Help - Search - Members
Full Version: Internet freezes
Piriform Community Forums > Computer Help and Discussion > Spyware Hell
LostinPCLand
Sep 16 2009, 02:54 AM
While web surfing my browser will suddenly stop, saying it's waiting for response from site. This happens with either IE or Firefox although more likely with IE. After this happens I have to reboot before I can get to any website again, and it takes a long time to log off. Also with IE when clicking on a link sometimes it will jump to some bogus "your computer is infected" site trying to look like a legitimate malware scan.

My log files:

Malwarebytes' Anti-Malware 1.41
Database version: 2804
Windows 6.0.6002 Service Pack 2

9/15/2009 7:51:46 PM
mbam-log-2009-09-15 (19-51-46).txt

Scan type: Quick Scan
Objects scanned: 80407
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:51 Go - Free:30 Go )
D:\ [Fixed-NTFS] .. ( Total:50 Go - Free:49 Go )
E:\ [CD_Rom]
.
Scan : 20:39.39
Path : C:\Users\Pat\Desktop\Rooter.exe
User : Pat ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (456)
______ C:\Windows\system32\csrss.exe (588)
______ C:\Windows\system32\wininit.exe (632)
______ C:\Windows\system32\csrss.exe (640)
______ C:\Windows\system32\services.exe (676)
______ C:\Windows\system32\lsass.exe (688)
______ C:\Windows\system32\lsm.exe (700)
______ C:\Windows\system32\winlogon.exe (780)
______ C:\Windows\system32\svchost.exe (872)
______ C:\Windows\system32\svchost.exe (952)
______ C:\Windows\System32\svchost.exe (988)
______ C:\Windows\System32\svchost.exe (1044)
______ C:\Windows\System32\svchost.exe (1076)
______ C:\Windows\system32\svchost.exe (1116)
Locked audiodg.exe (1184)
______ C:\Windows\system32\svchost.exe (1204)
______ C:\Windows\system32\SLsvc.exe (1220)
______ C:\Windows\system32\svchost.exe (1256)
______ C:\Windows\system32\svchost.exe (1476)
Locked vsmon.exe (1572)
______ C:\Windows\system32\WLANExt.exe (1832)
______ D:\Program Files\Avast\aswUpdSv.exe (1980)
______ D:\Program Files\Avast\ashServ.exe (2000)
______ C:\Windows\System32\spoolsv.exe (936)
______ C:\Windows\system32\taskeng.exe (1176)
______ C:\Windows\system32\svchost.exe (1212)
______ C:\Windows\system32\taskeng.exe (1752)
______ C:\Windows\system32\agrsmsvc.exe (2168)
______ C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (2184)
______ C:\Acer\Empowering Technology\eNet\eNet Service.exe (2292)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (2360)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2400)
______ C:\Windows\system32\lxdccoms.exe (2428)
______ C:\Acer\Mobility Center\MobilityService.exe (2448)
______ C:\Windows\system32\svchost.exe (2488)
______ C:\Program Files\CyberLink\Shared Files\RichVideo.exe (2540)
______ C:\Windows\System32\svchost.exe (2652)
______ C:\Windows\system32\SearchIndexer.exe (2684)
______ C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (2732)
______ C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (2796)
______ C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (2840)
______ C:\Windows\system32\wbem\wmiprvse.exe (2976)
______ C:\Windows\system32\wbem\unsecapp.exe (3040)
______ D:\Program Files\Avast\ashMaiSv.exe (3208)
______ D:\Program Files\Avast\ashWebSv.exe (3240)
______ C:\Windows\system32\wbem\wmiprvse.exe (3268)
______ C:\Windows\system32\Dwm.exe (3556)
______ C:\Windows\Explorer.EXE (3616)
______ C:\Program Files\Windows Defender\MSASCui.exe (3700)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3712)
______ C:\Windows\RtHDVCpl.exe (3748)
______ C:\Program Files\Synaptics\SynTP\SynTPStart.exe (3820)
______ C:\Acer\Empowering Technology\eAudio\eAudio.exe (3848)
______ C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (3868)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2076)
______ C:\Program Files\Launch Manager\QtZgAcer.EXE (836)
______ C:\Windows\System32\igfxtray.exe (2304)
______ C:\Windows\System32\hkcmd.exe (2484)
______ C:\Windows\System32\igfxpers.exe (2632)
Locked zlclient.exe (2032)
______ D:\Program Files\Avast\ashDisp.exe (2828)
______ C:\Program Files\Windows Sidebar\sidebar.exe (900)
______ C:\Users\Pat\AppData\Local\Temp\RtkBtMnt.exe (2088)
______ C:\Windows\system32\igfxsrvc.exe (1384)
______ C:\Windows\system32\igfxext.exe (2096)
______ C:\Windows\system32\igfxsrvc.exe (3692)
______ D:\Program Files\Firefox\firefox.exe (5724)
______ C:\Windows\system32\NOTEPAD.EXE (4252)
______ C:\Windows\system32\DllHost.exe (3548)
______ C:\Windows\system32\DllHost.exe (2992)
______ C:\Users\Pat\Desktop\Rooter.exe (2604)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:10478974464)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:10479468544 | Length:54914973696)
\Device\Harddisk0\Partition3 (Start_Offset:65394442240 | Length:54638149632)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{417481A6-3546-42E2-8E2B-2320C2089556}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:39.40
.
C:\Rooter$\Rooter_4.txt - (15/09/2009 | 20:39.40)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/15 20:41
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x87FCF000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8C800000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA971D000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1184 Status: Locked to the Windows API!

SSDT
-------------------
#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f9880

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f94e0

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f6828

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90cd9c

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f9c36

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90aaf8

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90ad12

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90e780

#: 115 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f9cde

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f6d0a

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90d698

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90d414

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90a4f8

#: 166 Function Name: NtLoadKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90dbc6

#: 167 Function Name: NtLoadKey2
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90dc3e

#: 168 Function Name: NtLoadKeyEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90dd2e

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f6ba2

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90bf18

#: 267 Function Name: NtRenameKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90e370

#: 268 Function Name: NtReplaceKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90dda6

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f916a

#: 280 Function Name: NtRestoreKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90e1b0

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f9680

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c8f6ef8

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90d11a

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90b486

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90b362

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c90af30

==EOF==


OTL logfile created on: 9/15/2009 8:43:07 PM - Run 2
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Pat\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.56% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 30.45 Gb Free Space | 59.53% Space Free | Partition Type: NTFS
Drive D: | 50.89 Gb Total Space | 49.46 Gb Free Space | 97.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAT-PC
Current User Name: Pat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\aswUpdSv.exe
PRC - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashServ.exe
PRC - [2006/10/05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/01 18:42:36 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/12/20 13:32:04 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/10/03 17:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2007/01/17 13:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/05/25 09:38:20 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
PRC - [2007/11/27 20:54:36 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/12/04 13:58:12 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/09/10 15:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/12/19 20:09:22 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/09/20 15:57:28 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashMaiSv.exe
PRC - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashWebSv.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/20 21:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/03 17:44:58 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/05/28 03:29:00 | 04,472,832 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/29 22:47:22 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/10/10 08:41:54 | 01,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/01/22 11:14:24 | 00,200,704 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2007/11/29 22:47:22 | 01,021,224 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/02 08:17:28 | 00,707,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/12/23 11:02:54 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/12/23 11:02:22 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/12/23 11:02:50 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program Files\ZoneAlarm\zlclient.exe
PRC - [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashDisp.exe
PRC - [2009/04/11 01:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/09/15 19:44:50 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Pat\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008/12/23 11:02:52 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/12/23 11:02:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/12/23 11:02:52 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/08/24 15:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Firefox\firefox.exe
PRC - [2009/09/15 13:16:20 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 21:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2007/10/01 18:42:36 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService [Auto | Running])
SRV - [2007/12/20 13:32:04 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service [Auto | Running])
SRV - [2007/09/10 15:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
SRV - [2007/12/19 20:09:22 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService [Auto | Running])
SRV - [2009/04/11 01:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/10/03 17:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/01/17 13:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/05/25 09:38:20 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device [Auto | Running])
SRV - [2007/11/27 20:54:36 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/12/04 13:58:12 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/09/20 15:57:28 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService [Auto | Running])
SRV - [2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://drudgereport.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 03:01:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Firefox\components [2009/09/15 11:17:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Firefox\plugins [2009/09/15 11:17:44 | 00,000,000 | ---D | M]

[2009/09/15 11:18:06 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\mozilla\Extensions
[2009/09/15 11:18:06 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/15 11:42:55 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\mozilla\Firefox\Profiles\y11hos43.default\extensions
[2009/09/15 11:42:55 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\mozilla\Firefox\Profiles\y11hos43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] D:\Program Files\Avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.0.12
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/15 19:33:25 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Seven Zip
[2009/09/15 13:16:18 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
[2009/09/15 13:13:23 | 00,000,000 | ---- | C] () -- C:\Users\Pat\Desktop\settings.dat
[2009/09/15 13:09:35 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/15 13:08:24 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Pat\Desktop\Rooter.exe
[2009/09/15 12:30:03 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/09/15 12:21:23 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Malwarebytes
[2009/09/15 12:21:20 | 00,000,620 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/15 12:21:17 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/15 12:21:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/15 12:21:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/15 12:13:37 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Pat\Desktop\TFC.exe
[2009/09/15 12:12:32 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/15 12:12:12 | 00,000,737 | ---- | C] () -- C:\Users\Pat\Desktop\NTREGOPT.lnk
[2009/09/15 12:12:12 | 00,000,718 | ---- | C] () -- C:\Users\Pat\Desktop\ERUNT.lnk
[2009/09/15 12:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/15 12:08:48 | 00,794,112 | ---- | C] () -- C:\Users\Pat\Desktop\The_Comedian.exe
[2009/09/15 11:48:40 | 00,000,712 | ---- | C] () -- C:\Users\Pat\Desktop\CCleaner.lnk
[2009/09/15 11:17:49 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Mozilla
[2009/09/15 11:17:49 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Mozilla
[2009/09/15 11:17:47 | 00,000,696 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/09/13 19:34:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/09/13 19:34:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/09/13 19:34:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/09/13 19:22:03 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/09/13 19:11:59 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/09/13 19:11:59 | 00,000,687 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/09/13 19:11:58 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/09/13 19:11:57 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/09/13 19:11:56 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/09/13 19:11:56 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/09/13 19:11:41 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/09/13 19:11:33 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/09/13 19:11:33 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/09/13 19:06:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/09/13 18:46:06 | 00,006,080 | ---- | C] () -- C:\Users\Pat\AppData\Local\d3d9caps.dat
[2009/09/13 18:26:44 | 00,350,192 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2009/09/13 18:26:44 | 00,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2009/09/13 18:25:17 | 00,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2009/09/13 18:24:59 | 00,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2009/09/12 20:45:46 | 01,676,869 | ---- | C] () -- D:\Documents\IL444-2378B.pdf
[2009/09/10 16:17:42 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Yahoo
[2009/09/10 03:29:32 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/09/10 03:29:27 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/09/10 03:29:07 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/09/10 03:29:03 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 03:29:02 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 03:28:58 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/09/10 03:28:57 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/09/10 03:28:47 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/09/10 03:28:17 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/09/10 03:28:12 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/09/10 03:26:25 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/09/10 03:26:05 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/09/09 18:34:33 | 00,000,754 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009/09/09 18:34:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2009/09/09 15:31:56 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/09/09 15:31:40 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/09/09 15:20:32 | 00,000,000 | ---D | C] -- C:\Program Files\lx_Cats
[2009/09/09 13:57:31 | 00,000,000 | ---D | C] -- C:\logs
[2009/09/09 13:45:02 | 00,000,000 | ---D | C] -- C:\drivers
[2009/09/09 10:36:00 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/08 20:33:17 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Adobe
[2009/09/06 18:37:16 | 00,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{417481A6-3546-42E2-8E2B-2320C2089556}.job
[2009/09/06 17:01:57 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/09/06 15:24:02 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/06 15:23:44 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/09/06 15:22:18 | 00,000,003 | ---- | C] () -- C:\Windows\AFirst.cmd
[2009/09/06 15:22:17 | 17,730,504 | ---- | C] (Acer Incorporated) -- C:\Windows\eRy.exe
[2009/09/06 15:22:12 | 00,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2009/09/06 15:22:11 | 00,004,398 | ---- | C] () -- C:\Windows\CLEANUP.CMD
[2009/09/06 15:22:11 | 00,000,294 | ---- | C] () -- C:\Windows\offline.reg
[2009/09/06 15:22:11 | 00,000,155 | ---- | C] () -- C:\Windows\IR.reg
[2009/09/06 15:22:11 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2009/09/06 15:22:11 | 00,000,023 | ---- | C] () -- C:\Windows\System32\$Acer$.cmd
[2009/09/06 14:35:58 | 21,374,48448 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/06 14:34:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2009/09/06 14:33:09 | 00,613,940 | ---- | C] () -- C:\Windows\System32\oem16.inf
[2009/09/06 14:32:58 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/09/06 14:25:08 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/09/06 14:12:19 | 00,026,087 | ---- | C] () -- D:\Documents\FixMyAcer.htm
[2009/09/06 12:58:08 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Adobe
[2009/09/06 12:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\Vic512WA
[2009/09/06 12:54:21 | 00,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2009/09/06 12:53:41 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Leadertech
[2009/09/06 12:53:41 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Acer
[2009/09/06 12:53:30 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\PlayMovie
[2009/09/06 12:51:18 | 02,302,445 | -H-- | C] () -- C:\Users\Pat\AppData\Local\IconCache.db
[2009/09/06 12:49:45 | 00,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe
[2009/09/06 12:49:45 | 00,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss
[2009/09/06 12:49:44 | 00,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe
[2009/09/06 12:49:44 | 00,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009/09/06 12:49:44 | 00,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2009/09/06 12:49:16 | 00,000,000 | ---D | C] -- C:\Program Files\Acer
[2009/09/06 12:48:21 | 00,000,083 | ---- | C] () -- C:\Windows\QtZgAcer.UNI
[2009/09/06 12:48:19 | 00,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2009/09/06 12:48:04 | 00,040,960 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2009/09/06 12:45:45 | 00,050,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2009/09/06 12:45:04 | 00,000,000 | ---D | C] -- C:\Windows\Options
[2009/09/06 12:44:26 | 00,000,000 | -H-D | C] -- C:\Users\Pat\AppData\Local\acer eNM
[2009/09/06 12:44:03 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/09/06 12:44:00 | 00,069,272 | ---- | C] () -- C:\Users\Pat\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/06 12:43:40 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Identities
[2009/09/06 12:43:11 | 83,554,304 | ---- | C] () -- C:\Windows\System32\acer.scr
[2009/09/06 12:43:11 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Macromedia
[2009/09/06 12:43:03 | 00,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2009/09/06 12:43:01 | 00,000,000 | ---D | C] -- C:\Windows\ACER
[2009/09/06 12:42:25 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\VirtualStore
[2009/09/06 12:42:18 | 00,016,070 | ---- | C] () -- C:\Windows\System32\results.xml
[2009/09/06 12:41:54 | 00,000,000 | -HSD | C] -- C:\Users\Pat\AppData\Local\Temporary Internet Files
[2009/09/06 12:41:54 | 00,000,000 | -HSD | C] -- C:\Users\Pat\AppData\Local\History
[2009/09/06 12:41:54 | 00,000,000 | -HSD | C] -- C:\Users\Pat\AppData\Local\Application Data
[2009/09/06 12:41:53 | 00,000,000 | --SD | C] -- C:\Users\Pat\AppData\Roaming\Microsoft
[2009/09/06 12:41:53 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Media Center Programs
[2009/09/06 12:41:53 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Acer GameZone Console
[2009/09/06 12:41:53 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Temp
[2009/09/06 12:41:53 | 00,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Microsoft
[2009/09/06 12:08:52 | 00,007,078 | ---- | C] () -- D:\Documents\bookmark.htm
[2009/09/01 22:13:14 | 00,000,000 | ---D | C] -- D:\Documents\Legacy Charts
[2009/09/01 21:40:29 | 00,000,000 | ---D | C] -- D:\Documents\MyHeritage

========== Files - Modified Within 14 Days ==========

[2009/09/15 19:49:21 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/15 19:49:21 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/15 19:49:21 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/15 19:44:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/15 19:44:27 | 00,350,192 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2009/09/15 19:44:25 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/15 19:44:25 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/15 19:44:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/15 19:44:16 | 21,374,48448 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/15 19:31:01 | 00,069,272 | ---- | M] () -- C:\Users\Pat\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/15 19:30:00 | 00,294,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/15 19:28:47 | 02,302,445 | -H-- | M] () -- C:\Users\Pat\AppData\Local\IconCache.db
[2009/09/15 14:53:18 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{417481A6-3546-42E2-8E2B-2320C2089556}.job
[2009/09/15 13:16:20 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
[2009/09/15 13:13:23 | 00,000,000 | ---- | M] () -- C:\Users\Pat\Desktop\settings.dat
[2009/09/15 13:12:59 | 00,472,064 | ---- | M] ( ) -- C:\Users\Pat\Desktop\RootRepeal.exe
[2009/09/15 13:08:25 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Pat\Desktop\Rooter.exe
[2009/09/15 12:21:20 | 00,000,620 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/15 12:13:38 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\TFC.exe
[2009/09/15 12:12:12 | 00,000,737 | ---- | M] () -- C:\Users\Pat\Desktop\NTREGOPT.lnk
[2009/09/15 12:12:12 | 00,000,718 | ---- | M] () -- C:\Users\Pat\Desktop\ERUNT.lnk
[2009/09/15 12:08:50 | 00,794,112 | ---- | M] () -- C:\Users\Pat\Desktop\The_Comedian.exe
[2009/09/15 11:48:40 | 00,000,712 | ---- | M] () -- C:\Users\Pat\Desktop\CCleaner.lnk
[2009/09/15 11:17:47 | 00,000,696 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/09/15 11:13:40 | 00,006,080 | ---- | M] () -- C:\Users\Pat\AppData\Local\d3d9caps.dat
[2009/09/13 19:11:59 | 00,000,687 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/09/13 19:11:56 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/09/12 20:45:46 | 01,676,869 | ---- | M] () -- D:\Documents\IL444-2378B.pdf
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/09 18:34:33 | 00,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009/09/09 15:31:56 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/09/06 15:22:18 | 00,000,003 | ---- | M] () -- C:\Windows\AFirst.cmd
[2009/09/06 14:37:00 | 00,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/09/06 14:12:19 | 00,026,087 | ---- | M] () -- D:\Documents\FixMyAcer.htm
[2009/09/06 13:29:54 | 00,016,070 | ---- | M] () -- C:\Windows\System32\results.xml
[2009/09/06 12:54:40 | 00,000,122 | ---- | M] () -- C:\Windows\Alaunch.ini
[2009/09/06 12:54:21 | 00,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2009/09/06 12:48:21 | 00,000,083 | ---- | M] () -- C:\Windows\QtZgAcer.UNI
[2009/09/06 12:42:23 | 00,004,398 | ---- | M] () -- C:\Windows\CLEANUP.CMD
[2009/09/06 12:08:52 | 00,007,078 | ---- | M] () -- D:\Documents\bookmark.htm

========== LOP Check ==========

[2009/09/15 12:21:23 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming
[2009/09/06 12:53:42 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Acer
[2008/03/14 01:21:06 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Acer GameZone Console
[2009/09/06 12:53:41 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Leadertech
[2006/11/02 07:37:34 | 00,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Media Center Programs
[2009/09/15 19:44:31 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/15 19:43:30 | 00,018,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/15 14:53:18 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{417481A6-3546-42E2-8E2B-2320C2089556}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/08/16 08:49:12 | 00,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
< End of report >
SpySentinel
Sep 16 2009, 04:58 AM
Hi LostinPCLand, welcome to the Piriform Community Forum smile.gif



Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
LostinPCLand
Sep 16 2009, 12:43 PM
Thank you for your prompt reply. I ran the scan and it said no threats found.
SpySentinel
Sep 16 2009, 02:18 PM
You're welcome.


I would like to have you run a deep scan to make sure nothing is hiding:


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
LostinPCLand
Sep 16 2009, 03:25 PM
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pat at 2009-09-16 10:22:03
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 29 GB (54%) free of 52 GB
Total RAM: 2038 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:34 AM, on 9/16/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
D:\Program Files\ZoneAlarm\zlclient.exe
D:\Program Files\Avast\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Pat\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
D:\Program Files\Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pat\Desktop\RSIT.exe
C:\Program Files\trend micro\Pat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 6996 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{417481A6-3546-42E2-8E2B-2320C2089556}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-16 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-28 4472832]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-11-29 102400]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-10-10 1286144]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2008-01-22 200704]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-01-02 707080]
"Acer Product Registration"=C:\Program Files\Acer\Acer Registration\ACE1.exe [2007-11-26 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer\Acer Assist\launcher.exe [2007-11-19 1261568]
"eRecoveryService"= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-12-23 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-12-23 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-12-23 154136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"ZoneAlarm Client"=D:\Program Files\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"avast!"=D:\PROGRA~1\Avast\ashDisp.exe [2009-08-17 81000]
"Skytel"=C:\Windows\Skytel.exe [2007-05-28 1826816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-16 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-14 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
C:\PROGRA~1\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-12-23 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-16 10:22:09 ----D---- C:\Program Files\trend micro
2009-09-16 10:22:03 ----D---- C:\rsit
2009-09-16 00:11:44 ----D---- C:\Windows\Sun
2009-09-16 00:08:11 ----A---- C:\Windows\system32\javaws.exe
2009-09-16 00:08:11 ----A---- C:\Windows\system32\javaw.exe
2009-09-16 00:08:11 ----A---- C:\Windows\system32\java.exe
2009-09-16 00:08:11 ----A---- C:\Windows\system32\deploytk.dll
2009-09-16 00:07:41 ----D---- C:\Program Files\Java
2009-09-15 23:31:17 ----D---- C:\Program Files\Common Files\McAfee
2009-09-15 23:31:05 ----D---- C:\Program Files\McAfee
2009-09-15 20:41:06 ----A---- C:\RootRepeal report 09-15-09 (20-41-06).txt
2009-09-15 13:14:06 ----A---- C:\RootRepeal report 09-15-09 (13-14-06).txt
2009-09-15 13:09:35 ----D---- C:\Rooter$
2009-09-15 12:30:03 ----D---- C:\Windows\pss
2009-09-15 12:21:23 ----D---- C:\Users\Pat\AppData\Roaming\Malwarebytes
2009-09-15 12:21:16 ----D---- C:\ProgramData\Malwarebytes
2009-09-15 12:12:32 ----D---- C:\Windows\ERDNT
2009-09-15 12:12:12 ----D---- C:\Program Files\ERUNT
2009-09-15 11:17:49 ----D---- C:\Users\Pat\AppData\Roaming\Mozilla
2009-09-13 19:34:22 ----D---- C:\Windows\system32\eu-ES
2009-09-13 19:34:22 ----D---- C:\Windows\system32\ca-ES
2009-09-13 19:34:21 ----D---- C:\Windows\system32\vi-VN
2009-09-13 19:22:03 ----D---- C:\Windows\system32\EventProviders
2009-09-13 19:11:33 ----A---- C:\Windows\system32\aswBoot.exe
2009-09-13 19:06:34 ----D---- C:\ProgramData\Lavasoft
2009-09-13 18:27:45 ----A---- C:\Windows\system32\vsregexp.dll
2009-09-13 18:27:41 ----A---- C:\Windows\system32\zlcommdb.dll
2009-09-13 18:27:41 ----A---- C:\Windows\system32\zlcomm.dll
2009-09-13 18:27:36 ----A---- C:\Windows\system32\vswmi.dll
2009-09-13 18:27:32 ----A---- C:\Windows\system32\zpeng25.dll
2009-09-13 18:27:32 ----A---- C:\Windows\system32\vsxml.dll
2009-09-13 18:27:31 ----A---- C:\Windows\system32\vspubapi.dll
2009-09-13 18:27:31 ----A---- C:\Windows\system32\vsmonapi.dll
2009-09-13 18:27:29 ----A---- C:\Windows\system32\vsdata.dll
2009-09-13 18:26:44 ----D---- C:\Windows\system32\ZoneLabs
2009-09-13 18:25:17 ----D---- C:\ProgramData\CheckPoint
2009-09-13 18:25:15 ----A---- C:\Windows\system32\vsutil.dll
2009-09-13 18:25:15 ----A---- C:\Windows\system32\vsinit.dll
2009-09-13 18:24:59 ----D---- C:\Windows\Internet Logs
2009-09-10 03:30:46 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-10 03:30:39 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-10 03:30:39 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-10 03:30:35 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-10 03:30:35 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-10 03:30:31 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-10 03:30:28 ----A---- C:\Windows\system32\mssrch.dll
2009-09-10 03:30:24 ----A---- C:\Windows\system32\tquery.dll
2009-09-10 03:30:21 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-10 03:30:20 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-10 03:30:19 ----A---- C:\Windows\system32\scavenge.dll
2009-09-10 03:30:19 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-10 03:30:16 ----A---- C:\Windows\system32\msi.dll
2009-09-10 03:30:14 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-10 03:30:13 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-10 03:30:12 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-10 03:30:12 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-10 03:30:12 ----A---- C:\Windows\system32\sysmain.dll
2009-09-10 03:30:09 ----A---- C:\Windows\system32\icardagt.exe
2009-09-10 03:30:07 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-10 03:30:07 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-09-10 03:30:04 ----A---- C:\Windows\system32\spreview.exe
2009-09-10 03:30:04 ----A---- C:\Windows\system32\spinstall.exe
2009-09-10 03:30:04 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-10 03:30:01 ----A---- C:\Windows\system32\spwizui.dll
2009-09-10 03:30:01 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-10 03:30:00 ----A---- C:\Windows\system32\shell32.dll
2009-09-10 03:30:00 ----A---- C:\Windows\system32\secproc.dll
2009-09-10 03:29:58 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-10 03:29:58 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-10 03:29:57 ----A---- C:\Windows\system32\mssvp.dll
2009-09-10 03:29:56 ----A---- C:\Windows\system32\mscoree.dll
2009-09-10 03:29:55 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-10 03:29:55 ----A---- C:\Windows\system32\mssph.dll
2009-09-10 03:29:55 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-09-10 03:29:54 ----A---- C:\Windows\system32\imapi2.dll
2009-09-10 03:29:52 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-10 03:29:52 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-09-10 03:29:51 ----A---- C:\Windows\system32\esent.dll
2009-09-10 03:29:50 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-10 03:29:50 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-10 03:29:48 ----A---- C:\Windows\system32\sperror.dll
2009-09-10 03:29:48 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-10 03:29:48 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-10 03:29:47 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-10 03:29:47 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-10 03:29:46 ----A---- C:\Windows\system32\SLC.dll
2009-09-10 03:29:46 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-10 03:29:46 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-10 03:29:45 ----A---- C:\Windows\system32\msshsq.dll
2009-09-10 03:29:42 ----A---- C:\Windows\system32\msjet40.dll
2009-09-10 03:29:42 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-10 03:29:41 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-09-10 03:29:41 ----A---- C:\Windows\system32\msxml6.dll
2009-09-10 03:29:39 ----A---- C:\Windows\system32\Query.dll
2009-09-10 03:29:39 ----A---- C:\Windows\system32\qmgr.dll
2009-09-10 03:29:38 ----A---- C:\Windows\system32\msexch40.dll
2009-09-10 03:29:38 ----A---- C:\Windows\system32\diagperf.dll
2009-09-10 03:29:37 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-10 03:29:37 ----A---- C:\Windows\system32\ole32.dll
2009-09-10 03:29:36 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-10 03:29:36 ----A---- C:\Windows\system32\ntdll.dll
2009-09-10 03:29:35 ----A---- C:\Windows\system32\winload.exe
2009-09-10 03:29:35 ----A---- C:\Windows\system32\msxml3.dll
2009-09-10 03:29:35 ----A---- C:\Windows\system32\mblctr.exe
2009-09-10 03:29:34 ----A---- C:\Windows\system32\uDWM.dll
2009-09-10 03:29:34 ----A---- C:\Windows\system32\mmc.exe
2009-09-10 03:29:34 ----A---- C:\Windows\system32\EncDec.dll
2009-09-10 03:29:33 ----A---- C:\Windows\system32\riched20.dll
2009-09-10 03:29:33 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-10 03:29:33 ----A---- C:\Windows\system32\dfsr.exe
2009-09-10 03:29:32 ----A---- C:\Windows\system32\fdBth.dll
2009-09-10 03:29:31 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-10 03:29:29 ----A---- C:\Windows\system32\kernel32.dll
2009-09-10 03:29:28 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-10 03:29:28 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-10 03:29:28 ----A---- C:\Windows\system32\milcore.dll
2009-09-10 03:29:28 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-10 03:29:27 ----A---- C:\Windows\system32\spoolss.dll
2009-09-10 03:29:27 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-10 03:29:27 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-10 03:29:26 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-10 03:29:25 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-09-10 03:29:24 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-10 03:29:24 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-10 03:29:24 ----A---- C:\Windows\system32\gpedit.dll
2009-09-10 03:29:23 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-10 03:29:22 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-10 03:29:21 ----A---- C:\Windows\system32\es.dll
2009-09-10 03:29:20 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-09-10 03:29:20 ----A---- C:\Windows\system32\Magnify.exe
2009-09-10 03:29:19 ----A---- C:\Windows\system32\mstext40.dll
2009-09-10 03:29:19 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-09-10 03:29:18 ----A---- C:\Windows\system32\advapi32.dll
2009-09-10 03:29:16 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-10 03:29:16 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-10 03:29:15 ----A---- C:\Windows\system32\slwmi.dll
2009-09-10 03:29:15 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-10 03:29:15 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-10 03:29:14 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-10 03:29:14 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-10 03:29:13 ----A---- C:\Windows\system32\vssapi.dll
2009-09-10 03:29:12 ----A---- C:\Windows\system32\authui.dll
2009-09-10 03:29:11 ----A---- C:\Windows\system32\NetProjW.dll
2009-09-10 03:29:10 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-10 03:29:10 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-10 03:29:09 ----A---- C:\Windows\system32\propsys.dll
2009-09-10 03:29:09 ----A---- C:\Windows\system32\newdev.dll
2009-09-10 03:29:08 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-10 03:29:08 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-10 03:29:08 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-10 03:29:08 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-10 03:29:08 ----A---- C:\Windows\system32\crypt32.dll
2009-09-10 03:29:07 ----A---- C:\Windows\system32\rpcss.dll
2009-09-10 03:29:07 ----A---- C:\Windows\explorer.exe
2009-09-10 03:29:06 ----A---- C:\Windows\system32\setupapi.dll
2009-09-10 03:29:05 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-10 03:29:05 ----A---- C:\Windows\system32\d3d9.dll
2009-09-10 03:29:04 ----A---- C:\Windows\system32\msltus40.dll
2009-09-10 03:29:04 ----A---- C:\Windows\system32\davclnt.dll
2009-09-10 03:29:03 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-10 03:29:03 ----A---- C:\Windows\system32\mfc42.dll
2009-09-10 03:29:03 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-10 03:29:02 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-10 03:29:02 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-10 03:29:02 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-10 03:29:01 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-10 03:29:01 ----A---- C:\Windows\system32\photowiz.dll
2009-09-10 03:29:01 ----A---- C:\Windows\system32\browseui.dll
2009-09-10 03:29:00 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-10 03:28:59 ----A---- C:\Windows\system32\user32.dll
2009-09-10 03:28:58 ----A---- C:\Windows\system32\samsrv.dll
2009-09-10 03:28:58 ----A---- C:\Windows\system32\ci.dll
2009-09-10 03:28:57 ----A---- C:\Windows\system32\win32spl.dll
2009-09-10 03:28:57 ----A---- C:\Windows\system32\quartz.dll
2009-09-10 03:28:56 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-10 03:28:56 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-10 03:28:56 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-10 03:28:55 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-10 03:28:55 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-10 03:28:54 ----A---- C:\Windows\system32\netshell.dll
2009-09-10 03:28:54 ----A---- C:\Windows\system32\compcln.exe
2009-09-10 03:28:53 ----A---- C:\Windows\system32\winhttp.dll
2009-09-10 03:28:53 ----A---- C:\Windows\system32\apds.dll
2009-09-10 03:28:52 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-10 03:28:52 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-10 03:28:52 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-10 03:28:51 ----A---- C:\Windows\system32\msctf.dll
2009-09-10 03:28:51 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-10 03:28:50 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-10 03:28:50 ----A---- C:\Windows\system32\gdi32.dll
2009-09-10 03:28:49 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-10 03:28:49 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-10 03:28:48 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-10 03:28:48 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-10 03:28:47 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-10 03:28:47 ----A---- C:\Windows\system32\SLUI.exe
2009-09-10 03:28:47 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-10 03:28:47 ----A---- C:\Windows\system32\eapphost.dll
2009-09-10 03:28:45 ----A---- C:\Windows\system32\winresume.exe
2009-09-10 03:28:45 ----A---- C:\Windows\system32\propdefs.dll
2009-09-10 03:28:45 ----A---- C:\Windows\system32\odbc32.dll
2009-09-10 03:28:44 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-10 03:28:42 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-10 03:28:42 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-10 03:28:42 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-10 03:28:40 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-10 03:28:40 ----A---- C:\Windows\system32\swprv.dll
2009-09-10 03:28:40 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-10 03:28:39 ----A---- C:\Windows\system32\usp10.dll
2009-09-10 03:28:38 ----A---- C:\Windows\system32\vds.exe
2009-09-10 03:28:37 ----A---- C:\Windows\system32\msctfp.dll
2009-09-10 03:28:37 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-10 03:28:37 ----A---- C:\Windows\system32\drvinst.exe
2009-09-10 03:28:37 ----A---- C:\Windows\system32\devmgr.dll
2009-09-10 03:28:36 ----A---- C:\Windows\system32\netlogon.dll
2009-09-10 03:28:36 ----A---- C:\Windows\system32\msscb.dll
2009-09-10 03:28:36 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-10 03:28:36 ----A---- C:\Windows\system32\BFE.DLL
2009-09-10 03:28:36 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-10 03:28:35 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-10 03:28:35 ----A---- C:\Windows\system32\evr.dll
2009-09-10 03:28:34 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-10 03:28:34 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-10 03:28:34 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-10 03:28:33 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-10 03:28:32 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-10 03:28:32 ----A---- C:\Windows\system32\services.exe
2009-09-10 03:28:31 ----A---- C:\Windows\system32\wercon.exe
2009-09-10 03:28:30 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-10 03:28:30 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-10 03:28:30 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-10 03:28:30 ----A---- C:\Windows\system32\adtschema.dll
2009-09-10 03:28:29 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-10 03:28:29 ----A---- C:\Windows\system32\msdrm.dll
2009-09-10 03:28:29 ----A---- C:\Windows\system32\certcli.dll
2009-09-10 03:28:28 ----A---- C:\Windows\system32\taskeng.exe
2009-09-10 03:28:28 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-10 03:28:28 ----A---- C:\Windows\system32\msjter40.dll
2009-09-10 03:28:28 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-10 03:28:28 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-10 03:28:27 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-10 03:28:27 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-10 03:28:27 ----A---- C:\Windows\system32\reg.exe
2009-09-10 03:28:27 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-10 03:28:27 ----A---- C:\Windows\system32\certutil.exe
2009-09-10 03:28:26 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-10 03:28:26 ----A---- C:\Windows\system32\w32time.dll
2009-09-10 03:28:25 ----A---- C:\Windows\system32\msshooks.dll
2009-09-10 03:28:25 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-10 03:28:25 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-10 03:28:24 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-10 03:28:24 ----A---- C:\Windows\system32\bthserv.dll
2009-09-10 03:28:23 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-10 03:28:23 ----A---- C:\Windows\system32\msihnd.dll
2009-09-10 03:28:22 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-10 03:28:22 ----A---- C:\Windows\system32\msstrc.dll
2009-09-10 03:28:22 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-10 03:28:21 ----A---- C:\Windows\system32\netapi32.dll
2009-09-10 03:28:21 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-10 03:28:21 ----A---- C:\Windows\system32\dfshim.dll
2009-09-10 03:28:20 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-10 03:28:20 ----A---- C:\Windows\system32\mscories.dll
2009-09-10 03:28:20 ----A---- C:\Windows\system32\inetpp.dll
2009-09-10 03:28:20 ----A---- C:\Windows\system32\hidserv.dll
2009-09-10 03:28:20 ----A---- C:\Windows\system32\fundisc.dll
2009-09-10 03:28:20 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-10 03:28:19 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-10 03:28:19 ----A---- C:\Windows\system32\termsrv.dll
2009-09-10 03:28:19 ----A---- C:\Windows\system32\profsvc.dll
2009-09-10 03:28:19 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-10 03:28:17 ----A---- C:\Windows\system32\wdc.dll
2009-09-10 03:28:17 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-10 03:28:17 ----A---- C:\Windows\system32\msiexec.exe
2009-09-10 03:28:17 ----A---- C:\Windows\system32\imapi.dll
2009-09-10 03:28:16 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-10 03:28:15 ----A---- C:\Windows\system32\rasmans.dll
2009-09-10 03:28:15 ----A---- C:\Windows\system32\iassdo.dll
2009-09-10 03:28:14 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-10 03:28:14 ----A---- C:\Windows\system32\pnidui.dll
2009-09-10 03:28:14 ----A---- C:\Windows\system32\icardres.dll
2009-09-10 03:28:13 ----A---- C:\Windows\system32\autofmt.exe
2009-09-10 03:28:12 ----A---- C:\Windows\system32\wersvc.dll
2009-09-10 03:28:12 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-10 03:28:12 ----A---- C:\Windows\system32\scrrun.dll
2009-09-10 03:28:12 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-10 03:28:11 ----A---- C:\Windows\system32\pdh.dll
2009-09-10 03:28:11 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-10 03:28:11 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-10 03:28:11 ----A---- C:\Windows\system32\azroles.dll
2009-09-10 03:28:10 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-10 03:28:09 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-10 03:28:09 ----A---- C:\Windows\system32\winlogon.exe
2009-09-10 03:28:08 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-10 03:28:07 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-10 03:28:07 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-10 03:28:06 ----A---- C:\Windows\system32\comuid.dll
2009-09-10 03:28:06 ----A---- C:\Windows\system32\certmgr.dll
2009-09-10 03:28:05 ----A---- C:\Windows\system32\sethc.exe
2009-09-10 03:28:05 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-10 03:28:05 ----A---- C:\Windows\system32\kd1394.dll
2009-09-10 03:28:04 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-10 03:28:04 ----A---- C:\Windows\system32\untfs.dll
2009-09-10 03:28:04 ----A---- C:\Windows\system32\spp.dll
2009-09-10 03:28:04 ----A---- C:\Windows\system32\scrobj.dll
2009-09-10 03:28:04 ----A---- C:\Windows\system32\rtutils.dll
2009-09-10 03:28:04 ----A---- C:\Windows\system32\iassam.dll
2009-09-10 03:28:03 ----A---- C:\Windows\system32\wisptis.exe
2009-09-10 03:28:03 ----A---- C:\Windows\system32\dwm.exe
2009-09-10 03:28:02 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-10 03:28:02 ----A---- C:\Windows\system32\autochk.exe
2009-09-10 03:28:01 ----A---- C:\Windows\system32\printui.dll
2009-09-10 03:28:01 ----A---- C:\Windows\system32\iasnap.dll
2009-09-10 03:28:00 ----A---- C:\Windows\system32\autoconv.exe
2009-09-10 03:27:59 ----A---- C:\Windows\system32\winsrv.dll
2009-09-10 03:27:58 ----A---- C:\Windows\system32\kdcom.dll
2009-09-10 03:27:58 ----A---- C:\Windows\system32\cscript.exe
2009-09-10 03:27:58 ----A---- C:\Windows\system32\basecsp.dll
2009-09-10 03:27:57 ----A---- C:\Windows\system32\userenv.dll
2009-09-10 03:27:57 ----A---- C:\Windows\system32\onex.dll
2009-09-10 03:27:57 ----A---- C:\Windows\system32\audiodg.exe
2009-09-10 03:27:56 ----A---- C:\Windows\system32\wow32.dll
2009-09-10 03:27:56 ----A---- C:\Windows\system32\osk.exe
2009-09-10 03:27:56 ----A---- C:\Windows\system32\mswsock.dll
2009-09-10 03:27:53 ----A---- C:\Windows\system32\winmm.dll
2009-09-10 03:27:53 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-10 03:27:53 ----A---- C:\Windows\system32\RelMon.dll
2009-09-10 03:27:53 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-10 03:27:53 ----A---- C:\Windows\system32\kdusb.dll
2009-09-10 03:27:52 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-10 03:27:52 ----A---- C:\Windows\system32\msftedit.dll
2009-09-10 03:27:51 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-10 03:27:51 ----A---- C:\Windows\system32\offfilt.dll
2009-09-10 03:27:51 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-10 03:27:49 ----A---- C:\Windows\system32\WerFault.exe
2009-09-10 03:27:49 ----A---- C:\Windows\system32\Utilman.exe
2009-09-10 03:27:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-10 03:27:49 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-10 03:27:48 ----A---- C:\Windows\system32\wsepno.dll
2009-09-10 03:27:48 ----A---- C:\Windows\system32\stobject.dll
2009-09-10 03:27:48 ----A---- C:\Windows\system32\mfplat.dll
2009-09-10 03:27:48 ----A---- C:\Windows\system32\diskraid.exe
2009-09-10 03:27:48 ----A---- C:\Windows\system32\apphelp.dll
2009-09-10 03:27:47 ----A---- C:\Windows\system32\SndVol.exe
2009-09-10 03:27:47 ----A---- C:\Windows\system32\mcmde.dll
2009-09-10 03:27:46 ----A---- C:\Windows\system32\sysclass.dll
2009-09-10 03:27:46 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-10 03:27:46 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-10 03:27:46 ----A---- C:\Windows\system32\mscms.dll
2009-09-10 03:27:46 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-10 03:27:45 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-10 03:27:45 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-10 03:27:44 ----A---- C:\Windows\system32\wscript.exe
2009-09-10 03:27:44 ----A---- C:\Windows\system32\ulib.dll
2009-09-10 03:27:44 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-10 03:27:43 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-10 03:27:43 ----A---- C:\Windows\system32\dsound.dll
2009-09-10 03:27:43 ----A---- C:\Windows\system32\cryptui.dll
2009-09-10 03:27:42 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-10 03:27:42 ----A---- C:\Windows\system32\rastapi.dll
2009-09-10 03:27:41 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-10 03:27:41 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-10 03:27:41 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-10 03:27:40 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-10 03:27:40 ----A---- C:\Windows\system32\rastls.dll
2009-09-10 03:27:40 ----A---- C:\Windows\system32\gpapi.dll
2009-09-10 03:27:40 ----A---- C:\Windows\system32\diskpart.exe
2009-09-10 03:27:40 ----A---- C:\Windows\system32\brcpl.dll
2009-09-10 03:27:39 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-10 03:27:39 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-10 03:27:39 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-10 03:27:39 ----A---- C:\Windows\system32\logman.exe
2009-09-10 03:27:39 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-10 03:27:38 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-10 03:27:38 ----A---- C:\Windows\system32\ntprint.dll
2009-09-10 03:27:37 ----A---- C:\Windows\system32\regsvc.dll
2009-09-10 03:27:36 ----A---- C:\Windows\system32\wusa.exe
2009-09-10 03:27:36 ----A---- C:\Windows\system32\mscorier.dll
2009-09-10 03:27:35 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-10 03:27:35 ----A---- C:\Windows\system32\iasrad.dll
2009-09-10 03:27:35 ----A---- C:\Windows\system32\findstr.exe
2009-09-10 03:27:34 ----A---- C:\Windows\system32\wshext.dll
2009-09-10 03:27:34 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-10 03:27:33 ----A---- C:\Windows\system32\netcenter.dll
2009-09-10 03:27:32 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-10 03:27:31 ----A---- C:\Windows\system32\wer.dll
2009-09-10 03:27:31 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-10 03:27:30 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-10 03:27:30 ----A---- C:\Windows\system32\themecpl.dll
2009-09-10 03:27:28 ----A---- C:\Windows\system32\uxsms.dll
2009-09-10 03:27:27 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-10 03:27:27 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-10 03:27:27 ----A---- C:\Windows\system32\scansetting.dll
2009-09-10 03:27:27 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-10 03:27:27 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-10 03:27:26 ----A---- C:\Windows\system32\slcc.dll
2009-09-10 03:27:26 ----A---- C:\Windows\system32\msutb.dll
2009-09-10 03:27:26 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-10 03:27:26 ----A---- C:\Windows\system32\iasads.dll
2009-09-10 03:27:25 ----A---- C:\Windows\system32\powrprof.dll
2009-09-10 03:27:25 ----A---- C:\Windows\system32\mstsc.exe
2009-09-10 03:27:25 ----A---- C:\Windows\system32\iasacct.dll
2009-09-10 03:27:24 ----A---- C:\Windows\system32\powercpl.dll
2009-09-10 03:27:24 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-10 03:27:24 ----A---- C:\Windows\system32\networkmap.dll
2009-09-10 03:27:23 ----A---- C:\Windows\system32\authz.dll
2009-09-10 03:27:22 ----A---- C:\Windows\system32\sud.dll
2009-09-10 03:27:22 ----A---- C:\Windows\system32\newdev.exe
2009-09-10 03:27:22 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-10 03:27:22 ----A---- C:\Windows\system32\connect.dll
2009-09-10 03:27:21 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-10 03:27:21 ----A---- C:\Windows\system32\pcaui.dll
2009-09-10 03:27:20 ----A---- C:\Windows\system32\themeui.dll
2009-09-10 03:27:20 ----A---- C:\Windows\system32\samlib.dll
2009-09-10 03:27:20 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-10 03:27:19 ----A---- C:\Windows\system32\usercpl.dll
2009-09-10 03:27:19 ----A---- C:\Windows\system32\mmci.dll
2009-09-10 03:27:19 ----A---- C:\Windows\system32\autoplay.dll
2009-09-10 03:27:18 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-10 03:27:18 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-10 03:27:18 ----A---- C:\Windows\system32\qdvd.dll
2009-09-10 03:27:17 ----A---- C:\Windows\system32\wpcao.dll
2009-09-10 03:27:17 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-10 03:27:17 ----A---- C:\Windows\system32\regapi.dll
2009-09-10 03:27:17 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-10 03:27:16 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-10 03:27:16 ----A---- C:\Windows\system32\scksp.dll
2009-09-10 03:27:16 ----A---- C:\Windows\system32\feclient.dll
2009-09-10 03:27:15 ----A---- C:\Windows\system32\scesrv.dll
2009-09-10 03:27:15 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-10 03:27:15 ----A---- C:\Windows\system32\mpr.dll
2009-09-10 03:27:14 ----A---- C:\Windows\system32\oleprn.dll
2009-09-10 03:27:14 ----A---- C:\Windows\system32\imm32.dll
2009-09-10 03:27:14 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-10 03:27:13 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-10 03:27:13 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-10 03:27:13 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-10 03:27:13 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-10 03:27:13 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-10 03:27:12 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-10 03:27:11 ----A---- C:\Windows\system32\sdclt.exe
2009-09-10 03:27:11 ----A---- C:\Windows\system32\qedit.dll
2009-09-10 03:27:11 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-10 03:27:11 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-10 03:27:11 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-10 03:27:10 ----A---- C:\Windows\system32\scecli.dll
2009-09-10 03:27:10 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-10 03:27:10 ----A---- C:\Windows\system32\pnpui.dll
2009-09-10 03:27:10 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-10 03:27:10 ----A---- C:\Windows\system32\certreq.exe
2009-09-10 03:27:09 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-09-10 03:27:09 ----A---- C:\Windows\system32\rasplap.dll
2009-09-10 03:27:09 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-10 03:27:08 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-10 03:27:08 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-10 03:27:07 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-10 03:27:07 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-10 03:27:07 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-10 03:27:07 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-10 03:27:07 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-10 03:27:06 ----A---- C:\Windows\system32\whealogr.dll
2009-09-10 03:27:05 ----A---- C:\Windows\system32\srcore.dll
2009-09-10 03:27:05 ----A---- C:\Windows\system32\conime.exe
2009-09-10 03:27:05 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-10 03:27:04 ----A---- C:\Windows\system32\SnippingTool.exe
2009-09-10 03:27:04 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-10 03:27:04 ----A---- C:\Windows\system32\raschap.dll
2009-09-10 03:27:03 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-10 03:27:03 ----A---- C:\Windows\system32\fontext.dll
2009-09-10 03:27:02 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-10 03:27:01 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-10 03:27:01 ----A---- C:\Windows\system32\wlanui.dll
2009-09-10 03:27:01 ----A---- C:\Windows\system32\rasppp.dll
2009-09-10 03:27:01 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-10 03:27:01 ----A---- C:\Windows\system32\dsprop.dll
2009-09-10 03:27:00 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-10 03:27:00 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-10 03:26:59 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-10 03:26:58 ----A---- C:\Windows\system32\shsetup.dll
2009-09-10 03:26:58 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-10 03:26:58 ----A---- C:\Windows\system32\mscandui.dll
2009-09-10 03:26:58 ----A---- C:\Windows\system32\modemui.dll
2009-09-10 03:26:57 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-10 03:26:56 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-10 03:26:56 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-10 03:26:56 ----A---- C:\Windows\system32\dataclen.dll
2009-09-10 03:26:55 ----A---- C:\Windows\system32\smss.exe
2009-09-10 03:26:55 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-10 03:26:55 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-10 03:26:55 ----A---- C:\Windows\system32\credui.dll
2009-09-10 03:26:55 ----A---- C:\Windows\system32\blackbox.dll
2009-09-10 03:26:54 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-10 03:26:54 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-10 03:26:54 ----A---- C:\Windows\system32\certprop.dll
2009-09-10 03:26:53 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-10 03:26:53 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-10 03:26:53 ----A---- C:\Windows\system32\ifmon.dll
2009-09-10 03:26:52 ----A---- C:\Windows\system32\wscapi.dll
2009-09-10 03:26:52 ----A---- C:\Windows\system32\msscp.dll
2009-09-10 03:26:52 ----A---- C:\Windows\system32\msimtf.dll
2009-09-10 03:26:52 ----A---- C:\Windows\system32\logagent.exe
2009-09-10 03:26:52 ----A---- C:\Windows\system32\InkEd.dll
2009-09-10 03:26:52 ----A---- C:\Windows\system32\gpresult.exe
2009-09-10 03:26:52 ----A---- C:\Windows\system32\cipher.exe
2009-09-10 03:26:50 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-10 03:26:50 ----A---- C:\Windows\system32\softkbd.dll
2009-09-10 03:26:50 ----A---- C:\Windows\system32\sendmail.dll
2009-09-10 03:26:49 ----A---- C:\Windows\system32\msctfui.dll
2009-09-10 03:26:49 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-10 03:26:48 ----A---- C:\Windows\system32\olepro32.dll
2009-09-10 03:26:47 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-10 03:26:47 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-10 03:26:46 ----A---- C:\Windows\system32\version.dll
2009-09-10 03:26:46 ----A---- C:\Windows\system32\puiapi.dll
2009-09-10 03:26:46 ----A---- C:\Windows\system32\input.dll
2009-09-10 03:26:46 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-10 03:26:46 ----A---- C:\Windows\system32\cdd.dll
2009-09-10 03:26:45 ----A---- C:\Windows\system32\wshbth.dll
2009-09-10 03:26:45 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-10 03:26:45 ----A---- C:\Windows\system32\msisip.dll
2009-09-10 03:26:45 ----A---- C:\Windows\system32\mprapi.dll
2009-09-10 03:26:44 ----A---- C:\Windows\system32\fc.exe
2009-09-10 03:26:43 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-10 03:26:43 ----A---- C:\Windows\system32\dmusic.dll
2009-09-10 03:26:42 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-10 03:26:42 ----A---- C:\Windows\system32\msjint40.dll
2009-09-10 03:26:42 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-10 03:26:42 ----A---- C:\Windows\system32\cscapi.dll
2009-09-10 03:26:41 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-10 03:26:41 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-10 03:26:41 ----A---- C:\Windows\system32\ftp.exe
2009-09-10 03:26:41 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-10 03:26:40 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-10 03:26:40 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-10 03:26:40 ----A---- C:\Windows\system32\cscdll.dll
2009-09-10 03:26:39 ----A---- C:\Windows\system32\Storprop.dll
2009-09-10 03:26:39 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-10 03:26:39 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-10 03:26:39 ----A---- C:\Windows\system32\bthci.dll
2009-09-10 03:26:38 ----A---- C:\Windows\system32\rasdial.exe
2009-09-10 03:26:38 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-10 03:26:38 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-10 03:26:38 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-10 03:26:38 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-10 03:26:37 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-10 03:26:37 ----A---- C:\Windows\system32\slcinst.dll
2009-09-10 03:26:37 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-10 03:26:37 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-10 03:26:36 ----A---- C:\Windows\system32\nslookup.exe
2009-09-10 03:26:36 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-10 03:26:35 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-10 03:26:35 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-10 03:26:35 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-10 03:26:35 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-10 03:26:35 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-10 03:26:34 ----A---- C:\Windows\system32\mmcico.dll
2009-09-10 03:26:33 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-10 03:26:32 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-10 03:26:31 ----A---- C:\Windows\system32\csrstub.exe
2009-09-10 03:26:31 ----A---- C:\Windows\system32\cbsra.exe
2009-09-10 03:26:30 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-10 03:26:30 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-10 03:26:29 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-10 03:26:27 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-10 03:26:27 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-10 03:26:26 ----A---- C:\Windows\system32\winrnr.dll
2009-09-10 03:26:26 ----A---- C:\Windows\system32\slwga.dll
2009-09-10 03:26:26 ----A---- C:\Windows\system32\inetppui.dll
2009-09-10 03:26:24 ----A---- C:\Windows\system32\midimap.dll
2009-09-10 03:26:16 ----A---- C:\Windows\system32\msimsg.dll
2009-09-10 03:26:16 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-10 03:25:33 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-10 03:25:28 ----A---- C:\Windows\system32\wdscore.dll
2009-09-10 03:25:27 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-10 03:25:13 ----A---- C:\Windows\system32\drvstore.dll
2009-09-09 18:34:22 ----D---- C:\ProgramData\Yahoo!
2009-09-09 15:31:40 ----D---- C:\Program Files\Adobe
2009-09-09 15:20:32 ----D---- C:\Program Files\lx_Cats
2009-09-09 13:57:31 ----D---- C:\logs
2009-09-09 13:45:02 ----D---- C:\drivers
2009-09-09 10:37:03 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 10:36:55 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 10:36:52 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 10:36:52 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 10:36:51 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 10:36:50 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 10:36:50 ----A---- C:\Windows\system32\finger.exe
2009-09-09 10:36:49 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 10:36:49 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 10:36:46 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 10:35:57 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 10:35:57 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 10:35:57 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 10:35:57 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-09 10:35:57 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 10:35:55 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 10:35:52 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 10:35:51 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-09 10:35:51 ----A---- C:\Windows\system32\mfps.dll
2009-09-09 10:35:51 ----A---- C:\Windows\system32\mf.dll
2009-09-09 10:35:50 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-09 10:35:48 ----A---- C:\Windows\system32\mferror.dll
2009-09-06 17:18:52 ----A---- C:\Windows\system32\tzres.dll
2009-09-06 17:02:03 ----A---- C:\Windows\system32\occache.dll
2009-09-06 17:02:01 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-06 17:02:00 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-06 17:02:00 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-06 17:02:00 ----A---- C:\Windows\system32\ieui.dll
2009-09-06 17:02:00 ----A---- C:\Windows\system32\iesetup.dll
2009-09-06 17:02:00 ----A---- C:\Windows\system32\iepeers.dll
2009-09-06 17:01:58 ----A---- C:\Windows\system32\wininet.dll
2009-09-06 17:01:58 ----A---- C:\Windows\system32\iernonce.dll
2009-09-06 17:01:57 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-06 17:01:57 ----A---- C:\Windows\system32\iertutil.dll
2009-09-06 17:01:57 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-06 17:01:56 ----A---- C:\Windows\system32\urlmon.dll
2009-09-06 17:01:56 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-06 17:01:56 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-06 17:01:56 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-06 17:01:54 ----A---- C:\Windows\system32\ieframe.dll
2009-09-06 17:01:53 ----A---- C:\Windows\system32\mshtml.dll
2009-09-06 17:00:16 ----A---- C:\Windows\system32\mshtmler.dll
2009-09-06 17:00:16 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-06 17:00:16 ----A---- C:\Windows\system32\icardie.dll
2009-09-06 17:00:16 ----A---- C:\Windows\system32\admparse.dll
2009-09-06 17:00:15 ----A---- C:\Windows\system32\msls31.dll
2009-09-06 17:00:15 ----A---- C:\Windows\system32\corpol.dll
2009-09-06 17:00:14 ----A---- C:\Windows\system32\ieakeng.dll
2009-09-06 17:00:13 ----A---- C:\Windows\system32\licmgr10.dll
2009-09-06 17:00:13 ----A---- C:\Windows\system32\inseng.dll
2009-09-06 17:00:13 ----A---- C:\Windows\system32\imgutil.dll
2009-09-06 17:00:13 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-06 17:00:13 ----A---- C:\Windows\system32\dxtrans.dll
2009-09-06 17:00:13 ----A---- C:\Windows\system32\dxtmsft.dll
2009-09-06 17:00:12 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-09-06 17:00:12 ----A---- C:\Windows\system32\wextract.exe
2009-09-06 17:00:12 ----A---- C:\Windows\system32\webcheck.dll
2009-09-06 17:00:12 ----A---- C:\Windows\system32\mstime.dll
2009-09-06 17:00:12 ----A---- C:\Windows\system32\msrating.dll
2009-09-06 17:00:12 ----A---- C:\Windows\system32\ieakui.dll
2009-09-06 17:00:11 ----A---- C:\Windows\system32\advpack.dll
2009-09-06 17:00:10 ----A---- C:\Windows\system32\pngfilt.dll
2009-09-06 17:00:09 ----A---- C:\Windows\system32\vbscript.dll
2009-09-06 17:00:09 ----A---- C:\Windows\system32\url.dll
2009-09-06 17:00:09 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-06 17:00:05 ----A---- C:\Windows\system32\mshta.exe
2009-09-06 17:00:05 ----A---- C:\Windows\system32\iexpress.exe
2009-09-06 17:00:04 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-09-06 17:00:04 ----A---- C:\Windows\system32\SetDepNx.exe
2009-09-06 17:00:04 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-09-06 17:00:04 ----A---- C:\Windows\system32\PDMSetup.exe
2009-09-06 15:22:18 ----A---- C:\Windows\AFirst.cmd
2009-09-06 15:22:17 ----A---- C:\Windows\eRy.exe
2009-09-06 15:22:12 ----A---- C:\Windows\SETPANEL.INI
2009-09-06 15:22:11 ----A---- C:\Windows\system32\$Acer$.cmd
2009-09-06 15:22:11 ----A---- C:\Windows\devcon.exe
2009-09-06 15:22:11 ----A---- C:\Windows\CLEANUP.INI
2009-09-06 15:22:11 ----A---- C:\Windows\CLEANUP.CMD
2009-09-06 14:34:15 ----D---- C:\Windows\system32\Lang
2009-09-06 14:34:15 ----A---- C:\Windows\system32\igxpun.exe
2009-09-06 14:34:15 ----A---- C:\Windows\system32\difxapi.dll
2009-09-06 14:32:58 ----D---- C:\Windows\SoftwareDistribution
2009-09-06 14:31:39 ----A---- C:\Windows\system32\netfxperf.dll
2009-09-06 14:25:08 ----D---- C:\Program Files\MSXML 4.0
2009-09-06 13:59:37 ----A---- C:\Windows\system32\atmfd.dll
2009-09-06 13:59:35 ----A---- C:\Windows\system32\t2embed.dll
2009-09-06 13:59:35 ----A---- C:\Windows\system32\lpk.dll
2009-09-06 13:59:35 ----A---- C:\Windows\system32\fontsub.dll
2009-09-06 13:59:35 ----A---- C:\Windows\system32\atmlib.dll
2009-09-06 13:59:34 ----A---- C:\Windows\system32\dciman32.dll
2009-09-06 13:58:11 ----A---- C:\Windows\system32\mstscax.dll
2009-09-06 13:58:10 ----A---- C:\Windows\system32\tsgqec.dll
2009-09-06 13:58:10 ----A---- C:\Windows\system32\aaclient.dll
2009-09-06 13:56:31 ----A---- C:\Windows\system32\lsasrv.dll
2009-09-06 13:56:30 ----A---- C:\Windows\system32\kerberos.dll
2009-09-06 13:56:29 ----A---- C:\Windows\system32\wdigest.dll
2009-09-06 13:56:29 ----A---- C:\Windows\system32\schannel.dll
2009-09-06 13:56:29 ----A---- C:\Windows\system32\msv1_0.dll
2009-09-06 13:56:26 ----A---- C:\Windows\system32\secur32.dll
2009-09-06 13:56:25 ----A---- C:\Windows\system32\lsass.exe
2009-09-06 13:54:33 ----A---- C:\Windows\system32\kbd106n.dll
2009-09-06 13:53:26 ----A---- C:\Windows\system32\avifil32.dll
2009-09-06 13:53:12 ----A---- C:\Windows\system32\atl.dll
2009-09-06 13:49:44 ----A---- C:\Windows\system32\wkssvc.dll
2009-09-06 13:48:15 ----A---- C:\Windows\system32\localspl.dll
2009-09-06 13:34:31 ----A---- C:\Windows\system32\gameux.dll
2009-09-06 13:34:30 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-06 13:34:25 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-06 13:23:53 ----A---- C:\Windows\system32\wmp.dll
2009-09-06 13:23:49 ----A---- C:\Windows\system32\wmpdxm.dll
2009-09-06 13:23:45 ----A---- C:\Windows\system32\spwmp.dll
2009-09-06 13:23:44 ----A---- C:\Windows\system32\dxmasf.dll
2009-09-06 13:23:41 ----A---- C:\Windows\system32\wmploc.DLL
2009-09-06 13:19:20 ----A---- C:\Windows\system32\rpcrt4.dll
2009-09-06 12:58:18 ----A---- C:\Windows\system32\wups2.dll
2009-09-06 12:58:18 ----A---- C:\Windows\system32\wuauclt.exe
2009-09-06 12:58:17 ----A---- C:\Windows\system32\wucltux.dll
2009-09-06 12:58:17 ----A---- C:\Windows\system32\wuaueng.dll
2009-09-06 12:58:08 ----D---- C:\Users\Pat\AppData\Roaming\Adobe
2009-09-06 12:57:55 ----A---- C:\Windows\system32\wups.dll
2009-09-06 12:57:55 ----A---- C:\Windows\system32\wudriver.dll
2009-09-06 12:57:55 ----A---- C:\Windows\system32\wuapi.dll
2009-09-06 12:57:45 ----A---- C:\Windows\system32\wuwebv.dll
2009-09-06 12:57:45 ----A---- C:\Windows\system32\wuapp.exe
2009-09-06 12:54:27 ----D---- C:\Program Files\Vic512WA
2009-09-06 12:53:41 ----D---- C:\Users\Pat\AppData\Roaming\Leadertech
2009-09-06 12:53:41 ----D---- C:\Users\Pat\AppData\Roaming\Acer
2009-09-06 12:49:45 ----A---- C:\Windows\system32\Remove_eRecovery.exe
2009-09-06 12:49:44 ----A---- C:\Windows\system32\LauncheRyAgentUser.exe
2009-09-06 12:49:44 ----A---- C:\Windows\system32\ClearEvent.exe
2009-09-06 12:49:44 ----A---- C:\Windows\system32\CheckD2DSystem.exe
2009-09-06 12:49:44 ----A---- C:\Windows\system32\Acer EULA.txt
2009-09-06 12:49:16 ----D---- C:\Program Files\Acer
2009-09-06 12:48:19 ----D---- C:\Program Files\Launch Manager
2009-09-06 12:48:04 ----N---- C:\junction.exe
2009-09-06 12:47:18 ----A---- C:\Windows\system32\gdiplus.dll
2009-09-06 12:45:45 ----N---- C:\Windows\system32\agrsmdel.exe
2009-09-06 12:45:04 ----D---- C:\Windows\Options
2009-09-06 12:44:03 ----SHD---- C:\$RECYCLE.BIN
2009-09-06 12:43:40 ----D---- C:\Users\Pat\AppData\Roaming\Identities
2009-09-06 12:43:12 ----A---- C:\Windows\system32\acer.exe
2009-09-06 12:43:11 ----D---- C:\Users\Pat\AppData\Roaming\Macromedia
2009-09-06 12:43:03 ----D---- C:\Program Files\Acer Inc
2009-09-06 12:43:01 ----D---- C:\Windows\ACER
2009-09-06 12:41:53 ----SD---- C:\Users\Pat\AppData\Roaming\Microsoft
2009-09-06 12:41:53 ----D---- C:\Users\Pat\AppData\Roaming\Media Center Programs
2009-09-06 12:41:53 ----D---- C:\Users\Pat\AppData\Roaming\Acer GameZone Console

======List of files/folders modified in the last 1 months======

2009-09-16 10:22:16 ----D---- C:\Windows\Temp
2009-09-16 10:22:09 ----RD---- C:\Program Files
2009-09-16 00:11:44 ----D---- C:\Windows
2009-09-16 00:08:43 ----SHD---- C:\Windows\Installer
2009-09-16 00:08:11 ----AD---- C:\Windows\System32
2009-09-16 00:07:33 ----SHD---- C:\System Volume Information
2009-09-16 00:01:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-16 00:01:44 ----D---- C:\Windows\inf
2009-09-15 23:31:19 ----D---- C:\ProgramData\McAfee
2009-09-15 23:31:17 ----D---- C:\Program Files\Common Files
2009-09-15 20:40:28 ----D---- C:\Windows\system32\drivers
2009-09-15 19:54:10 ----SD---- C:\ProgramData\Microsoft
2009-09-15 19:44:15 ----HD---- C:\ProgramData
2009-09-15 19:28:15 ----D---- C:\ProgramData\Microsoft Help
2009-09-15 19:28:14 ----RSD---- C:\Windows\assembly
2009-09-15 19:28:07 ----D---- C:\Program Files\Microsoft Office
2009-09-15 19:28:07 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-15 19:28:03 ----D---- C:\Program Files\Microsoft Works
2009-09-15 19:27:43 ----RSD---- C:\Windows\Fonts
2009-09-15 19:26:37 ----D---- C:\Windows\ShellNew
2009-09-15 19:24:17 ----D---- C:\Program Files\Acer GameZone
2009-09-14 22:22:59 ----D---- C:\Windows\system32\NDF
2009-09-13 19:54:54 ----D---- C:\Windows\rescache
2009-09-13 19:50:14 ----D---- C:\Windows\Microsoft.NET
2009-09-13 19:41:10 ----SHD---- C:\Boot
2009-09-13 19:41:02 ----D---- C:\Windows\system32\catroot
2009-09-13 19:38:45 ----D---- C:\Windows\system32\catroot2
2009-09-13 19:35:00 ----D---- C:\Program Files\Windows Sidebar
2009-09-13 19:35:00 ----D---- C:\Program Files\Windows Mail
2009-09-13 19:35:00 ----D---- C:\Program Files\Windows Calendar
2009-09-13 19:35:00 ----D---- C:\Program Files\Movie Maker
2009-09-13 19:34:59 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-13 19:34:59 ----D---- C:\Program Files\Windows Media Player
2009-09-13 19:34:59 ----D---- C:\Program Files\Windows Journal
2009-09-13 19:34:59 ----D---- C:\Program Files\Windows Collaboration
2009-09-13 19:34:59 ----D---- C:\Program Files\Internet Explorer
2009-09-13 19:34:59 ----D---- C:\Program Files\Common Files\System
2009-09-13 19:34:56 ----D---- C:\Windows\servicing
2009-09-13 19:34:56 ----D---- C:\Windows\ehome
2009-09-13 19:34:56 ----D---- C:\Program Files\Windows Defender
2009-09-13 19:34:54 ----D---- C:\Windows\system32\XPSViewer
2009-09-13 19:34:54 ----D---- C:\Windows\system32\lv-LV
2009-09-13 19:34:54 ----D---- C:\Windows\system32\da-DK
2009-09-13 19:34:54 ----D---- C:\Windows\IME
2009-09-13 19:34:53 ----D---- C:\Windows\system32\sk-SK
2009-09-13 19:34:53 ----D---- C:\Windows\system32\ko-KR
2009-09-13 19:34:53 ----D---- C:\Windows\system32\hr-HR
2009-09-13 19:34:53 ----D---- C:\Windows\system32\et-EE
2009-09-13 19:34:52 ----D---- C:\Windows\system32\en-US
2009-09-13 19:34:51 ----D---- C:\Windows\system32\migration
2009-09-13 19:34:51 ----D---- C:\Windows\system32\it-IT
2009-09-13 19:34:51 ----D---- C:\Windows\system32\el-GR
2009-09-13 19:34:51 ----D---- C:\Windows\system32\de-DE
2009-09-13 19:34:51 ----AD---- C:\Windows\system32\oobe
2009-09-13 19:34:50 ----D---- C:\Windows\system32\sv-SE
2009-09-13 19:34:50 ----D---- C:\Windows\system32\SLUI
2009-09-13 19:34:50 ----D---- C:\Windows\system32\setup
2009-09-13 19:34:50 ----D---- C:\Windows\system32\ru-RU
2009-09-13 19:34:50 ----D---- C:\Windows\system32\pt-PT
2009-09-13 19:34:50 ----D---- C:\Windows\system32\hu-HU
2009-09-13 19:34:50 ----D---- C:\Windows\system32\he-IL
2009-09-13 19:34:50 ----D---- C:\Windows\system32\fr-FR
2009-09-13 19:34:50 ----D---- C:\Windows\system32\fi-FI
2009-09-13 19:34:50 ----D---- C:\Windows\system32\cs-CZ
2009-09-13 19:34:50 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-13 19:34:49 ----D---- C:\Windows\system32\zh-CN
2009-09-13 19:34:49 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-13 19:34:49 ----D---- C:\Windows\system32\manifeststore
2009-09-13 19:34:49 ----D---- C:\Windows\system32\en
2009-09-13 19:34:48 ----D---- C:\Windows\system32\zh-TW
2009-09-13 19:34:48 ----D---- C:\Windows\system32\uk-UA
2009-09-13 19:34:48 ----D---- C:\Windows\system32\th-TH
2009-09-13 19:34:48 ----D---- C:\Windows\system32\sl-SI
2009-09-13 19:34:48 ----D---- C:\Windows\system32\ro-RO
2009-09-13 19:34:48 ----D---- C:\Windows\system32\pl-PL
2009-09-13 19:34:48 ----D---- C:\Windows\system32\ja-JP
2009-09-13 19:34:48 ----D---- C:\Windows\system32\es-ES
2009-09-13 19:34:48 ----D---- C:\Windows\system32\bg-BG
2009-09-13 19:34:47 ----D---- C:\Windows\system32\tr-TR
2009-09-13 19:34:46 ----D---- C:\Windows\system32\wbem
2009-09-13 19:34:46 ----D---- C:\Windows\system32\nl-NL
2009-09-13 19:34:46 ----D---- C:\Windows\system32\nb-NO
2009-09-13 19:34:46 ----D---- C:\Windows\system32\lt-LT
2009-09-13 19:34:46 ----D---- C:\Windows\system32\ar-SA
2009-09-13 19:34:45 ----D---- C:\Windows\system32\pt-BR
2009-09-13 19:34:45 ----D---- C:\Windows\system32\migwiz
2009-09-13 19:34:28 ----D---- C:\Windows\AppPatch
2009-09-13 19:34:21 ----D---- C:\Windows\system32\Boot
2009-09-13 19:33:03 ----D---- C:\Windows\system32\RTCOM
2009-09-13 19:29:56 ----D---- C:\Windows\winsxs
2009-09-13 18:47:36 ----D---- C:\Windows\system32\WDI
2009-09-13 18:16:48 ----D---- C:\Windows\Tasks
2009-09-10 03:35:49 ----SD---- C:\Windows\Downloaded Program Files
2009-09-10 03:35:38 ----D---- C:\ProgramData\SiteAdvisor
2009-09-09 18:34:22 ----D---- C:\Program Files\Yahoo!
2009-09-09 15:31:55 ----D---- C:\Program Files\Common Files\Adobe
2009-09-09 15:31:50 ----D---- C:\ProgramData\Adobe
2009-09-07 09:58:37 ----D---- C:\Windows\Prefetch
2009-09-06 18:37:19 ----D---- C:\Windows\system32\Tasks
2009-09-06 18:27:42 ----D---- C:\Windows\PolicyDefinitions
2009-09-06 15:22:19 ----AD---- C:\Windows\system32\OEM
2009-09-06 14:34:44 ----D---- C:\Windows\Panther
2009-09-06 14:25:46 ----D---- C:\Windows\Debug
2009-09-06 13:19:36 ----D---- C:\Intel
2009-09-06 13:06:06 ----D---- C:\Windows\Logs
2009-09-06 12:54:40 ----A---- C:\Windows\Alaunch.ini
2009-09-06 12:53:30 ----D---- C:\ProgramData\CyberLink
2009-09-06 12:53:10 ----D---- C:\Acer
2009-09-06 12:48:07 ----D---- C:\Program Files\Acer Arcade Deluxe
2009-09-06 12:47:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-06 12:42:39 ----D---- C:\Windows\system32\restore
2009-09-06 12:41:52 ----RD---- C:\Users
2009-08-28 16:38:20 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-02-16 293528]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-26 1044984]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-12-23 2476032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-30 1780576]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-14 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-11-29 192816]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 aswUpdSv;avast! iAVS4 Control Service; D:\Program Files\Avast\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Avast\ashServ.exe [2009-08-17 138680]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 lxdc_device;lxdc_device; C:\Windows\system32\lxdccoms.exe [2007-05-25 537520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-12-04 266343]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Avast\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Avast\ashWebSv.exe [2009-08-17 352920]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-09-16 10:22:39

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\SetXX.exe" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade Deluxe-->C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\Setup.exe -uninstall
Acer Assist-->C:\Program Files\Acer\Acer Assist\uninstall.exe
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration-->C:\Program Files\Acer\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Agere Systems HDA Modem-->agrsmdel
avast! Antivirus-->D:\Program Files\Avast\aswRunDll.exe "D:\Program Files\Avast\Setup\setiface.dll",RunSetup
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{FC57FC53-104C-415C-98D7-B05E659461A9}
CCleaner (remove only)-->"d:\Program Files\CCleaner\uninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
Malwarebytes' Anti-Malware-->"d:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.5.3)-->D:\Program Files\Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
Orion-->MsiExec.exe /X{0BF78E88-A7C9-4406-89CF-0BA473BA7821}
PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Winbond CIR Drivers-->MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
Yahoo! Messenger-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm-->D:\Program Files\ZoneAlarm\zauninst.exe

======Security center information======

FW: ZoneAlarm Firewall
AS: ZoneAlarm Anti-Spyware (outdated)
AS: Windows Defender

======System event log======

Computer Name: WINACER-6TIUCTN
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 2527
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090906193147.000000-000
Event Type: Warning
User:

Computer Name: WINACER-6TIUCTN
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 2526
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090906193137.465019-000
Event Type: Error
User:

Computer Name: WINACER-6TIUCTN
Event Code: 263
Message: The service 'ShellHWDetection' may not have unregistered for device event notifications before it was stopped.
Record Number: 2524
Source Name: PlugPlayManager
Time Written: 20090906193137.000000-000
Event Type: Warning
User:

Computer Name: WINACER-6TIUCTN
Event Code: 4
Message: Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 2522
Source Name: b57nd60x
Time Written: 20090906192922.212152-000
Event Type: Warning
User:

Computer Name: WINACER-6TIUCTN
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 2512
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20080314161355.743600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Pat-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4149855088-850829161-2549524088-1000:
Process 592 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-4149855088-850829161-2549524088-1000

Record Number: 569
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090906175119.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Pat-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d34bee4a-25fd-4c03-82bf-a53ae0826c6e}
Record Number: 550
Source Name: VSS
Time Written: 20090906174240.000000-000
Event Type: Error
User:

Computer Name: Pat-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 531
Source Name: Microsoft-Windows-WMI
Time Written: 20090906173745.000000-000
Event Type: Error
User:

Computer Name: Pat-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 526
Source Name: Microsoft-Windows-Search
Time Written: 20090906173738.000000-000
Event Type: Warning
User:

Computer Name: WINACER-6TIUCTN
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 507
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090906193340.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: WINACER-6TIUCTN
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-1985202684-3160021606-2440277515-500
Account Name: Administrator
Account Domain: WINACER-6TIUCTN
Logon ID: 0x3385f

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 331
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080314161410.002000-000
Event Type: Audit Success
User:

Computer Name: WINACER-6TIUCTN
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1caa1

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 330
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080314161352.701600-000
Event Type: Audit Success
User:

Computer Name: WINACER-6TIUCTN
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4d8
Name: C:\Windows\System32\svchost.exe

Previous Time: 9:13:51 AM 3/14/2008
New Time: 9:13:50 AM 3/14/2008

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 329
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080314161352.218000-000
Event Type: Audit Success
User:

Computer Name: WINACER-6TIUCTN
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 328
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080314161351.547200-000
Event Type: Audit Success
User:

Computer Name: WINACER-6TIUCTN
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1985202684-3160021606-2440277515-500
Account Name: Administrator
Domain Name: WINACER-6TIUCTN
Logon ID: 0x3385f
Record Number: 327
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080314161330.331766-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"tvdumpflags"=8

-----------------EOF-----------------

SpySentinel
Sep 16 2009, 08:16 PM
Hi,


Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Adobe Reader 8.1.3
Java™ 6 Update 14




Please download ATF Cleaner by Atribune.
This program is for Vista, XP, and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")






Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com/products/acrobat/readstep2.html





Also how is your computer running?
LostinPCLand
Sep 17 2009, 03:39 AM
OK I updated Java and Adobe Acrobat Reader. Actually in the past 24 hours I haven't been getting the hangs and having to reboot so maybe something got cleaned out in the preliminary cleaning process. I really appreciate your help.
SpySentinel
Sep 17 2009, 07:32 PM
Hi LostinPCLand,

You're welcome.



Your log looks clean, Great Job smile.gif

Now for some cleanup..
Please download OTC and save it to Desktop.
  • Please make sure you are connecting to the Internet
  • Double-click OTC.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

    • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    • Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

    • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    here are some additional utilities that will enhance your safety

    • McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software
    LostinPCLand
    Sep 17 2009, 10:45 PM
    OK done. Replacing the HOSTS file was a pain (doing just about anything in Vista is a pain). My IE settings were already what you recommended and all my programs were up to date guess I do a better job than I thought biggrin.gif . Hopefully it won't come back.
    SpySentinel
    Sep 18 2009, 02:16 PM
    Glad to hear everything is up and running. And nice job on already having those settings, you must be up-to-date on malware smile.gif


    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. smile.gif

    If you're the topic starter, and need this topic reopened, please contact Me or another Moderator with the address of the thread.

    Everyone else please begin a New Topic.
    This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
    Invision Power Board © 2001-2009 Invision Power Services, Inc.