hidden Image-->eNetServiceInterface.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 45056 bytes
0x04210000 Hidden Image-->MultiLang.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 45056 bytes
0x00C20000 Hidden Image-->WMIInterface.dll [ EPROCESS 0x880DE4B0 ] PID: 3180, 45056 bytes
0x00C20000 Hidden Image-->acer.empowering.framework.shared.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 45056 bytes
0x04890000 Hidden Image-->eSettings.Model.ComputerInterfaces.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 45056 bytes
0x04B10000 Hidden Image-->MultiLang.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 45056 bytes
0x043C0000 Hidden Image-->ePower_DMC.exe [ EPROCESS 0x87FB0660 ] PID: 3920, 487424 bytes
0x038A0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87FF90C8 ] PID: 3256, 507904 bytes
0x00F10000 Hidden Image-->msvcm80.dll [ EPROCESS 0x88042020 ] PID: 3564, 507904 bytes
0x013A0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87FB0660 ] PID: 3920, 507904 bytes
0x01BE0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 507904 bytes
0x01880000 Hidden Image-->msvcm80.dll [ EPROCESS 0x880DE4B0 ] PID: 3180, 507904 bytes
0x04CE0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 507904 bytes
0x01810000 Hidden Image-->ICmdDispatcher.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 53248 bytes
0x00C30000 Hidden Image-->Acer.Empowering.Framework.Host.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 53248 bytes
0x00B70000 Hidden Image-->Acer.Empowering.Shared.UI.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 61440 bytes
0x00C10000 Hidden Image-->Acer.Empowering.Framework.Presenter.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 61440 bytes
0x009D0000 Hidden Image-->eLock.Serv.Main.dll [ EPROCESS 0x87F27D90 ] PID: 2888, 69632 bytes
0x009A0000 Hidden Image-->Acer.Empowering.Framework.DialogManager.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 69632 bytes
0x04130000 Hidden Image-->eLockCTL.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 733184 bytes
0x01C60000 Hidden Image-->Wlan.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 86016 bytes
0x04750000 Hidden Image-->Diagnosis.dll [ EPROCESS 0x87CC6D90 ] PID: 1452, 94208 bytes
0x048A0000 Hidden Image-->eSettings.View.dll [ EPROCESS 0x87E8A3A0 ] PID: 4056, 978944 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Myy1xqdnhNVmIwwoq9rJHQ--
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Profiles\ate_your_baby\Archive\Messages\goviofturnips\20110117-ate_your_baby.dat
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report0e1bad8e\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1023c89b\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report14ba8bfb\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report12cb30b3\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report12cb30b3\WER2C90.tmp.mdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report12cb30b3\WER6CD9.tmp.version.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report12cb30b3\WER6CDA.tmp.hdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report154badce\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report154badce\WERA864.tmp.mdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report154badce\WERC583.tmp.version.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report154badce\WERC5A3.tmp.hdmp
!-->[Hidden] C:\ProgramData\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Users\staples\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0a239de7\Report.wer
!-->[Hidden] C:\Users\staples\AppData\Local\Temp\ymsE5C0.tmp
!-->[Hidden] C:\Users\staples\AppData\Local\Temp\ymsE5C1.tmp
!-->[Hidden] C:\Users\staples\AppData\Local\Temp\ymsE5C2.tmp
!-->[Hidden] C:\Users\staples\AppData\Local\Temp\ymsE5C3.tmp
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K89LP3KL\cdn1.telemetryverification.net\dbg.sol
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn1.telemetryverification.net\settings.sol
!-->[Hidden] C:\Windows\Temp\TMP000001F9DF653CF89C0FB083
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0009135E, Type: Inline - RelativeJump 0x81C9135E-->81C91365 [ntkrnlpa.exe]
[1128]svchost.exe-->mswsock.dll+0x00002479, Type: Inline - RelativeJump 0x75092479-->00000000 [unknown_code_page]
[1128]svchost.exe-->mswsock.dll+0x00003DCE, Type: Inline - RelativeJump 0x75093DCE-->00000000 [unknown_code_page]
[1128]svchost.exe-->mswsock.dll+0x000040A3, Type: Inline - RelativeJump 0x750940A3-->00000000 [unknown_code_page]
[1128]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77380E88-->00000000 [unknown_code_page]
[1128]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7737FD74-->00000000 [unknown_code_page]
[1128]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x773806F4-->00000000 [unknown_code_page]
[1128]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7707C664-->00000000 [unknown_code_page]
[1336]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]
[1336]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[1336]explorer.exe-->mswsock.dll+0x00002479, Type: Inline - RelativeJump 0x75092479-->00000000 [unknown_code_page]
[1336]explorer.exe-->mswsock.dll+0x00003DCE, Type: Inline - RelativeJump 0x75093DCE-->00000000 [unknown_code_page]
[1336]explorer.exe-->mswsock.dll+0x000040A3, Type: Inline - RelativeJump 0x750940A3-->00000000 [unknown_code_page]
[1336]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77380E88-->00000000 [unknown_code_page]
[1336]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7737FD74-->00000000 [unknown_code_page]
[1336]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x773806F4-->00000000 [unknown_code_page]
[1336]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]
[1336]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]
[1452]eNMTray.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]
[1452]eNMTray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[1452]eNMTray.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x00418030-->00000000 [AcLayers.dll]
[1452]eNMTray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]
[1452]eNMTray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]
[1452]eNMTray.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[1452]eNMTray.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C9F11E8-->00000000 [shimeng.dll]
[1992]eRAgent.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]
[1992]eRAgent.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[1992]eRAgent.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x004402C4-->00000000 [AcLayers.dll]
[1992]eRAgent.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0044031C-->00000000 [shimeng.dll]
[1992]eRAgent.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]
[1992]eRAgent.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]
[1992]eRAgent.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[2128]LaunchAp.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]
[2128]LaunchAp.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[2128]LaunchAp.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]
[2128]LaunchAp.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]
[2128]LaunchAp.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[2128]LaunchAp.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C9F11E8-->00000000 [shimeng.dll]
[2868]YahooMessenger.exe-->gdi32.dll-->GetStockObject, Type: IAT modification 0x006DE0F4-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B71118-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B7110C-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x006DE3BC-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x006DE244-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x006DE28C-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x006DE1CC-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x15D23660-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x15D234D0-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x15D23278-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x15D2343C-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x15D23AB8-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x15D23A44-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x15D239E4-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x15D2399C-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x15D23908-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x15D23708-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x006DEA34-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x77D61454-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x006DEA30-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x006DEAFC-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D6123C-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D61148-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D612F4-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x006DEBD4-->00000000 [yui.dll]
[2868]YahooMessenger.exe-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x006DEC58-->00000000 [yui.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x0047C034-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x0047C024-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x0047C008-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x0047C010-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegEnumKeyExW, Type: IAT modification 0x0047C01C-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegEnumKeyW, Type: IAT modification 0x0047C03C-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0047C000-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegOpenKeyW, Type: IAT modification 0x0047C030-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x0047C018-->00000000 [AcGenral.dll]
[3120]AudibleDownloadHelper.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[3120]AudibleDownloadHelper.exe-->kernel32.dll-->FindResourceA, Type: Inline - RelativeJump 0x75BF93BB-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->kernel32.dll-->FindResourceW, Type: Inline - RelativeJump 0x75C033FE-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0047C35C-->00000000 [shimeng.dll]
[3120]AudibleDownloadHelper.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6DD81224-->00000000 [shimeng.dll]
[3120]AudibleDownloadHelper.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]
[3120]AudibleDownloadHelper.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x77064F38-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x7709A500-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]
[3120]AudibleDownloadHelper.exe-->user32.dll-->LoadBitmapA, Type: Inline - RelativeJump 0x7706BEC0-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->LoadBitmapW, Type: Inline - RelativeJump 0x7706C970-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->LoadIconA, Type: Inline - RelativeJump 0x7706F2E3-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->LoadIconW, Type: Inline - RelativeJump 0x770786E0-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->LoadMenuA, Type: Inline - RelativeJump 0x7708676D-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->LoadMenuW, Type: Inline - RelativeJump 0x77070216-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->LoadStringA, Type: Inline - RelativeJump 0x7706C63D-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->user32.dll-->LoadStringW, Type: Inline - RelativeJump 0x7707ACA3-->00000000 [AudibleDownloadHelper.exe]
[3120]AudibleDownloadHelper.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[3120]AudibleDownloadHelper.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C9F11E8-->00000000 [shimeng.dll]
[3180]ePower_DMC.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]
[3180]ePower_DMC.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[3180]ePower_DMC.exe-->kernel32.dll-->CreateProcessA, Type: IAT modification 0x0041A048-->00000000 [AcLayers.dll]
[3180]ePower_DMC.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0041A100-->00000000 [shimeng.dll]
[3180]ePower_DMC.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]
[3180]ePower_DMC.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]
[3180]ePower_DMC.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[3180]ePower_DMC.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C9F11E8-->00000000 [shimeng.dll]
[4920]client.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]
[4920]client.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x005AF008-->00000000 [AcLayers.dll]
[4920]client.exe-->advapi32.dll-->RegOpenKeyA, Type: IAT modification 0x005AF000-->00000000 [AcLayers.dll]
[4920]client.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x005AF010-->00000000 [AcLayers.dll]
[4920]client.exe-->advapi32.dll-->RegQueryValueExA, Type: IAT modification 0x005AF004-->00000000 [AcLayers.dll]
[4920]client.exe-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x005AF00C-->00000000 [AcLayers.dll]
[4920]client.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[4920]client.exe-->kernel32.dll-->CompareStringA, Type: IAT modification 0x005AF1FC-->00000000 [AcGenral.dll]
[4920]client.exe-->kernel32.dll-->CompareStringW, Type: IAT modification 0x005AF200-->00000000 [AcGenral.dll]
[4920]client.exe-->kernel32.dll-->CreateProcessA, Type: IAT modification 0x005AF190-->00000000 [AcLayers.dll]
[4920]client.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x005AF14C-->00000000 [shimeng.dll]
[4920]client.exe-->kernel32.dll-->GetVersion, Type: IAT modification 0x005AF20C-->00000000 [AcLayers.dll]
[4920]client.exe-->kernel32.dll-->GetVersionExA, Type: IAT modification 0x005AF224-->00000000 [AcLayers.dll]
[4920]client.exe-->kernel32.dll-->GlobalMemoryStatus, Type: IAT modification 0x005AF1A0-->00000000 [AcLayers.dll]
[4920]client.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6DD81224-->00000000 [shimeng.dll]
[4920]client.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]
[4920]client.exe-->shell32.dll-->kernel32.dll-->GetVersion, Type: IAT modification 0x15D23478-->00000000 [AcLayers.dll]
[4920]client.exe-->shell32.dll-->kernel32.dll-->GetVersionExA, Type: IAT modification 0x15D231F8-->00000000 [AcLayers.dll]
[4920]client.exe-->shell32.dll-->kernel32.dll-->GetVersionExW, Type: IAT modification 0x15D2344C-->00000000 [AcLayers.dll]
[4920]client.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]
[4920]client.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[4920]client.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C9F11E8-->00000000 [shimeng.dll]
Haystack
Regular Member
 
Posts: 18
Joined: January 14th, 2011, 1:47 am

Re: Malware Suppressing Web Access

Unread postby deltalima » January 18th, 2011, 10:07 am

Hi Haystack,

Have you installed Malwarebytes since you posted the HijackThis log?

If so please post the log from the first scan that you did.

Retrieve Malwarebytes Anti-Malware (MBAM) Log(s)
There is a need to see a scan log from a previous run of MBAM, please do the following:
  1. Start MBAM... click the Logs tab at the top.
    The log will be named by the date & time of scan in the following format: mbam-log-yyyy-mm-dd (time).txt
    If you have had multiple runs of MBAM, there may be several logs showing in the list.
  2. Click on the first (oldest) log name to highlight it... then click the Open button, at bottom left. The log should open in Notepad as a text file.
  3. Please copy and paste the entire mbam-log-yyyy-mm-dd (time).txt file in your next reply.
    Be sure to post the complete log... including the top portion showing MBAM's database version and your operating system.
  4. Exit MBAM when done.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Right click the TDSSKiller icon on you're desktop and select: Run as Administrator. then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Suppressing Web Access

Unread postby Haystack » January 18th, 2011, 10:42 am

TDSS found something, and Chrome seems to be working now.

I used MBAM just prior to posting. I haven't been running subsequent scans since working with you. The 1/13 log and the TDSS Killer log follow:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5517

Windows 6.0.6000
Internet Explorer 7.0.6000.16809

1/13/2011 11:40:46 PM
mbam-log-2011-01-13 (23-40-46).txt

Scan type: Quick scan
Objects scanned: 157978
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2011/01/18 09:13:38.0473 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/18 09:13:38.0474 ================================================================================
2011/01/18 09:13:38.0474 SystemInfo:
2011/01/18 09:13:38.0474
2011/01/18 09:13:38.0474 OS Version: 6.0.6000 ServicePack: 0.0
2011/01/18 09:13:38.0474 Product type: Workstation
2011/01/18 09:13:38.0474 ComputerName: WALTERLAPTOP
2011/01/18 09:13:38.0475 UserName: staples
2011/01/18 09:13:38.0475 Windows directory: C:\Windows
2011/01/18 09:13:38.0475 System windows directory: C:\Windows
2011/01/18 09:13:38.0475 Processor architecture: Intel x86
2011/01/18 09:13:38.0475 Number of processors: 2
2011/01/18 09:13:38.0475 Page size: 0x1000
2011/01/18 09:13:38.0476 Boot type: Normal boot
2011/01/18 09:13:38.0476 ================================================================================
2011/01/18 09:13:39.0715 Initialize success
2011/01/18 09:13:56.0260 ================================================================================
2011/01/18 09:13:56.0260 Scan started
2011/01/18 09:13:56.0260 Mode: Manual;
2011/01/18 09:13:56.0260 ================================================================================
2011/01/18 09:13:57.0753 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/01/18 09:13:57.0855 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/01/18 09:13:57.0987 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/01/18 09:13:58.0097 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/01/18 09:13:58.0182 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/01/18 09:13:58.0316 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/01/18 09:13:58.0924 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/01/18 09:13:59.0150 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/18 09:13:59.0313 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/01/18 09:13:59.0397 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/18 09:13:59.0465 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/01/18 09:13:59.0521 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/01/18 09:13:59.0578 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/01/18 09:13:59.0739 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/01/18 09:13:59.0788 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/01/18 09:13:59.0979 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/01/18 09:14:00.0061 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/01/18 09:14:00.0148 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/18 09:14:00.0267 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/01/18 09:14:00.0361 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
2011/01/18 09:14:00.0581 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/01/18 09:14:00.0683 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/18 09:14:00.0743 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/18 09:14:00.0861 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/18 09:14:00.0971 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/18 09:14:01.0026 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/18 09:14:01.0165 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/18 09:14:01.0218 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/18 09:14:01.0288 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/18 09:14:01.0342 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/18 09:14:01.0510 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/18 09:14:01.0605 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/01/18 09:14:01.0742 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/01/18 09:14:01.0902 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/18 09:14:02.0062 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/01/18 09:14:02.0136 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/18 09:14:02.0173 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/01/18 09:14:02.0230 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/01/18 09:14:02.0393 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/01/18 09:14:02.0635 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/01/18 09:14:02.0754 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/01/18 09:14:02.0896 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/18 09:14:03.0083 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/18 09:14:03.0180 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/01/18 09:14:03.0439 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/01/18 09:14:03.0707 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/01/18 09:14:03.0768 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/18 09:14:03.0807 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/01/18 09:14:03.0848 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/01/18 09:14:03.0887 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/18 09:14:04.0012 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/01/18 09:14:04.0088 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/18 09:14:04.0137 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/18 09:14:04.0314 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/01/18 09:14:04.0397 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/01/18 09:14:04.0560 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/18 09:14:04.0632 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/18 09:14:04.0784 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/18 09:14:04.0834 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/18 09:14:04.0909 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/01/18 09:14:05.0018 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/01/18 09:14:05.0067 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/01/18 09:14:05.0172 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/01/18 09:14:05.0289 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/18 09:14:05.0459 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/01/18 09:14:05.0651 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/01/18 09:14:05.0882 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/01/18 09:14:06.0100 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/18 09:14:06.0236 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/01/18 09:14:06.0512 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
2011/01/18 09:14:06.0679 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2011/01/18 09:14:06.0772 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/18 09:14:06.0944 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/18 09:14:07.0031 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/18 09:14:07.0523 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/18 09:14:07.0653 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/01/18 09:14:07.0709 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/01/18 09:14:07.0774 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/18 09:14:07.0829 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/18 09:14:07.0950 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/18 09:14:08.0029 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/18 09:14:08.0136 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/01/18 09:14:08.0278 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/18 09:14:08.0463 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/18 09:14:08.0556 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/18 09:14:08.0608 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/18 09:14:08.0646 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/18 09:14:08.0759 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/01/18 09:14:08.0867 LVUSBSta (5bf07be99a4ef59ff80ef2be7db845cf) C:\Windows\system32\drivers\lvusbsta.sys
2011/01/18 09:14:08.0949 LVUVC (26a5b47c04e03f4e8a1d9cb600fc6860) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/01/18 09:14:09.0194 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
2011/01/18 09:14:09.0271 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/01/18 09:14:09.0429 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/01/18 09:14:09.0530 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/18 09:14:09.0677 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/18 09:14:09.0728 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/18 09:14:09.0778 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/01/18 09:14:10.0020 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/01/18 09:14:10.0118 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/01/18 09:14:10.0270 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/01/18 09:14:10.0356 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/18 09:14:10.0434 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/18 09:14:10.0580 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/01/18 09:14:10.0624 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/18 09:14:10.0684 mrxsmb10 (2bbd3970018270d2c6a0b069f568154e) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/18 09:14:10.0722 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/18 09:14:10.0784 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/01/18 09:14:10.0937 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/01/18 09:14:10.0998 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/01/18 09:14:11.0077 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/01/18 09:14:11.0218 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/18 09:14:11.0343 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/18 09:14:11.0380 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/01/18 09:14:11.0498 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/01/18 09:14:11.0553 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/18 09:14:11.0610 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/01/18 09:14:11.0658 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/01/18 09:14:11.0822 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/18 09:14:11.0914 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/01/18 09:14:12.0093 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/18 09:14:12.0143 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/18 09:14:12.0194 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/18 09:14:12.0312 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/01/18 09:14:12.0370 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/18 09:14:12.0420 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/18 09:14:12.0650 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/01/18 09:14:12.0983 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/01/18 09:14:13.0436 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/01/18 09:14:13.0688 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/18 09:14:13.0816 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/01/18 09:14:13.0959 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/18 09:14:14.0050 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/01/18 09:14:14.0193 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/01/18 09:14:14.0264 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/18 09:14:14.0522 NuidFltr (e8717d9b0d1919cadafd8896a8e23e17) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/01/18 09:14:14.0621 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/01/18 09:14:14.0772 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/01/18 09:14:14.0840 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/01/18 09:14:14.0933 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/01/18 09:14:15.0337 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/01/18 09:14:15.0466 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/18 09:14:15.0634 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/01/18 09:14:15.0688 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/18 09:14:15.0781 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/01/18 09:14:15.0916 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/01/18 09:14:16.0009 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/18 09:14:16.0130 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/18 09:14:16.0652 PortTalk (7d5a2d755b6c6579f63657b527d6ff1b) C:\Windows\system32\Drivers\PortTalk.sys
2011/01/18 09:14:16.0802 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/18 09:14:16.0863 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/01/18 09:14:16.0970 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/18 09:14:17.0126 PSDFilter (c2821f33b846a52fdc25ff554acf11f2) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/01/18 09:14:17.0160 PSDNServ (28d3a91fe7791b970e6b15c88f98dfbd) C:\Windows\system32\drivers\PSDNServ.sys
2011/01/18 09:14:17.0208 psdvdisk (3a66f69459052de13ef8a0f77d728a73) C:\Windows\system32\drivers\psdvdisk.sys
2011/01/18 09:14:17.0310 PTSimBus (688983e03c0d82b2efa1db89792c4c6c) C:\Windows\system32\DRIVERS\PTSimBus.sys
2011/01/18 09:14:17.0433 PTSimHid (fdc1a2e536b5cbce1c2245cd5ad910eb) C:\Windows\system32\DRIVERS\PTSimHid.sys
2011/01/18 09:14:17.0526 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/01/18 09:14:17.0681 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/18 09:14:17.0747 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/18 09:14:17.0790 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/18 09:14:17.0855 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/18 09:14:17.0993 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/18 09:14:18.0045 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/18 09:14:18.0091 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/18 09:14:18.0169 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/01/18 09:14:18.0293 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/18 09:14:18.0349 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/01/18 09:14:18.0475 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/01/18 09:14:18.0609 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/18 09:14:18.0714 RTL8169 (53892cbd9735a80712ee9439268344b4) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/01/18 09:14:18.0846 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/18 09:14:18.0984 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/18 09:14:19.0110 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/18 09:14:19.0205 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/18 09:14:19.0269 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/18 09:14:19.0419 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/01/18 09:14:19.0523 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/01/18 09:14:19.0583 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/18 09:14:19.0764 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/18 09:14:19.0823 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/18 09:14:19.0899 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/01/18 09:14:19.0944 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/01/18 09:14:20.0127 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/01/18 09:14:20.0188 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/01/18 09:14:20.0246 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/01/18 09:14:20.0440 srv (c962e98179e54b769028c025c7e470a5) C:\Windows\system32\DRIVERS\srv.sys
2011/01/18 09:14:20.0530 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/18 09:14:20.0613 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/18 09:14:20.0726 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/18 09:14:20.0779 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/18 09:14:20.0817 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/18 09:14:20.0954 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/18 09:14:21.0094 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/18 09:14:21.0303 TClass2k (1b3c28d36e669deeb39331255a3feeeb) C:\Windows\system32\DRIVERS\TClass2k.sys
2011/01/18 09:14:21.0406 Tcpip (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\drivers\tcpip.sys
2011/01/18 09:14:21.0540 Tcpip6 (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/18 09:14:21.0854 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/18 09:14:22.0275 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/01/18 09:14:22.0415 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/18 09:14:22.0450 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/18 09:14:22.0491 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/18 09:14:22.0550 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
2011/01/18 09:14:22.0597 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/18 09:14:22.0689 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/18 09:14:22.0799 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/18 09:14:22.0851 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/01/18 09:14:22.0911 UCTblHid (adfa2e999bd2ddf89187dcbf0e3dd404) C:\Windows\system32\DRIVERS\UCTblHid.sys
2011/01/18 09:14:22.0968 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/18 09:14:23.0074 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/18 09:14:23.0238 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/01/18 09:14:23.0289 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/18 09:14:23.0422 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/18 09:14:23.0469 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/18 09:14:23.0597 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/01/18 09:14:23.0753 usbccgp (0adb101083dfa5039b1e65fb36551ab1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/18 09:14:23.0813 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/18 09:14:23.0874 usbehci (0e3c51bafaa9e00a870ed20adfdc28e7) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/18 09:14:24.0021 usbhub (ec74d1322d1fbff709bdcbe20c703e1b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/18 09:14:24.0097 usbohci (9b3063d4affeb2db74984a7be2f9181a) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/18 09:14:24.0170 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/18 09:14:24.0333 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/18 09:14:24.0397 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/18 09:14:24.0457 usbuhci (c6b35b6c43751867d95752f1c5c8a3f2) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/18 09:14:24.0577 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/18 09:14:24.0664 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/18 09:14:24.0688 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/01/18 09:14:24.0748 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/01/18 09:14:24.0819 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/01/18 09:14:24.0951 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/01/18 09:14:24.0981 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/01/18 09:14:25.0022 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/01/18 09:14:25.0230 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/01/18 09:14:25.0319 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/01/18 09:14:25.0508 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/18 09:14:25.0573 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/18 09:14:25.0623 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/18 09:14:25.0687 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/01/18 09:14:25.0847 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/18 09:14:26.0136 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/18 09:14:26.0261 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/01/18 09:14:26.0384 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/18 09:14:26.0471 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/18 09:14:26.0584 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/18 09:14:26.0592 ================================================================================
2011/01/18 09:14:26.0592 Scan finished
2011/01/18 09:14:26.0592 ================================================================================
2011/01/18 09:14:26.0608 Detected object count: 1
2011/01/18 09:14:55.0812 \HardDisk0 - will be cured after reboot
2011/01/18 09:14:55.0813 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/18 09:15:36.0905 Deinitialize success
Haystack
Regular Member
 
Posts: 18
Joined: January 14th, 2011, 1:47 am

Re: Malware Suppressing Web Access

Unread postby deltalima » January 18th, 2011, 10:48 am

Hi Haystack,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0
    :commands
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware Suppressing Web Access

Unread postby Haystack » January 18th, 2011, 7:58 pm

I ran the script. However, no report came up after the reboot, and I don't see a new log file on my desktop.

MS Security Essentials is now detecting "Trojan:DOS/Alureon.A"
Haystack
Regular Member
 
Posts: 18
Joined: January 14th, 2011, 1:47 am

Re: Malware Suppressing Web Access

Unread postby deltalima » January 19th, 2011, 5:21 am

Hi Haystack,

I ran the script. However, no report came up after the reboot, and I don't see a new log file on my desktop.


Please check in the folder C:\_OTL\MovedFiles there should be a log file named something like 01192011_091059.log. Please open the log in notepad then copy and paste the contents into your next reply.

MS Security Essentials is now detecting "Trojan:DOS/Alureon.A"


Please post a sample from the log showing what file is being detected.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware