Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help

Unread postby larnault » January 7th, 2012, 5:46 am

Hello my name is lloyd i just got this computer from a family meber that they didnt need anymore i have had it for a couple weeks and today alot of errors popped up and things have been deleted off the desktop so i had to switch users also it is redircting me to other websites all the time so when i went to run the dds scan it wouldnt do it the first time i had to start back up in safe mode thank you in advance here are mt log files

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Kristin Hilder at 1:33:46 on 2012-01-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.1160 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Acer Tour Reminder]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Acer Tour]
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Skytel] Skytel.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\users\kristi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/re ... den-ca.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v ... b56649.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4B1B34E4-71E1-4746-ACA8-E39FFCE6A4EF} : DhcpNameServer = 192.168.0.1
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2007-12-1 269448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-07 07:59:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4d38069f-632d-453d-82cb-c75d9f1cc0bc}\offreg.dll
2012-01-07 07:56:01 353024 ---ha-w- c:\programdata\nf6fQzPVwJJcRX.exe
2012-01-07 07:53:32 446720 ---ha-w- c:\programdata\eFnStcmpnllsRFa.exe
2012-01-06 23:42:24 -------- d-----w- c:\program files\DivX
2012-01-06 23:42:24 -------- d-----w- c:\program files\common files\DivX Shared
2012-01-06 22:48:28 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4d38069f-632d-453d-82cb-c75d9f1cc0bc}\mpengine.dll
2011-12-30 01:50:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-30 00:38:25 -------- d-----w- c:\program files\CCleaner
2011-12-29 08:00:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-29 08:00:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-29 07:59:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-29 07:59:54 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 07:59:52 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-29 07:59:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-29 07:59:43 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-29 07:54:50 -------- d-----w- c:\program files\iPod
2011-12-29 07:54:39 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-29 07:54:39 -------- d-----w- c:\program files\iTunes
2011-12-29 07:50:44 -------- d-----w- c:\program files\Bonjour
2011-12-29 07:43:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-08 20:41:13 -------- d--h--w- c:\programdata\Samsung
2011-12-08 20:41:05 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ssp3mpc.dll
.
==================== Find3M ====================
.
.
============= FINISH: 1:40:59.96 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/29/2008 9:04:09 AM
System Uptime: 1/7/2012 1:31:39 AM (0 hours ago)
.
Motherboard: ACER | | MCP73
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | SOCKET775 M/B | 1799/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 58.966 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 111.066 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer HomeMedia
Acer HomeMedia Connect
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer Tour
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Catalyst Install Manager
Bonjour
Bookworm Adventures Fractured Fairytales
Brother HL-2140
CCleaner
DivX Web Player
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V350 Photo Scanner Driver Update
EPSON Perfection V350P User's Guide
EPSON Scan
EPSON Scan Assistant
eSobi v2
FujiFilm Photo Viewer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
LightScribe 1.4.142.1
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Smart Menus (Windows Live Toolbar)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
WinRAR 4.10 beta 5 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
1/7/2012 12:00:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
1/7/2012 1:33:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt spldr Wanarpv6
1/7/2012 1:33:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2012 1:33:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/7/2012 1:33:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/7/2012 1:33:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/7/2012 1:33:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/7/2012 1:32:17 AM, Error: EventLog [6008] - The previous system shutdown at 12:53:36 AM on 1/7/2012 was unexpected.
1/7/2012 1:32:01 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
1/7/2012 1:31:42 AM, Error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
1/7/2012 1:31:42 AM, Error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
1/3/2012 7:22:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
larnault
Active Member
 
Posts: 10
Joined: January 7th, 2012, 4:36 am
Advertisement
Register to Remove

Re: help

Unread postby askey127 » January 9th, 2012, 7:26 pm

Hi larnault,
Your computer has a lot of problems.
It's not clear whether it can be saved using online methods.
We are going to first try to fix a serious hard drive problem, then install a new Antivirus if that's successful.
Let's get started.
-----------------------------------------------------------
Hard Disk Repair
IF Chkdsk has found any errors having to do with bad sectors in your file system, or if it reports that it cannot continue in Read-Only Mode, it needs to run a different sequence on reboot to do repairs. It can't repair the file system while Windows is running.
DO NOT START THIS SEQUENCE UNLESS YOU CAN DO WITHOUT THE MACHINE FOR AN HOUR OR TWO. It may not take very long , but could, depending on the number of files and folders.
It will not relinquish control until it is done. You cannot stop it, and it would be a BIG mistake to pull the plug.

  1. Open Notepad... then copy and paste the following into Notepad:
    Code: Select all
    cmd  /c  chkdsk  c: /F
  2. Now Save the NotePad file like this:
    • Click on File from the top menu bar.
    • Select Save As, use Filename: fixhd.bat. and Save As Type: All Files.
    • Choose Desktop as the location
    • Click Save.
  3. Right click on fixhd.bat on your desktop and select Run As Administrator to run it.
  4. You will get a message that the volume is locked, with a request to do the repair on Reboot. Answer Y
  5. Click Continue at the UAC prompt.
Go to Start, Turn Off Computer and choose Reboot
It will scan again when it boots up and make the repairs as the first part of the reboot process.
-----------------------------------------------------------
Check Hard Disk For Errors
Right click on testhd.bat on your desktop and select Run As Administrator to run it.
Click Continue at the UAC prompt.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the new checkhd.txt file from your desktop.
If it's very long, just post the last 30-50 lines.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: help

Unread postby larnault » January 9th, 2012, 8:27 pm

Hello i did the first part until you told me to right click on testhd.bat it is not on my desktop also there was not a text file after the first part
larnault
Active Member
 
Posts: 10
Joined: January 7th, 2012, 4:36 am

Re: help

Unread postby askey127 » January 9th, 2012, 9:10 pm

That means you were not able to follow exactly the set of things here:
Now Save the NotePad file like this:

Click on File from the top menu bar.
Select Save As, use Filename: fixhd.bat. and Save As Type: All Files.
Choose Desktop as the location
Click Save.

Try the whole thing again.
Make sure you use File, Save As so you can save it to your desktop.
Let me know how it goes.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: help

Unread postby larnault » January 10th, 2012, 12:39 am

ok so i have done it step by step and each time when it says volume is locked i hit y go to restart and black screen comes up it does a disk check than windows comes up and there isn't anything new on the desktop
larnault
Active Member
 
Posts: 10
Joined: January 7th, 2012, 4:36 am

Re: help

Unread postby askey127 » January 10th, 2012, 6:59 am

larnault,
You are quite correct. That's my fault. Sorry.
We need to do this one next:
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: help

Unread postby larnault » January 10th, 2012, 7:11 am

okay here is the checkhd.txt


The type of the file system is NTFS.
Volume label is ACER.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
797 large file records processed.

0 bad file records processed.

0 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
26432 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

117116927 KB total disk space.
57586308 KB in 143213 files.
87124 KB in 26433 indexes.
0 KB in bad sectors.
285583 KB in use by the system.
65536 KB occupied by the log file.
59157912 KB available on disk.

4096 bytes in each allocation unit.
29279231 total allocation units on disk.
14789478 allocation units available on disk.
larnault
Active Member
 
Posts: 10
Joined: January 7th, 2012, 4:36 am

Re: help

Unread postby askey127 » January 10th, 2012, 7:22 am

larnault,
That's better.
Let's see if we can get both of these programs to run.
----------------------------------------------
Security Application Check:
Please download and save SecurityCheck.exe to your Desktop from one of the links below.
Link 1
Link 2
  • Right-click on SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box and let it run.
  • After a bit, a Notepad document should open automatically called checkup.txt
  • Please copy and paste the contents of that document in your next reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

In the best case, we are looking for the contents of checkup.txt from the Security application, and the two logs from OTL. Use separate replies if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: help

Unread postby larnault » January 10th, 2012, 7:45 am

ok here they are

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````


OTL logfile created on: 1/10/2012 3:36:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\BC Native Housing\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 62.52% Memory free
3.74 Gb Paging File | 2.26 Gb Available in Paging File | 60.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 56.52 Gb Free Space | 50.60% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 111.07 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

Computer Name: BCNATIVEHOUS-PC | User Name: BC Native Housing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 03:25:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BC Native Housing\Desktop\OTL.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/07 14:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007/10/11 10:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/07 17:23:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/09/07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007/09/06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/07/31 19:37:34 | 000,815,104 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2007/07/23 17:45:48 | 000,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2007/06/21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/04/16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/10/12 14:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 12:15:32 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/11/17 12:13:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/11/17 12:13:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/11/17 12:12:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/11/17 12:10:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/11/17 12:10:38 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/11/17 12:10:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/11/17 12:09:00 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/11/17 12:08:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2007/09/07 17:23:08 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007/08/29 10:35:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007/04/25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007/04/25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007/04/16 18:48:18 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
MOD - [2007/04/16 18:47:42 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
MOD - [2007/04/16 18:47:40 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
MOD - [2007/04/16 18:47:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
MOD - [2007/04/16 18:47:34 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
MOD - [2007/04/16 18:47:32 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll
MOD - [2007/02/13 05:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2005/06/28 12:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - [2010/07/22 13:25:53 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/12/21 09:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/07 23:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/12/07 23:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/09/10 10:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/07/07 05:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/07/02 18:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2012/01/06 15:40:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\BC Native Housing\AppData\Roaming\Mozilla\Extensions
[2012/01/06 15:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BC Native Housing\AppData\Roaming\Mozilla\Firefox\Profiles\q14tums4.default\extensions
[2012/01/06 15:42:58 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\BC Native Housing\AppData\Roaming\Mozilla\Firefox\Profiles\q14tums4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/06 15:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/20 20:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 20:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4051198292-3032509420-350528711-1000..\Run: [Acer Tour Reminder] File not found
O4 - HKU\S-1-5-21-4051198292-3032509420-350528711-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/re ... den-ca.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b56649.cab (MSN Games - Installer)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B1B34E4-71E1-4746-ACA8-E39FFCE6A4EF}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 03:25:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\BC Native Housing\Desktop\OTL.exe
[2012/01/09 02:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/01/09 02:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/01/06 15:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/06 15:40:05 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Local\Mozilla
[2012/01/06 15:40:04 | 000,000,000 | ---D | C] -- C:\Users\BC Native Housing\AppData\Roaming\Mozilla
[2012/01/06 15:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/02 23:16:09 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\Desktop\Eminem - The Slim Shady LP (1999) SleazyFlix.com
[2012/01/02 23:15:42 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Roaming\WinRAR
[2012/01/02 23:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/01 00:53:49 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/01 00:53:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/01 00:53:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/01 00:53:48 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/01 00:53:48 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/01 00:53:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/01 00:53:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/01 00:53:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/01 00:53:48 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/01 00:53:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/01 00:53:47 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/01 00:53:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/01 00:53:47 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/01 00:53:47 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/01 00:53:47 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/01 00:53:47 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/01 00:53:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/01 00:53:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/01 00:53:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/01 00:53:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/01 00:53:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/01 00:53:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/01 00:53:47 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/01 00:53:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/01 00:53:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/01 00:53:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/01 00:53:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/01 00:53:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/01 00:53:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/01 00:53:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/01 00:53:45 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/01 00:53:45 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/01 00:53:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/01 00:53:45 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/01 00:53:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/01 00:53:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/01 00:53:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/29 17:50:46 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/12/29 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/29 16:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/29 00:00:00 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/29 00:00:00 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/28 23:59:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/28 23:59:54 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/28 23:59:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/28 23:59:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/28 23:57:32 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Local\Apple Computer
[2011/12/28 23:57:31 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Roaming\Apple Computer
[2011/12/28 23:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/28 23:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/28 23:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/28 23:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/28 23:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/28 23:53:34 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Local\Apple
[2011/12/28 23:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/28 23:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/28 23:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/12/28 23:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/12/28 23:48:21 | 069,341,552 | ---- | C] (Apple Inc.) -- C:\Users\BC Native Housing\Documents\iTunesSetup.exe
[2011/12/28 23:43:12 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2008/04/29 08:20:04 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/12/01 11:44:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 03:32:18 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 03:32:18 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 03:25:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BC Native Housing\Desktop\OTL.exe
[2012/01/10 03:25:15 | 000,879,683 | ---- | M] () -- C:\Users\BC Native Housing\Desktop\SecurityCheck.exe
[2012/01/10 03:04:52 | 000,000,081 | ---- | M] () -- C:\Users\BC Native Housing\Desktop\testhd.bat
[2012/01/09 22:48:31 | 000,033,479 | ---- | M] () -- C:\Users\BC Native Housing\Desktop\148273_10150107582681111_659406110_7957728_2121788_n.jpg
[2012/01/09 19:54:27 | 000,000,302 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/01/09 19:38:39 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/09 19:38:39 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/09 19:32:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 19:32:12 | 1878,233,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 19:26:42 | 000,000,022 | ---- | M] () -- C:\Users\BC Native Housing\Desktop\fixhd.bat
[2012/01/09 17:20:04 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/01/09 17:20:04 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD5250DN.DAT
[2012/01/09 03:24:06 | 000,014,250 | -HS- | M] () -- C:\ProgramData\26ckdt20p303tb1mc3dbj50t0e1i33216uat0541i3ej65
[2012/01/07 02:17:14 | 000,012,860 | -HS- | M] () -- C:\ProgramData\yr0356ub4lmo77i46y761xn8t6m7gypyp437cyjt0k12ra
[2012/01/07 00:15:18 | 000,000,408 | -H-- | M] () -- C:\ProgramData\nf6fQzPVwJJcRX
[2012/01/07 00:15:10 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~nf6fQzPVwJJcRX
[2012/01/07 00:15:10 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~nf6fQzPVwJJcRXr
[2012/01/01 01:07:07 | 000,000,947 | ---- | M] () -- C:\Users\BC Native Housing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/01 01:05:20 | 000,347,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/01 00:54:13 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/01/01 00:54:13 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/01/01 00:53:49 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/01 00:53:49 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/01 00:53:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/01 00:53:48 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/01 00:53:48 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/01 00:53:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/01 00:53:48 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/01 00:53:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/01 00:53:48 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/01 00:53:48 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/01 00:53:47 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/01 00:53:47 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/01 00:53:47 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/01 00:53:47 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/01 00:53:47 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/01 00:53:47 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/01 00:53:47 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/01 00:53:47 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/01 00:53:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/01 00:53:47 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/01 00:53:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/01 00:53:47 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/01 00:53:47 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/01 00:53:47 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/01 00:53:47 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/01 00:53:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/01 00:53:46 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/01 00:53:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/01 00:53:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/01 00:53:46 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/01 00:53:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/01 00:53:45 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/01 00:53:45 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/01 00:53:45 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/01 00:53:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/01 00:53:45 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/01 00:53:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/01 00:53:45 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/29 16:44:13 | 000,000,775 | ---- | M] () -- C:\Users\BC Native Housing\Documents\My Sharing Folders.lnk
[2011/12/29 16:38:26 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/28 23:56:35 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/28 23:48:49 | 069,341,552 | ---- | M] (Apple Inc.) -- C:\Users\BC Native Housing\Documents\iTunesSetup.exe
[2011/12/28 23:43:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/10 03:25:14 | 000,879,683 | ---- | C] () -- C:\Users\BC Native Housing\Desktop\SecurityCheck.exe
[2012/01/10 03:04:51 | 000,000,081 | ---- | C] () -- C:\Users\BC Native Housing\Desktop\testhd.bat
[2012/01/09 22:49:14 | 000,033,479 | ---- | C] () -- C:\Users\BC Native Housing\Desktop\148273_10150107582681111_659406110_7957728_2121788_n.jpg
[2012/01/09 17:26:45 | 000,000,022 | ---- | C] () -- C:\Users\BC Native Housing\Desktop\fixhd.bat
[2012/01/09 03:22:00 | 000,014,250 | -HS- | C] () -- C:\ProgramData\26ckdt20p303tb1mc3dbj50t0e1i33216uat0541i3ej65
[2012/01/07 02:40:46 | 1878,233,088 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/07 02:15:08 | 000,012,860 | -HS- | C] () -- C:\ProgramData\yr0356ub4lmo77i46y761xn8t6m7gypyp437cyjt0k12ra
[2012/01/07 00:15:10 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~nf6fQzPVwJJcRX
[2012/01/07 00:15:10 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~nf6fQzPVwJJcRXr
[2012/01/07 00:14:50 | 000,000,408 | -H-- | C] () -- C:\ProgramData\nf6fQzPVwJJcRX
[2012/01/01 01:04:43 | 000,347,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/01 00:53:47 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/12/29 16:38:26 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/28 23:56:35 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/28 23:53:27 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/23 12:54:50 | 000,001,940 | ---- | C] () -- C:\Users\BC Native Housing\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/09/27 12:14:52 | 000,003,584 | ---- | C] () -- C:\Users\BC Native Housing\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/21 10:15:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/23 09:27:44 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp3ml3.dll
[2010/07/26 14:43:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/07/26 10:03:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/26 10:03:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/22 09:42:17 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/08/22 09:42:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/08/22 09:42:17 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/08/22 09:42:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/08/22 09:42:17 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/08/22 09:42:17 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/08/22 09:42:17 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/08/22 09:42:17 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/08/22 09:42:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/08/22 09:42:17 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/08/22 09:42:17 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/08/22 09:42:17 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/08/22 09:42:17 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/08/22 09:42:17 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/08/22 09:42:17 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/08/22 09:42:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/08/22 09:35:15 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw68.bin
[2008/08/22 09:34:47 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV100V350.ini
[2008/05/13 14:21:38 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/05/13 14:21:38 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/05/13 14:21:17 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2008/05/13 14:21:17 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/05/13 14:20:51 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/05/13 14:17:35 | 000,000,302 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/05/06 12:36:44 | 000,031,007 | -H-- | C] () -- C:\Users\BC Native Housing\AppData\Roaming\UserTile.png
[2008/05/02 08:33:22 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/05/02 08:33:22 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2008/04/29 08:46:36 | 000,000,586 | -H-- | C] () -- C:\Users\BC Native Housing\AppData\Roaming\wklnhst.dat
[2008/04/29 08:22:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/04/29 08:22:17 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/04/29 08:20:35 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008/04/29 08:20:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/12/01 11:44:22 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/12/01 11:35:35 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/12/01 11:13:13 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/01 09:30:22 | 000,001,107 | ---- | C] () -- C:\Windows\generic.ini
[2007/12/01 09:30:22 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/04/25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/04/29 08:37:58 | 000,000,000 | -H-D | M] -- C:\Users\BC Native Housing\AppData\Roaming\Acer
[2008/11/03 08:51:47 | 000,000,000 | ---D | M] -- C:\Users\BC Native Housing\AppData\Roaming\EPSON
[2008/04/29 08:37:56 | 000,000,000 | -H-D | M] -- C:\Users\BC Native Housing\AppData\Roaming\Leadertech
[2008/06/06 07:44:25 | 000,000,000 | -H-D | M] -- C:\Users\BC Native Housing\AppData\Roaming\Template
[2011/10/26 08:59:23 | 000,000,000 | -H-D | M] -- C:\Users\BC Native Housing\AppData\Roaming\Tific
[2008/05/01 09:05:10 | 000,000,000 | -H-D | M] -- C:\Users\Kristin Hilder\AppData\Roaming\Acer
[2009/01/19 11:11:35 | 000,000,000 | ---D | M] -- C:\Users\Kristin Hilder\AppData\Roaming\EPSON
[2008/05/01 09:05:09 | 000,000,000 | -H-D | M] -- C:\Users\Kristin Hilder\AppData\Roaming\Leadertech
[2008/07/21 08:14:53 | 000,000,000 | -H-D | M] -- C:\Users\Kristin Hilder\AppData\Roaming\Template
[2012/01/09 19:28:21 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1F9C3D08

< End of report >



OTL Extras logfile created on: 1/10/2012 3:36:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\BC Native Housing\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 62.52% Memory free
3.74 Gb Paging File | 2.26 Gb Available in Paging File | 60.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 56.52 Gb Free Space | 50.60% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 111.07 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

Computer Name: BCNATIVEHOUS-PC | User Name: BC Native Housing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5CD34B02-1549-4747-A83E-0D49CB21D80C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B77B05D9-F6E8-4B82-8990-BEBDB2D62595}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1987A576-C24E-4CDC-9FD0-BB6BDC505F55}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3BB4331C-CE61-4B0B-8185-A5DA316E4BDA}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{46B52B2C-ACEE-42A6-BCB2-42CBDBEE1ACA}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{471DE677-B8AB-4A7C-9F84-F1190107FD25}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{519BCD49-B566-4990-8D87-CB36E36567B4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{66E517D4-F688-4FA1-9AD6-F08D79F37062}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{70E62712-0A6D-48BE-94E3-D6C48E4DA02E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{81D7D153-5D1A-46C2-81CB-21D9B58F7DAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92EEC7C5-1796-464A-996F-5A1DCE950849}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A1A31A65-6D23-4465-9D7C-7951A2859874}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A263205A-C46D-4521-A62B-3BB450352A80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ABAC9717-4196-4D98-95C4-6F4E15B26D4B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B87282CA-E4B0-45C0-AF6C-37CC45A45D57}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{BC8FEBA8-5792-4C46-A285-6FA449653679}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{DB6447AF-AEE5-4BC5-953B-C19251D36D7C}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{DD7C64EE-DEFE-4FAC-B972-4FECF4F8E1B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E01B4E06-9D45-44E9-9703-51E3DC39603E}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{FAD6A327-3E60-4890-A524-18A3CE995975}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V350 Photo Scanner Driver Update
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117580950}" = Bookworm Adventures Fractured Fairytales
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DB7C0963-59CD-4B99-9C77-168CF9E33D63}" = Brother HL-2140
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"EPSON Scanner" = EPSON Scan
"FujiFilm Photo Viewer" = FujiFilm Photo Viewer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Silent Package Run-Time Sample" = EPSON Perfection V350P User's Guide

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2012 11:28:15 PM | Computer Name = BCNativeHous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 747603

Error - 1/10/2012 12:44:56 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 12:47:01 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 12:47:01 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 12:48:46 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 1:14:59 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 1:14:59 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 1:15:39 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 4:39:58 AM | Computer Name = BCNativeHous-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 1/10/2012 4:40:00 AM | Computer Name = BCNativeHous-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ System Events ]
Error - 1/9/2012 11:31:43 PM | Computer Name = BCNativeHous-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 1/9/2012 11:31:43 PM | Computer Name = BCNativeHous-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 1/9/2012 11:32:12 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/9/2012 11:32:29 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/9/2012 11:33:19 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/9/2012 11:33:40 PM | Computer Name = BCNativeHous-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/9/2012 11:53:12 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/9/2012 11:54:14 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/10/2012 4:39:58 AM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/10/2012 4:39:58 AM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .


< End of report >
larnault
Active Member
 
Posts: 10
Joined: January 7th, 2012, 4:36 am

Re: help

Unread postby larnault » January 10th, 2012, 7:45 am

ok here they are

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````


OTL logfile created on: 1/10/2012 3:36:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\BC Native Housing\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 62.52% Memory free
3.74 Gb Paging File | 2.26 Gb Available in Paging File | 60.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 56.52 Gb Free Space | 50.60% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 111.07 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

Computer Name: BCNATIVEHOUS-PC | User Name: BC Native Housing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 03:25:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BC Native Housing\Desktop\OTL.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/07 14:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007/10/11 10:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/07 17:23:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/09/07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007/09/06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/07/31 19:37:34 | 000,815,104 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2007/07/23 17:45:48 | 000,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2007/06/21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/04/16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/10/12 14:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 12:15:32 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/11/17 12:13:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/11/17 12:13:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/11/17 12:12:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/11/17 12:10:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/11/17 12:10:38 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/11/17 12:10:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/11/17 12:09:00 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/11/17 12:08:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2007/09/07 17:23:08 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007/08/29 10:35:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007/04/25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007/04/25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007/04/16 18:48:18 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
MOD - [2007/04/16 18:47:42 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
MOD - [2007/04/16 18:47:40 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
MOD - [2007/04/16 18:47:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
MOD - [2007/04/16 18:47:34 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
MOD - [2007/04/16 18:47:32 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll
MOD - [2007/02/13 05:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2005/06/28 12:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - [2010/07/22 13:25:53 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/12/21 09:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/07 23:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/12/07 23:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/09/10 10:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/07/07 05:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/07/02 18:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2012/01/06 15:40:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\BC Native Housing\AppData\Roaming\Mozilla\Extensions
[2012/01/06 15:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BC Native Housing\AppData\Roaming\Mozilla\Firefox\Profiles\q14tums4.default\extensions
[2012/01/06 15:42:58 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\BC Native Housing\AppData\Roaming\Mozilla\Firefox\Profiles\q14tums4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/06 15:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/20 20:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 20:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4051198292-3032509420-350528711-1000..\Run: [Acer Tour Reminder] File not found
O4 - HKU\S-1-5-21-4051198292-3032509420-350528711-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/re ... den-ca.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b56649.cab (MSN Games - Installer)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B1B34E4-71E1-4746-ACA8-E39FFCE6A4EF}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 03:25:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\BC Native Housing\Desktop\OTL.exe
[2012/01/09 02:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/01/09 02:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/01/06 15:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/06 15:40:05 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Local\Mozilla
[2012/01/06 15:40:04 | 000,000,000 | ---D | C] -- C:\Users\BC Native Housing\AppData\Roaming\Mozilla
[2012/01/06 15:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/02 23:16:09 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\Desktop\Eminem - The Slim Shady LP (1999) SleazyFlix.com
[2012/01/02 23:15:42 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Roaming\WinRAR
[2012/01/02 23:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/01 00:53:49 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/01 00:53:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/01 00:53:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/01 00:53:48 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/01 00:53:48 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/01 00:53:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/01 00:53:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/01 00:53:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/01 00:53:48 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/01 00:53:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/01 00:53:47 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/01 00:53:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/01 00:53:47 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/01 00:53:47 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/01 00:53:47 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/01 00:53:47 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/01 00:53:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/01 00:53:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/01 00:53:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/01 00:53:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/01 00:53:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/01 00:53:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/01 00:53:47 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/01 00:53:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/01 00:53:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/01 00:53:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/01 00:53:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/01 00:53:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/01 00:53:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/01 00:53:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/01 00:53:45 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/01 00:53:45 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/01 00:53:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/01 00:53:45 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/01 00:53:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/01 00:53:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/01 00:53:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/29 17:50:46 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/12/29 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/29 16:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/29 00:00:00 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/29 00:00:00 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/28 23:59:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/28 23:59:54 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/28 23:59:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/28 23:59:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/28 23:57:32 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Local\Apple Computer
[2011/12/28 23:57:31 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Roaming\Apple Computer
[2011/12/28 23:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/28 23:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/28 23:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/28 23:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/28 23:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/28 23:53:34 | 000,000,000 | -H-D | C] -- C:\Users\BC Native Housing\AppData\Local\Apple
[2011/12/28 23:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/28 23:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/28 23:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/12/28 23:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/12/28 23:48:21 | 069,341,552 | ---- | C] (Apple Inc.) -- C:\Users\BC Native Housing\Documents\iTunesSetup.exe
[2011/12/28 23:43:12 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2008/04/29 08:20:04 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/12/01 11:44:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 03:32:18 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 03:32:18 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 03:25:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BC Native Housing\Desktop\OTL.exe
[2012/01/10 03:25:15 | 000,879,683 | ---- | M] () -- C:\Users\BC Native Housing\Desktop\SecurityCheck.exe
[2012/01/10 03:04:52 | 000,000,081 | ---- | M] () -- C:\Users\BC Native Housing\Desktop\testhd.bat
[2012/01/09 22:48:31 | 000,033,479 | ---- | M] () -- C:\Users\BC Native Housing\Desktop\148273_10150107582681111_659406110_7957728_2121788_n.jpg
[2012/01/09 19:54:27 | 000,000,302 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/01/09 19:38:39 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/09 19:38:39 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/09 19:32:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 19:32:12 | 1878,233,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 19:26:42 | 000,000,022 | ---- | M] () -- C:\Users\BC Native Housing\Desktop\fixhd.bat
[2012/01/09 17:20:04 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/01/09 17:20:04 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD5250DN.DAT
[2012/01/09 03:24:06 | 000,014,250 | -HS- | M] () -- C:\ProgramData\26ckdt20p303tb1mc3dbj50t0e1i33216uat0541i3ej65
[2012/01/07 02:17:14 | 000,012,860 | -HS- | M] () -- C:\ProgramData\yr0356ub4lmo77i46y761xn8t6m7gypyp437cyjt0k12ra
[2012/01/07 00:15:18 | 000,000,408 | -H-- | M] () -- C:\ProgramData\nf6fQzPVwJJcRX
[2012/01/07 00:15:10 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~nf6fQzPVwJJcRX
[2012/01/07 00:15:10 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~nf6fQzPVwJJcRXr
[2012/01/01 01:07:07 | 000,000,947 | ---- | M] () -- C:\Users\BC Native Housing\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/01 01:05:20 | 000,347,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/01 00:54:13 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/01/01 00:54:13 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/01/01 00:53:49 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/01 00:53:49 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/01 00:53:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/01 00:53:48 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/01 00:53:48 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/01 00:53:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/01 00:53:48 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/01 00:53:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/01 00:53:48 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/01 00:53:48 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/01 00:53:47 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/01 00:53:47 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/01 00:53:47 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/01 00:53:47 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/01 00:53:47 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/01 00:53:47 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/01 00:53:47 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/01 00:53:47 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/01 00:53:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/01 00:53:47 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/01 00:53:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/01 00:53:47 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/01 00:53:47 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/01 00:53:47 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/01 00:53:47 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/01 00:53:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/01 00:53:46 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/01 00:53:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/01 00:53:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/01 00:53:46 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/01 00:53:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/01 00:53:45 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/01 00:53:45 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/01 00:53:45 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/01 00:53:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/01 00:53:45 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/01 00:53:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/01 00:53:45 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/29 16:44:13 | 000,000,775 | ---- | M] () -- C:\Users\BC Native Housing\Documents\My Sharing Folders.lnk
[2011/12/29 16:38:26 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/28 23:56:35 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/28 23:48:49 | 069,341,552 | ---- | M] (Apple Inc.) -- C:\Users\BC Native Housing\Documents\iTunesSetup.exe
[2011/12/28 23:43:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/10 03:25:14 | 000,879,683 | ---- | C] () -- C:\Users\BC Native Housing\Desktop\SecurityCheck.exe
[2012/01/10 03:04:51 | 000,000,081 | ---- | C] () -- C:\Users\BC Native Housing\Desktop\testhd.bat
[2012/01/09 22:49:14 | 000,033,479 | ---- | C] () -- C:\Users\BC Native Housing\Desktop\148273_10150107582681111_659406110_7957728_2121788_n.jpg
[2012/01/09 17:26:45 | 000,000,022 | ---- | C] () -- C:\Users\BC Native Housing\Desktop\fixhd.bat
[2012/01/09 03:22:00 | 000,014,250 | -HS- | C] () -- C:\ProgramData\26ckdt20p303tb1mc3dbj50t0e1i33216uat0541i3ej65
[2012/01/07 02:40:46 | 1878,233,088 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/07 02:15:08 | 000,012,860 | -HS- | C] () -- C:\ProgramData\yr0356ub4lmo77i46y761xn8t6m7gypyp437cyjt0k12ra
[2012/01/07 00:15:10 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~nf6fQzPVwJJcRX
[2012/01/07 00:15:10 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~nf6fQzPVwJJcRXr
[2012/01/07 00:14:50 | 000,000,408 | -H-- | C] () -- C:\ProgramData\nf6fQzPVwJJcRX
[2012/01/01 01:04:43 | 000,347,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/01 00:53:47 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/12/29 16:38:26 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/28 23:56:35 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/28 23:53:27 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/23 12:54:50 | 000,001,940 | ---- | C] () -- C:\Users\BC Native Housing\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/09/27 12:14:52 | 000,003,584 | ---- | C] () -- C:\Users\BC Native Housing\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/21 10:15:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/23 09:27:44 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp3ml3.dll
[2010/07/26 14:43:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/07/26 10:03:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/26 10:03:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/22 09:42:17 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/08/22 09:42:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/08/22 09:42:17 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/08/22 09:42:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/08/22 09:42:17 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/08/22 09:42:17 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/08/22 09:42:17 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/08/22 09:42:17 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/08/22 09:42:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/08/22 09:42:17 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/08/22 09:42:17 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/08/22 09:42:17 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/08/22 09:42:17 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/08/22 09:42:17 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/08/22 09:42:17 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/08/22 09:42:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/08/22 09:35:15 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw68.bin
[2008/08/22 09:34:47 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV100V350.ini
[2008/05/13 14:21:38 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/05/13 14:21:38 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/05/13 14:21:17 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2008/05/13 14:21:17 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/05/13 14:20:51 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/05/13 14:17:35 | 000,000,302 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/05/06 12:36:44 | 000,031,007 | -H-- | C] () -- C:\Users\BC Native Housing\AppData\Roaming\UserTile.png
[2008/05/02 08:33:22 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/05/02 08:33:22 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2008/04/29 08:46:36 | 000,000,586 | -H-- | C] () -- C:\Users\BC Native Housing\AppData\Roaming\wklnhst.dat
[2008/04/29 08:22:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/04/29 08:22:17 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/04/29 08:20:35 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008/04/29 08:20:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/12/01 11:44:22 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/12/01 11:35:35 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/12/01 11:13:13 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/01 09:30:22 | 000,001,107 | ---- | C] () -- C:\Windows\generic.ini
[2007/12/01 09:30:22 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/04/25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/04/29 08:37:58 | 000,000,000 | -H-D | M] -- C:\Users\BC Native Housing\AppData\Roaming\Acer
[2008/11/03 08:51:47 | 000,000,000 | ---D | M] -- C:\Users\BC Native Housing\AppData\Roaming\EPSON
[2008/04/29 08:37:56 | 000,000,000 | -H-D | M] -- C:\Users\BC Native Housing\AppData\Roaming\Leadertech
[2008/06/06 07:44:25 | 000,000,000 | -H-D | M] -- C:\Users\BC Native Housing\AppData\Roaming\Template
[2011/10/26 08:59:23 | 000,000,000 | -H-D | M] -- C:\Users\BC Native Housing\AppData\Roaming\Tific
[2008/05/01 09:05:10 | 000,000,000 | -H-D | M] -- C:\Users\Kristin Hilder\AppData\Roaming\Acer
[2009/01/19 11:11:35 | 000,000,000 | ---D | M] -- C:\Users\Kristin Hilder\AppData\Roaming\EPSON
[2008/05/01 09:05:09 | 000,000,000 | -H-D | M] -- C:\Users\Kristin Hilder\AppData\Roaming\Leadertech
[2008/07/21 08:14:53 | 000,000,000 | -H-D | M] -- C:\Users\Kristin Hilder\AppData\Roaming\Template
[2012/01/09 19:28:21 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1F9C3D08

< End of report >



OTL Extras logfile created on: 1/10/2012 3:36:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\BC Native Housing\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 62.52% Memory free
3.74 Gb Paging File | 2.26 Gb Available in Paging File | 60.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 56.52 Gb Free Space | 50.60% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 111.07 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

Computer Name: BCNATIVEHOUS-PC | User Name: BC Native Housing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5CD34B02-1549-4747-A83E-0D49CB21D80C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B77B05D9-F6E8-4B82-8990-BEBDB2D62595}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1987A576-C24E-4CDC-9FD0-BB6BDC505F55}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3BB4331C-CE61-4B0B-8185-A5DA316E4BDA}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{46B52B2C-ACEE-42A6-BCB2-42CBDBEE1ACA}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{471DE677-B8AB-4A7C-9F84-F1190107FD25}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{519BCD49-B566-4990-8D87-CB36E36567B4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{66E517D4-F688-4FA1-9AD6-F08D79F37062}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{70E62712-0A6D-48BE-94E3-D6C48E4DA02E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{81D7D153-5D1A-46C2-81CB-21D9B58F7DAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92EEC7C5-1796-464A-996F-5A1DCE950849}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A1A31A65-6D23-4465-9D7C-7951A2859874}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A263205A-C46D-4521-A62B-3BB450352A80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ABAC9717-4196-4D98-95C4-6F4E15B26D4B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B87282CA-E4B0-45C0-AF6C-37CC45A45D57}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{BC8FEBA8-5792-4C46-A285-6FA449653679}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{DB6447AF-AEE5-4BC5-953B-C19251D36D7C}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{DD7C64EE-DEFE-4FAC-B972-4FECF4F8E1B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E01B4E06-9D45-44E9-9703-51E3DC39603E}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{FAD6A327-3E60-4890-A524-18A3CE995975}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V350 Photo Scanner Driver Update
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117580950}" = Bookworm Adventures Fractured Fairytales
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DB7C0963-59CD-4B99-9C77-168CF9E33D63}" = Brother HL-2140
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"EPSON Scanner" = EPSON Scan
"FujiFilm Photo Viewer" = FujiFilm Photo Viewer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Silent Package Run-Time Sample" = EPSON Perfection V350P User's Guide

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2012 11:28:15 PM | Computer Name = BCNativeHous-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 747603

Error - 1/10/2012 12:44:56 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 12:47:01 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 12:47:01 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 12:48:46 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 1:14:59 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 1:14:59 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 1:15:39 AM | Computer Name = BCNativeHous-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/10/2012 4:39:58 AM | Computer Name = BCNativeHous-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 1/10/2012 4:40:00 AM | Computer Name = BCNativeHous-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ System Events ]
Error - 1/9/2012 11:31:43 PM | Computer Name = BCNativeHous-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 1/9/2012 11:31:43 PM | Computer Name = BCNativeHous-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 1/9/2012 11:32:12 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/9/2012 11:32:29 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/9/2012 11:33:19 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/9/2012 11:33:40 PM | Computer Name = BCNativeHous-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/9/2012 11:53:12 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/9/2012 11:54:14 PM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/10/2012 4:39:58 AM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 1/10/2012 4:39:58 AM | Computer Name = BCNativeHous-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .


< End of report >
larnault
Active Member
 
Posts: 10
Joined: January 7th, 2012, 4:36 am

Re: help

Unread postby askey127 » January 10th, 2012, 8:04 am

larnault,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 8.1.2

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :file
    C:\ProgramData\26ckdt20p303tb1mc3dbj50t0e1i33216uat0541i3ej65
    C:\ProgramData\yr0356ub4lmo77i46y761xn8t6m7gypyp437cyjt0k12ra
    C:\ProgramData\nf6fQzPVwJJcRX
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: help

Unread postby larnault » January 10th, 2012, 8:17 am

SystemLook 30.07.11 by jpshortstuff
Log created at 04:10 on 10/01/2012 by BC Native Housing
Administrator - Elevation successful

========== file ==========

C:\ProgramData\26ckdt20p303tb1mc3dbj50t0e1i33216uat0541i3ej65 - File found and opened.
MD5: 982BCDD1A17471BF20837B3CD90CBC56
Created at 11:22 on 09/01/2012
Modified at 11:24 on 09/01/2012
Size: 14250 bytes
Attributes: --ahs--
No version information available.

C:\ProgramData\yr0356ub4lmo77i46y761xn8t6m7gypyp437cyjt0k12ra - File found and opened.
MD5: BAADFAE6857E41DD8BF05141562D479D
Created at 10:15 on 07/01/2012
Modified at 10:17 on 07/01/2012
Size: 12860 bytes
Attributes: --ahs--
No version information available.

C:\ProgramData\nf6fQzPVwJJcRX - File found and opened.
MD5: 33175842C6D847F6646EFFF95A78F501
Created at 08:14 on 07/01/2012
Modified at 08:15 on 07/01/2012
Size: 408 bytes
Attributes: --ah---
No version information available.

-= EOF =-




04:12:33.0920 3780 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
04:12:34.0518 3780 ============================================================
04:12:34.0518 3780 Current date / time: 2012/01/10 04:12:34.0518
04:12:34.0518 3780 SystemInfo:
04:12:34.0518 3780
04:12:34.0518 3780 OS Version: 6.0.6002 ServicePack: 2.0
04:12:34.0518 3780 Product type: Workstation
04:12:34.0518 3780 ComputerName: BCNATIVEHOUS-PC
04:12:34.0519 3780 UserName: BC Native Housing
04:12:34.0519 3780 Windows directory: C:\Windows
04:12:34.0519 3780 System windows directory: C:\Windows
04:12:34.0519 3780 Processor architecture: Intel x86
04:12:34.0519 3780 Number of processors: 2
04:12:34.0519 3780 Page size: 0x1000
04:12:34.0519 3780 Boot type: Normal boot
04:12:34.0519 3780 ============================================================
04:12:35.0234 3780 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
04:12:35.0527 3780 Initialize success
04:12:38.0940 3856 ============================================================
04:12:38.0940 3856 Scan started
04:12:38.0940 3856 Mode: Manual;
04:12:38.0940 3856 ============================================================
04:12:41.0058 3856 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:12:41.0064 3856 ACPI - ok
04:12:41.0257 3856 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:12:41.0264 3856 adp94xx - ok
04:12:41.0536 3856 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:12:41.0553 3856 adpahci - ok
04:12:41.0778 3856 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:12:41.0780 3856 adpu160m - ok
04:12:41.0960 3856 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:12:41.0975 3856 adpu320 - ok
04:12:42.0185 3856 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
04:12:42.0186 3856 Afc - ok
04:12:42.0331 3856 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:12:42.0348 3856 AFD - ok
04:12:42.0490 3856 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:12:42.0492 3856 agp440 - ok
04:12:42.0731 3856 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:12:42.0743 3856 aic78xx - ok
04:12:42.0995 3856 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
04:12:42.0996 3856 aliide - ok
04:12:43.0194 3856 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:12:43.0209 3856 amdagp - ok
04:12:43.0322 3856 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
04:12:43.0323 3856 amdide - ok
04:12:43.0477 3856 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:12:43.0479 3856 AmdK7 - ok
04:12:43.0716 3856 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
04:12:43.0729 3856 AmdK8 - ok
04:12:43.0898 3856 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:12:43.0900 3856 arc - ok
04:12:44.0081 3856 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:12:44.0097 3856 arcsas - ok
04:12:44.0262 3856 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:12:44.0263 3856 AsyncMac - ok
04:12:44.0507 3856 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:12:44.0517 3856 atapi - ok
04:12:44.0794 3856 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:12:44.0803 3856 Beep - ok
04:12:45.0076 3856 blbdrive - ok
04:12:45.0355 3856 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:12:45.0358 3856 bowser - ok
04:12:45.0426 3856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:12:45.0439 3856 BrFiltLo - ok
04:12:45.0479 3856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:12:45.0497 3856 BrFiltUp - ok
04:12:45.0607 3856 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:12:45.0624 3856 Brserid - ok
04:12:45.0823 3856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:12:45.0841 3856 BrSerWdm - ok
04:12:46.0149 3856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:12:46.0151 3856 BrUsbMdm - ok
04:12:46.0430 3856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:12:46.0431 3856 BrUsbSer - ok
04:12:46.0657 3856 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:12:46.0667 3856 BTHMODEM - ok
04:12:46.0770 3856 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:12:46.0773 3856 cdfs - ok
04:12:46.0839 3856 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:12:46.0841 3856 cdrom - ok
04:12:46.0978 3856 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:12:46.0981 3856 circlass - ok
04:12:47.0102 3856 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:12:47.0107 3856 CLFS - ok
04:12:47.0276 3856 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
04:12:47.0278 3856 cmdide - ok
04:12:47.0411 3856 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
04:12:47.0412 3856 Compbatt - ok
04:12:47.0527 3856 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:12:47.0529 3856 crcdisk - ok
04:12:47.0557 3856 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:12:47.0558 3856 Crusoe - ok
04:12:47.0717 3856 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:12:47.0721 3856 DfsC - ok
04:12:48.0002 3856 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:12:48.0004 3856 disk - ok
04:12:48.0213 3856 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:12:48.0214 3856 drmkaud - ok
04:12:48.0380 3856 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:12:48.0399 3856 DXGKrnl - ok
04:12:48.0542 3856 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:12:48.0545 3856 E1G60 - ok
04:12:48.0691 3856 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:12:48.0695 3856 Ecache - ok
04:12:48.0876 3856 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:12:48.0886 3856 elxstor - ok
04:12:49.0074 3856 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:12:49.0077 3856 exfat - ok
04:12:49.0135 3856 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:12:49.0140 3856 fastfat - ok
04:12:49.0238 3856 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
04:12:49.0240 3856 fdc - ok
04:12:49.0386 3856 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:12:49.0388 3856 FileInfo - ok
04:12:49.0441 3856 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:12:49.0451 3856 Filetrace - ok
04:12:49.0519 3856 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
04:12:49.0521 3856 flpydisk - ok
04:12:49.0583 3856 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:12:49.0586 3856 FltMgr - ok
04:12:49.0745 3856 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:12:49.0746 3856 Fs_Rec - ok
04:12:49.0810 3856 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:12:49.0812 3856 gagp30kx - ok
04:12:49.0858 3856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:12:49.0869 3856 GEARAspiWDM - ok
04:12:50.0024 3856 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:12:50.0029 3856 HdAudAddService - ok
04:12:50.0106 3856 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:12:50.0116 3856 HDAudBus - ok
04:12:50.0229 3856 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:12:50.0231 3856 HidBth - ok
04:12:50.0309 3856 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:12:50.0310 3856 HidIr - ok
04:12:50.0435 3856 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:12:50.0436 3856 HidUsb - ok
04:12:50.0562 3856 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:12:50.0573 3856 HpCISSs - ok
04:12:50.0621 3856 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:12:50.0629 3856 HTTP - ok
04:12:50.0745 3856 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:12:50.0753 3856 i2omp - ok
04:12:50.0878 3856 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:12:50.0881 3856 i8042prt - ok
04:12:51.0038 3856 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:12:51.0043 3856 iaStorV - ok
04:12:51.0189 3856 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:12:51.0191 3856 iirsp - ok
04:12:51.0275 3856 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
04:12:51.0277 3856 int15 - ok
04:12:51.0451 3856 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
04:12:51.0522 3856 IntcAzAudAddService - ok
04:12:51.0638 3856 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
04:12:51.0639 3856 intelide - ok
04:12:51.0716 3856 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
04:12:51.0718 3856 intelppm - ok
04:12:51.0841 3856 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:12:51.0843 3856 IpFilterDriver - ok
04:12:51.0957 3856 IpInIp - ok
04:12:52.0006 3856 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:12:52.0021 3856 IPMIDRV - ok
04:12:52.0104 3856 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:12:52.0106 3856 IPNAT - ok
04:12:52.0171 3856 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:12:52.0172 3856 IRENUM - ok
04:12:52.0232 3856 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:12:52.0234 3856 isapnp - ok
04:12:52.0361 3856 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:12:52.0365 3856 iScsiPrt - ok
04:12:52.0479 3856 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:12:52.0486 3856 iteatapi - ok
04:12:52.0541 3856 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:12:52.0543 3856 iteraid - ok
04:12:52.0615 3856 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:12:52.0617 3856 kbdclass - ok
04:12:52.0747 3856 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:12:52.0748 3856 kbdhid - ok
04:12:52.0957 3856 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
04:12:52.0964 3856 KSecDD - ok
04:12:53.0144 3856 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:12:53.0146 3856 lltdio - ok
04:12:53.0249 3856 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:12:53.0252 3856 LSI_FC - ok
04:12:53.0363 3856 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:12:53.0365 3856 LSI_SAS - ok
04:12:53.0459 3856 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:12:53.0461 3856 LSI_SCSI - ok
04:12:53.0515 3856 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:12:53.0518 3856 luafv - ok
04:12:53.0649 3856 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:12:53.0651 3856 megasas - ok
04:12:53.0717 3856 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:12:53.0719 3856 Modem - ok
04:12:53.0855 3856 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:12:53.0869 3856 monitor - ok
04:12:53.0967 3856 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:12:53.0969 3856 mouclass - ok
04:12:54.0019 3856 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:12:54.0020 3856 mouhid - ok
04:12:54.0121 3856 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:12:54.0129 3856 MountMgr - ok
04:12:54.0194 3856 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:12:54.0197 3856 mpio - ok
04:12:54.0251 3856 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:12:54.0253 3856 mpsdrv - ok
04:12:54.0406 3856 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:12:54.0408 3856 Mraid35x - ok
04:12:54.0466 3856 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:12:54.0470 3856 MRxDAV - ok
04:12:54.0537 3856 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:12:54.0540 3856 mrxsmb - ok
04:12:54.0631 3856 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:12:54.0637 3856 mrxsmb10 - ok
04:12:54.0756 3856 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:12:54.0759 3856 mrxsmb20 - ok
04:12:54.0857 3856 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
04:12:54.0861 3856 msahci - ok
04:12:54.0948 3856 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:12:54.0951 3856 msdsm - ok
04:12:55.0008 3856 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:12:55.0009 3856 Msfs - ok
04:12:55.0074 3856 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:12:55.0076 3856 msisadrv - ok
04:12:55.0119 3856 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:12:55.0120 3856 MSKSSRV - ok
04:12:55.0160 3856 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:12:55.0161 3856 MSPCLOCK - ok
04:12:55.0301 3856 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:12:55.0302 3856 MSPQM - ok
04:12:55.0415 3856 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:12:55.0419 3856 MsRPC - ok
04:12:55.0528 3856 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:12:55.0529 3856 mssmbios - ok
04:12:55.0655 3856 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:12:55.0656 3856 MSTEE - ok
04:12:55.0734 3856 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:12:55.0736 3856 Mup - ok
04:12:55.0834 3856 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:12:55.0838 3856 NativeWifiP - ok
04:12:55.0928 3856 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:12:55.0938 3856 NDIS - ok
04:12:56.0074 3856 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:12:56.0076 3856 NdisTapi - ok
04:12:56.0141 3856 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:12:56.0143 3856 Ndisuio - ok
04:12:56.0192 3856 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:12:56.0194 3856 NdisWan - ok
04:12:56.0264 3856 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:12:56.0267 3856 NDProxy - ok
04:12:56.0304 3856 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:12:56.0306 3856 NetBIOS - ok
04:12:56.0365 3856 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:12:56.0369 3856 netbt - ok
04:12:56.0518 3856 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:12:56.0520 3856 nfrd960 - ok
04:12:56.0639 3856 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:12:56.0641 3856 Npfs - ok
04:12:56.0731 3856 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:12:56.0732 3856 nsiproxy - ok
04:12:56.0820 3856 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:12:56.0870 3856 Ntfs - ok
04:12:56.0958 3856 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
04:12:56.0960 3856 NTIDrvr - ok
04:12:57.0001 3856 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:12:57.0002 3856 ntrigdigi - ok
04:12:57.0072 3856 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:12:57.0073 3856 Null - ok
04:12:57.0212 3856 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
04:12:57.0279 3856 NVENETFD - ok
04:12:57.0732 3856 nvlddmkm (23c24fdbc46b61a828db3779a808a68b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:12:57.0928 3856 nvlddmkm - ok
04:12:58.0026 3856 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
04:12:58.0039 3856 nvraid - ok
04:12:58.0164 3856 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
04:12:58.0167 3856 nvrd32 - ok
04:12:58.0278 3856 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
04:12:58.0279 3856 nvsmu - ok
04:12:58.0388 3856 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
04:12:58.0389 3856 nvstor - ok
04:12:58.0461 3856 nvstor32 (689a2160b851f8bf88f20728fd2f30bd) C:\Windows\system32\drivers\nvstor32.sys
04:12:58.0462 3856 nvstor32 - ok
04:12:58.0590 3856 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:12:58.0611 3856 nv_agp - ok
04:12:58.0712 3856 NwlnkFlt - ok
04:12:58.0779 3856 NwlnkFwd - ok
04:12:58.0880 3856 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
04:12:58.0881 3856 ohci1394 - ok
04:12:59.0050 3856 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
04:12:59.0053 3856 Parport - ok
04:12:59.0153 3856 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:12:59.0155 3856 partmgr - ok
04:12:59.0286 3856 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
04:12:59.0302 3856 Parvdm - ok
04:12:59.0443 3856 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:12:59.0446 3856 pci - ok
04:12:59.0592 3856 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:12:59.0593 3856 pciide - ok
04:12:59.0667 3856 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:12:59.0671 3856 pcmcia - ok
04:12:59.0827 3856 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:12:59.0869 3856 PEAUTH - ok
04:13:00.0090 3856 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:13:00.0106 3856 PptpMiniport - ok
04:13:00.0205 3856 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:13:00.0207 3856 Processor - ok
04:13:00.0271 3856 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:13:00.0274 3856 PSched - ok
04:13:00.0381 3856 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
04:13:00.0382 3856 PSDFilter - ok
04:13:00.0466 3856 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
04:13:00.0468 3856 PSDNServ - ok
04:13:00.0553 3856 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
04:13:00.0556 3856 psdvdisk - ok
04:13:00.0707 3856 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:13:00.0759 3856 ql2300 - ok
04:13:00.0882 3856 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:13:00.0894 3856 ql40xx - ok
04:13:01.0015 3856 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:13:01.0026 3856 QWAVEdrv - ok
04:13:01.0108 3856 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:13:01.0110 3856 RasAcd - ok
04:13:01.0207 3856 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:13:01.0210 3856 Rasl2tp - ok
04:13:01.0310 3856 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:13:01.0312 3856 RasPppoe - ok
04:13:01.0439 3856 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:13:01.0441 3856 RasSstp - ok
04:13:01.0501 3856 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:13:01.0507 3856 rdbss - ok
04:13:01.0637 3856 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:13:01.0639 3856 RDPCDD - ok
04:13:01.0740 3856 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
04:13:01.0746 3856 rdpdr - ok
04:13:01.0838 3856 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:13:01.0852 3856 RDPENCDD - ok
04:13:01.0978 3856 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:13:01.0982 3856 RDPWD - ok
04:13:02.0115 3856 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:13:02.0118 3856 rspndr - ok
04:13:02.0228 3856 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:13:02.0231 3856 sbp2port - ok
04:13:02.0370 3856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:13:02.0372 3856 secdrv - ok
04:13:02.0499 3856 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
04:13:02.0502 3856 Serenum - ok
04:13:02.0646 3856 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
04:13:02.0649 3856 Serial - ok
04:13:02.0763 3856 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:13:02.0765 3856 sermouse - ok
04:13:02.0860 3856 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:13:02.0868 3856 sffdisk - ok
04:13:02.0943 3856 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:13:02.0944 3856 sffp_mmc - ok
04:13:03.0011 3856 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:13:03.0013 3856 sffp_sd - ok
04:13:03.0108 3856 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:13:03.0120 3856 sfloppy - ok
04:13:03.0239 3856 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:13:03.0252 3856 sisagp - ok
04:13:03.0355 3856 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:13:03.0357 3856 SiSRaid2 - ok
04:13:03.0450 3856 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:13:03.0453 3856 SiSRaid4 - ok
04:13:03.0555 3856 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:13:03.0558 3856 Smb - ok
04:13:03.0715 3856 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:13:03.0717 3856 spldr - ok
04:13:03.0865 3856 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:13:03.0873 3856 srv - ok
04:13:03.0959 3856 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:13:03.0962 3856 srv2 - ok
04:13:04.0054 3856 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:13:04.0057 3856 srvnet - ok
04:13:04.0137 3856 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:13:04.0138 3856 swenum - ok
04:13:04.0245 3856 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:13:04.0246 3856 Symc8xx - ok
04:13:04.0281 3856 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
04:13:04.0285 3856 SymEvent - ok
04:13:04.0412 3856 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:13:04.0418 3856 Sym_hi - ok
04:13:04.0495 3856 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:13:04.0497 3856 Sym_u3 - ok
04:13:04.0635 3856 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
04:13:04.0676 3856 Tcpip - ok
04:13:04.0827 3856 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
04:13:04.0837 3856 Tcpip6 - ok
04:13:04.0932 3856 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
04:13:04.0933 3856 tcpipreg - ok
04:13:05.0049 3856 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:13:05.0051 3856 TDPIPE - ok
04:13:05.0120 3856 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:13:05.0121 3856 TDTCP - ok
04:13:05.0178 3856 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:13:05.0181 3856 tdx - ok
04:13:05.0315 3856 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:13:05.0317 3856 TermDD - ok
04:13:05.0440 3856 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:13:05.0442 3856 tssecsrv - ok
04:13:05.0486 3856 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:13:05.0499 3856 tunmp - ok
04:13:05.0604 3856 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:13:05.0606 3856 tunnel - ok
04:13:05.0665 3856 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:13:05.0667 3856 uagp35 - ok
04:13:05.0798 3856 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:13:05.0804 3856 udfs - ok
04:13:05.0915 3856 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:13:05.0918 3856 uliagpkx - ok
04:13:06.0021 3856 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:13:06.0026 3856 uliahci - ok
04:13:06.0067 3856 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:13:06.0070 3856 UlSata - ok
04:13:06.0149 3856 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:13:06.0153 3856 ulsata2 - ok
04:13:06.0219 3856 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:13:06.0220 3856 umbus - ok
04:13:06.0299 3856 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:13:06.0301 3856 usbccgp - ok
04:13:06.0424 3856 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:13:06.0435 3856 usbcir - ok
04:13:06.0529 3856 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:13:06.0530 3856 usbehci - ok
04:13:06.0642 3856 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:13:06.0647 3856 usbhub - ok
04:13:06.0751 3856 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
04:13:06.0753 3856 usbohci - ok
04:13:06.0876 3856 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:13:06.0878 3856 usbprint - ok
04:13:06.0996 3856 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
04:13:06.0998 3856 usbscan - ok
04:13:07.0083 3856 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:13:07.0086 3856 USBSTOR - ok
04:13:07.0172 3856 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
04:13:07.0174 3856 usbuhci - ok
04:13:07.0256 3856 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
04:13:07.0258 3856 vga - ok
04:13:07.0322 3856 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:13:07.0324 3856 VgaSave - ok
04:13:07.0361 3856 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:13:07.0363 3856 viaagp - ok
04:13:07.0455 3856 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:13:07.0457 3856 ViaC7 - ok
04:13:07.0493 3856 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
04:13:07.0495 3856 viaide - ok
04:13:07.0592 3856 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:13:07.0594 3856 volmgr - ok
04:13:07.0643 3856 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:13:07.0658 3856 volmgrx - ok
04:13:07.0796 3856 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:13:07.0802 3856 volsnap - ok
04:13:07.0918 3856 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:13:07.0935 3856 vsmraid - ok
04:13:07.0996 3856 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:13:07.0997 3856 WacomPen - ok
04:13:08.0043 3856 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:13:08.0045 3856 Wanarp - ok
04:13:08.0053 3856 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:13:08.0055 3856 Wanarpv6 - ok
04:13:08.0140 3856 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
04:13:08.0142 3856 Wd - ok
04:13:08.0230 3856 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:13:08.0248 3856 Wdf01000 - ok
04:13:08.0428 3856 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:13:08.0429 3856 WmiAcpi - ok
04:13:08.0561 3856 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:13:08.0563 3856 WpdUsb - ok
04:13:08.0663 3856 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:13:08.0664 3856 ws2ifsl - ok
04:13:08.0825 3856 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:13:08.0828 3856 WUDFRd - ok
04:13:08.0881 3856 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
04:13:08.0909 3856 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
04:13:08.0909 3856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
04:13:08.0945 3856 Boot (0x1200) (945a7667569566d3401b020ff59329b5) \Device\Harddisk0\DR0\Partition0
04:13:08.0947 3856 \Device\Harddisk0\DR0\Partition0 - ok
04:13:08.0968 3856 Boot (0x1200) (fe997315ff7d5c4d46331046f47e7674) \Device\Harddisk0\DR0\Partition1
04:13:08.0969 3856 \Device\Harddisk0\DR0\Partition1 - ok
04:13:08.0970 3856 ============================================================
04:13:08.0970 3856 Scan finished
04:13:08.0970 3856 ============================================================
04:13:08.0991 1716 Detected object count: 1
04:13:08.0991 1716 Actual detected object count: 1
04:13:24.0387 1716 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
04:13:24.0387 1716 \Device\Harddisk0\DR0 - ok
04:13:24.0388 1716 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
04:13:26.0361 4824 Deinitialize success
larnault
Active Member
 
Posts: 10
Joined: January 7th, 2012, 4:36 am

Re: help

Unread postby askey127 » January 10th, 2012, 8:38 am

larnault,
-----------------------------------------------------------
If you have not restarted your machine since running TDSSKiller, do so now.
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Disable Norton
    • Start Norton Internet Security
    • In the left pane, click Status and Settings
    • Click Security
    • Click Turn Off
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • It will run through about 50 tasks, and take a while to assemble the report.
    When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: help

Unread postby larnault » January 10th, 2012, 9:03 am

ComboFix 12-01-09.07 - BC Native Housing 01/10/2012 4:46.1.2 - x86
Running from: c:\users\BC Native Housing\Desktop\zzz.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~nf6fQzPVwJJcRX
c:\programdata\~nf6fQzPVwJJcRXr
c:\programdata\nf6fQzPVwJJcRX
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 12:55 . 2012-01-10 12:57 -------- d-----w- c:\users\BC Native Housing\AppData\Local\temp
2012-01-10 12:55 . 2012-01-10 12:55 -------- d-----w- c:\users\Kristin Hilder\AppData\Local\temp
2012-01-10 12:55 . 2012-01-10 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 12:14 . 2012-01-10 12:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E8A3EAE-48CC-4FF1-9300-5AD81866FD2B}\offreg.dll
2012-01-10 08:40 . 2011-11-30 10:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E8A3EAE-48CC-4FF1-9300-5AD81866FD2B}\mpengine.dll
2012-01-09 10:32 . 2012-01-09 10:32 -------- d-----w- c:\users\Kristin Hilder\Tracing
2012-01-09 10:07 . 2012-01-09 10:07 -------- d-----w- c:\program files\Microsoft
2012-01-09 10:04 . 2012-01-09 10:51 -------- d-----w- c:\users\Kristin Hilder\AppData\Local\Windows Live
2012-01-09 10:03 . 2012-01-09 10:03 -------- d-----w- c:\program files\Common Files\Windows Live
2012-01-07 15:03 . 2012-01-07 15:03 -------- d--h--w- c:\users\Kristin Hilder\AppData\Local\Apple
2012-01-07 13:11 . 2012-01-09 00:08 -------- d--h--w- c:\users\Kristin Hilder\AppData\Local\CrashDumps
2012-01-07 12:04 . 2012-01-07 12:04 -------- d--h--w- c:\users\Kristin Hilder\AppData\Local\Apple Computer
2012-01-07 08:00 . 2012-01-08 07:16 -------- d--h--w- c:\users\Kristin Hilder\AppData\Roaming\Apple Computer
2012-01-06 23:42 . 2012-01-06 23:42 -------- d-----w- c:\program files\DivX
2012-01-06 23:40 . 2012-01-06 23:40 -------- d--h--w- c:\users\BC Native Housing\AppData\Local\Mozilla
2011-12-30 01:50 . 2011-11-15 22:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-30 00:38 . 2011-12-30 00:38 -------- d-----w- c:\program files\CCleaner
2011-12-29 08:00 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-29 08:00 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-29 07:59 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-29 07:59 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 07:59 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-29 07:59 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-29 07:59 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-29 07:57 . 2011-12-29 07:57 -------- d--h--w- c:\users\BC Native Housing\AppData\Local\Apple Computer
2011-12-29 07:57 . 2011-12-29 07:58 -------- d--h--w- c:\users\BC Native Housing\AppData\Roaming\Apple Computer
2011-12-29 07:54 . 2011-12-29 07:54 -------- d-----w- c:\program files\iPod
2011-12-29 07:54 . 2012-01-09 11:35 -------- d-----w- c:\programdata\Apple Computer
2011-12-29 07:54 . 2011-12-29 07:56 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-29 07:54 . 2011-12-29 07:56 -------- d-----w- c:\program files\iTunes
2011-12-29 07:53 . 2011-12-29 07:53 -------- d--h--w- c:\users\BC Native Housing\AppData\Local\Apple
2011-12-29 07:53 . 2011-12-29 07:53 -------- d-----w- c:\program files\Apple Software Update
2011-12-29 07:50 . 2011-12-29 07:50 -------- d-----w- c:\program files\Bonjour
2011-12-29 07:50 . 2012-01-09 11:35 -------- d-----w- c:\programdata\Apple
2011-12-29 07:50 . 2011-12-29 07:54 -------- d-----w- c:\program files\Common Files\Apple
2011-12-29 07:43 . 2011-12-29 07:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-08 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-02 151552]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-08-01 815104]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-02 151552]
.
c:\users\Kristin Hilder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-18 21504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-1 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 04:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-10 05:00:34
ComboFix-quarantined-files.txt 2012-01-10 13:00
.
Pre-Run: 60,643,799,040 bytes free
Post-Run: 60,664,033,280 bytes free
.
- - End Of File - - 39DFDDCB13849667DF05B519E00DB632
larnault
Active Member
 
Posts: 10
Joined: January 7th, 2012, 4:36 am

Re: help

Unread postby askey127 » January 10th, 2012, 9:15 am

larnault,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    IE - HKU\S-1-5-21-4051198292-3032509420-350528711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [RESETHOSTS]
    [CLEARALLRESTOREPOINTS]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1011_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.

Tell me what you see about the machine's behavior.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 118 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware